diff --git a/nixos/hosts/common/optional/dnscrypt-proxy2.nix b/nixos/hosts/common/optional/dnscrypt-proxy2.nix
index 21494b9..5204121 100644
--- a/nixos/hosts/common/optional/dnscrypt-proxy2.nix
+++ b/nixos/hosts/common/optional/dnscrypt-proxy2.nix
@@ -13,14 +13,9 @@
     dhcpcd.extraConfig = "nohook resolv.conf";
   };
 
-  config.users.users.dnscrypt.isSystemUser = true;
-  config.users.users.dnscrypt.group = "dnscrypt";
-  config.users.groups.dnscrypt = { };
-
   # configure secret for forwarding rules
   config.sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".sopsFile = ./dnscrypt-proxy2.sops.yaml;
-  config.sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".mode = "0444";
-  config.sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".path = "/run/dnscrypt-forwarding-rules.txt";
+  config.sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".mode = "0444"; # This is world-readable but theres nothing security related in the file
 
   # Restart dnscrypt when secret changes
   config.sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".restartUnits = [ "dnscrypt-proxy2" ];