diff --git a/modules/nixos/services/syncthing/default.nix b/modules/nixos/services/syncthing/default.nix
index 70855fe..9ff1220 100755
--- a/modules/nixos/services/syncthing/default.nix
+++ b/modules/nixos/services/syncthing/default.nix
@@ -64,14 +64,13 @@ in
   };
 
   systemd.tmpfiles.rules = [
-    # Main syncthing directory
-    "d ${service.paths.path0} 0755 ${service.name} ${service.name} -"
-
+    # Main syncthing directory - use Z to fix existing permissions
+    "z ${service.paths.path0} 0755 ${service.name} ${service.name} -"
     # Backup directories
     "d ${backupPath} 0755 ${service.name} ${service.name} -"
-    "d ${backupPath}/${postgres.name} 0755 ${postgres.name} ${service.name} -"
+    "d ${backupPath}/${postgres.name} 0750 ${postgres.name} ${service.name} -"
     "d ${backupPath}/${forgejo.name} 0750 ${forgejo.name} ${service.name} -"
-    "d ${backupPath}/${vaultwarden.name} 750 ${vaultwarden.name} ${service.name} -"
+    "d ${backupPath}/${vaultwarden.name} 0750 ${vaultwarden.name} ${service.name} -"
   ];
 
   networking = {
diff --git a/modules/nixos/services/vaultwarden/default.nix b/modules/nixos/services/vaultwarden/default.nix
index f956735..9b6f601 100755
--- a/modules/nixos/services/vaultwarden/default.nix
+++ b/modules/nixos/services/vaultwarden/default.nix
@@ -96,9 +96,11 @@ in
       serviceConfig = {
         Group = lib.mkForce syncthing.name;
       };
+      wantedBy = lib.mkForce [ ];
       after = [ "${service.name}.service" ];
     };
   };
+
   users.users.${service.name}.extraGroups = [
     syncthing.name
   ];