diff --git a/modules/bincache/default.nix b/modules/bincache/default.nix
index a2f4cbb..bc290a7 100644
--- a/modules/bincache/default.nix
+++ b/modules/bincache/default.nix
@@ -14,8 +14,16 @@ with lib;
   };
 
   config = mkIf cfg.enable
-    {
-      sops.secrets.bin-cache-priv-key = {};
+  {
+    users.users.nix-serve = {
+      isSystemUser = true;
+    };
+      users.users.nix-serve.group = "nix-serve";
+      users.groups.nix-serve = {};
+
+      sops.secrets.bin-cache-priv-key = {
+        owner = "nix-serve";
+      };
 
       services.nix-serve = {
         enable = true;
diff --git a/modules/nix/default.nix b/modules/nix/default.nix
index d65f4df..ca1f3cc 100644
--- a/modules/nix/default.nix
+++ b/modules/nix/default.nix
@@ -13,7 +13,7 @@ with lib;
       nixpkgs.config.allowUnfree = true;
       nix = {
         autoOptimiseStore = true;
-        allowedUsers = [ "julien" "hydra" ];
+        allowedUsers = [ "julien" "hydra" "nix-serve" ];
         gc = {
           automatic = true;
           dates = "daily";
@@ -26,7 +26,7 @@ with lib;
           "nixpkgs=${inputs.nixpkgs}"
         ]; 
         binaryCaches = [
-          "https://bin.julienmalka.me"
+         # "https://bin.julienmalka.me"
           "https://cache.nixos.org/"
         ];
         binaryCachePublicKeys = [