diff --git a/host/opt/www/znc.nix b/host/opt/www/znc.nix
index 48ea154..0345f48 100644
--- a/host/opt/www/znc.nix
+++ b/host/opt/www/znc.nix
@@ -35,22 +35,25 @@ in {
     };
 
     systemd = {
+      tmpfiles.rules = [
+        "d ${cfg.dataDir} 0750 ${cfg.user} ${cfg.group} -"
+        "d ${cfg.dataDir}/configs 0750 ${cfg.user} ${cfg.group} -"
+      ];
+
       services = {
         znc-init = {
           description = "Initialize znc settings";
+          requires = ["local-fs.target"];
+          after = ["local-fs.target"];
           serviceConfig = {
             Type = "oneshot";
             RemainAfterExit = true;
             User = cfg.user;
             Group = cfg.group;
-            RuntimeDirectory = cfg.dataDir;
-            RuntimeDirectoryMode = "750";
             NoNewPrivileges = true;
             ProtectSystem = "strict";
             ReadWritePaths = cfg.dataDir;
             ProtectHome = true;
-            StateDirectory = cfg.dataDir;
-            StateDirectoryMode = "755";
             PrivateTmp = true;
             ProtectHostname = true;
             ProtectClock = true;
@@ -97,7 +100,7 @@ in {
           locations =
             {
               "/" = {
-                proxyPass = "http://[[::1]]:7001/";
+                proxyPass = "http://[::1]:7001/";
                 extraConfig = ''
                   proxy_set_header X-Real-IP $remote_addr;
                   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -109,12 +112,12 @@ in {
 
         streamConfig = ''
           upstream znc {
-            server [::1]::7000;
+            server [::1]:7000;
           }
 
           server {
-            listen 0.0.0.0:6697 http2 ssl;
-            listen [::0]:6697 http2 ssl;
+            listen 0.0.0.0:6697 ssl;
+            listen [::0]:6697 ssl;
 
             ssl_certificate ${config.security.acme.certs.${hostname}.directory}/fullchain.pem;
             ssl_certificate_key ${config.security.acme.certs.${hostname}.directory}/key.pem;