diff --git a/config/hardware/lambda.nix b/config/hardware/lambda.nix
index 63a72c2..fb1fa8e 100644
--- a/config/hardware/lambda.nix
+++ b/config/hardware/lambda.nix
@@ -43,7 +43,7 @@ in {
     "/" = {
       device = "none";
       fsType = "tmpfs";
-      options = [ "noexec" ];
+      options = [ "noexec" "mode=755" ];
     };
 
     "/nix" = {
diff --git a/config/host-config/lambda.nix b/config/host-config/lambda.nix
index 3eefeb9..d2db5c6 100644
--- a/config/host-config/lambda.nix
+++ b/config/host-config/lambda.nix
@@ -3,7 +3,7 @@
 let
   shinobi-port = "7080";
   shinobi-od-port = "7082";
-  state-dir = /state;
+  state-dir = "/state"; # This must be a string!
 
 in {
   boot.loader.grub.copyKernels = true;
@@ -37,7 +37,7 @@ in {
     "L /root/.gnupg - - - - ${state-dir}/user/root/gnupg"
     # "L /root/.emacs.d - - - - ${state-dir}/user/root/emacs.d"
     "L /root/.ssh/id_rsa - - - - ${state-dir}/user/root/ssh/id_rsa"
-    "L /root/.ssh/id_rsa.pub - - - - ${state-dir}/state/root/ssh/id_rsa.pub"
+    "L /root/.ssh/id_rsa.pub - - - - ${state-dir}/user/root/ssh/id_rsa.pub"
     "L /root/.ssh/known_hosts - - - - ${state-dir}/user/root/ssh/known_hosts"
   ];