diff --git a/flake.nix b/flake.nix
index c9c3041..52ecdaa 100644
--- a/flake.nix
+++ b/flake.nix
@@ -114,6 +114,6 @@
         };
 
       }) // {
-        nixosModules.thekenlicht-daemon = ./module.nix;
+        nixosModules.thekenlicht-daemon = (import ./module.nix {flake=self;});
       };
 }
diff --git a/module.nix b/module.nix
index 4c80b9e..fa8eaa6 100644
--- a/module.nix
+++ b/module.nix
@@ -1,3 +1,4 @@
+{flake}:
 { self, config, pkgs, lib, ... }:
 let
   cfg = config.services.thekenlicht-daemon;
@@ -6,16 +7,27 @@ in
   options = {
     services.thekenlicht-daemon = {
       enable = lib.mkEnableOption "Enable Module";
-      serialPort = lib.mkStringOption "Serial Port";
+      serialPort = lib.mkOption {
+        description = "Serial Port";
+        type = lib.types.uniq lib.types.str;
+      };
     };
   };
 
   config = lib.mkIf cfg.enable {
+    users.users.thekenlicht-daemon = {
+      isSystemUser = true;
+      extraGroups = [ "dialout" ];
+      group = "thekenlicht-daemon";
+    };
+    users.groups.thekenlicht-daemon = {};
     systemd.services.thekenlicht-daemon = {
       description = "converts artnet to serial thekenlicht commands";
       wantedBy = [ "multi-user.target" ];
-      serviceConfig.ExecStart = "${self.packages.thekenlicht-daemon}/bin/thekenlicht-daemon ${cfg.serialPort}";
+      serviceConfig.ExecStart = "${flake.packages.${pkgs.system}.default}/bin/thekenlicht-daemon ${cfg.serialPort}";
       serviceConfig.Restart = "on-failure";
+      serviceConfig.User = "thekenlicht-daemon";
+      serviceConfig.Group = "thekenlicht-daemon";
     };
   };
 }