diff --git a/hosts/by-name/servo/secrets.nix b/hosts/by-name/servo/secrets.nix
index a7de5f91..62142550 100644
--- a/hosts/by-name/servo/secrets.nix
+++ b/hosts/by-name/servo/secrets.nix
@@ -25,6 +25,7 @@
   };
   sops.secrets."mautrix_signal_env" = {
     sopsFile = ../../../secrets/servo/mautrix_signal_env.bin;
+    format = "binary";
   };
 
   sops.secrets."mediawiki_pw" = {
diff --git a/hosts/by-name/servo/services/matrix/default.nix b/hosts/by-name/servo/services/matrix/default.nix
index 54b2d33d..7d5e96d1 100644
--- a/hosts/by-name/servo/services/matrix/default.nix
+++ b/hosts/by-name/servo/services/matrix/default.nix
@@ -6,12 +6,10 @@
   imports = [
     ./discord-puppet.nix
     # ./irc.nix
-    ./signal.nix
+    # TODO(2023/03/10): disabled because it's not bridging and mautrix_signal is hogging CPU
+    # ./signal.nix
   ];
 
-  # allow synapse to read the registration files of its appservices
-  users.users.matrix-synapse.extraGroups = [ "mautrix-signal" ];
-
   sane.persist.sys.plaintext = [
     { user = "matrix-synapse"; group = "matrix-synapse"; directory = "/var/lib/matrix-synapse"; }
   ];
diff --git a/hosts/by-name/servo/services/matrix/signal.nix b/hosts/by-name/servo/services/matrix/signal.nix
index 201b8e09..70408570 100644
--- a/hosts/by-name/servo/services/matrix/signal.nix
+++ b/hosts/by-name/servo/services/matrix/signal.nix
@@ -7,6 +7,9 @@
     { user = "signald"; group = "signald"; directory = "/var/lib/signald"; }
   ];
 
+  # allow synapse to read the registration file
+  users.users.matrix-synapse.extraGroups = [ "mautrix-signal" ];
+
   services.signald.enable = true;
   services.mautrix-signal.enable = true;
   services.mautrix-signal.environmentFile =
@@ -27,7 +30,6 @@
   };
 
   sops.secrets."mautrix_signal_env" = {
-    format = "binary";
     mode = "0440";
     owner = config.users.users.mautrix-signal.name;
     group = config.users.users.matrix-synapse.name;