diff --git a/hosts/common/ids.nix b/hosts/common/ids.nix
index b319351e..7146e97e 100644
--- a/hosts/common/ids.nix
+++ b/hosts/common/ids.nix
@@ -23,6 +23,8 @@
   sane.ids.mediawiki.uid = 2402;
   sane.ids.signald.uid = 2403;
   sane.ids.signald.gid = 2403;
+  sane.ids.mautrix-signal.uid = 2404;
+  sane.ids.mautrix-signal.gid = 2404;
 
   sane.ids.colin.uid = 1000;
   sane.ids.guest.uid = 1100;
diff --git a/hosts/servo/services/matrix/signal.nix b/hosts/servo/services/matrix/signal.nix
index ada3c0d8..dd090b18 100644
--- a/hosts/servo/services/matrix/signal.nix
+++ b/hosts/servo/services/matrix/signal.nix
@@ -3,6 +3,7 @@
   services.signald.enable = true;
   services.mautrix-signal.enable = true;
 
+  services.mautrix-signal.settings.homeserver.domain = "uninsane.org";
   services.matrix-synapse.settings.app_service_config_files = [
     # auto-created by mautrix-signal service
     "/var/lib/mautrix-signal/signal-registration.yaml"
diff --git a/modules/services/mautrix-signal.nix b/modules/services/mautrix-signal.nix
index 743cefcd..ba37d7cb 100644
--- a/modules/services/mautrix-signal.nix
+++ b/modules/services/mautrix-signal.nix
@@ -23,6 +23,7 @@ in
           homeserver = {
             address = "http://localhost:8008";
             software = "standard";
+            # domain = "SETME";
           };
 
           appservice = rec {
@@ -45,16 +46,17 @@ in
           logging = {
             version = 1;
 
-            formatters.journal_fmt.format = "%(name)s: %(message)s";
-            handlers.journal = {
-              class = "systemd.journal.JournalHandler";
-              formatter = "journal_fmt";
-              SYSLOG_IDENTIFIER = "mautrix-signal";
+            formatters.precise.format = "[%(levelname)s@%(name)s] %(message)s";
+
+            handlers.console = {
+              class = "logging.StreamHandler";
+              formatter = "precise";
             };
-            # log to systemd instead of file/console
+
+            # log to console/systemd instead of file
             root = {
               level = "INFO";
-              handlers = ["journal"];
+              handlers = ["console"];
             };
           };
         };
@@ -92,6 +94,13 @@ in
   };
 
   config = mkIf cfg.enable {
+    users.groups.mautrix-signal = {};
+
+    users.users.mautrix-signal = {
+      group = "mautrix-signal";
+      isSystemUser = true;
+    };
+
     systemd.services.mautrix-signal = {
       description = "Mautrix-Signal, a Matrix-Signal puppeting bridge.";
 
@@ -100,6 +109,8 @@ in
       after = [ "network-online.target" ] ++ cfg.serviceDependencies;
       path = [ pkgs.ffmpeg ];  # voice messages need `ffmpeg`
 
+      # environment.HOME = dataDir;
+
       preStart = ''
         # generate the appservice's registration file if absent
         if [ ! -f '${registrationFile}' ]; then
@@ -115,20 +126,23 @@ in
         Type = "simple";
         Restart = "always";
 
+        User = "mautrix-signal";
+
         ProtectSystem = "strict";
         ProtectHome = true;
         ProtectKernelTunables = true;
         ProtectKernelModules = true;
         ProtectControlGroups = true;
 
-        DynamicUser = true;
         PrivateTmp = true;
-        StateDirectory = baseNameOf dataDir;
+        # WorkingDirectory = pkgs.mautrix-signal;
+        # StateDirectory = baseNameOf dataDir;
         UMask = "0027";
 
         ExecStart = ''
           ${pkgs.mautrix-signal}/bin/mautrix-signal \
-            --config='${settingsFile}'
+            --config='${settingsFile}' \
+            --no-update
         '';
       };
     };