diff --git a/paris-container.nix b/paris-container.nix
index 4ed0fda..379ed23 100644
--- a/paris-container.nix
+++ b/paris-container.nix
@@ -243,8 +243,11 @@ in {
       environmentFiles = [ hostSecrets.parisLdapEnv.target-file ];
     };
 
-    systemd.services."container@paris".after =
-      optional (!isNull cfg.kerberos) config.fudo.secrets.secret-target;
+    systemd = {
+      tmpfiles.rules = [ "d ${cfg.state-directory}/home 0700 - - - -" ];
+      services."container@paris".after =
+        optional (!isNull cfg.kerberos) config.fudo.secrets.secret-target;
+    };
 
     containers.paris = {
       autoStart = true;