diff --git a/modules/system/services/atuin.nix b/modules/system/services/atuin.nix
index 931fb42..234cf84 100644
--- a/modules/system/services/atuin.nix
+++ b/modules/system/services/atuin.nix
@@ -1,6 +1,7 @@
 { config, lib, ... }:
 let
   cfg = config.custom.services.atuin;
+  dataDir = "/var/lib/atuin";
 in
 {
   options.custom.services.atuin = {
@@ -18,10 +19,34 @@ in
   config = lib.mkIf cfg.enable {
     services.atuin = {
       enable = true;
-      openRegistration = true;
       inherit (cfg) port;
+      openRegistration = true;
+      database = {
+        createLocally = false;
+        uri = "sqlite://${dataDir}/atuin.db";
+      };
     };
 
-    custom.services.caddy.virtualHosts.${cfg.domain}.port = cfg.port;
+    users = {
+      users.atuin = {
+        isSystemUser = true;
+        group = config.users.groups.atuin.name;
+      };
+      groups.atuin = { };
+    };
+
+    systemd.services.atuin.serviceConfig = {
+      DynamicUser = lib.mkForce false;
+      User = config.users.users.atuin.name;
+      Group = config.users.groups.atuin.name;
+      StateDirectory = "atuin";
+      StateDirectoryMode = "0700";
+    };
+
+    custom = {
+      services.caddy.virtualHosts.${cfg.domain}.port = cfg.port;
+
+      persistence.directories = [ dataDir ];
+    };
   };
 }