diff --git a/hosts/nachtigall/apps/mastodon.nix b/hosts/nachtigall/apps/mastodon.nix
index 18299a1..c1b7dfa 100644
--- a/hosts/nachtigall/apps/mastodon.nix
+++ b/hosts/nachtigall/apps/mastodon.nix
@@ -32,6 +32,9 @@
     owner = config.services.mastodon.user;
   };
 
+  # Nginx user needs access to mastodon unix sockets
+  users.users.nginx.extraGroups = [ "mastodon" ];
+
   services.mastodon = {
     enable = true;
     # Different from WEB_DOMAIN in our case
diff --git a/hosts/nachtigall/apps/nginx.nix b/hosts/nachtigall/apps/nginx.nix
index 2715583..9849b82 100644
--- a/hosts/nachtigall/apps/nginx.nix
+++ b/hosts/nachtigall/apps/nginx.nix
@@ -17,8 +17,6 @@ in {
     };
     recommendedProxySettings = true;
   };
-  # Nginx user needs access to mastodon unix sockets
-  users.users.nginx.extraGroups = [ "mastodon" ];
   
   security.acme = {
     acceptTerms = true;