diff --git a/modules/servers/kavita.nix b/modules/servers/kavita.nix
index 56afa30..3b1b1eb 100644
--- a/modules/servers/kavita.nix
+++ b/modules/servers/kavita.nix
@@ -17,7 +17,7 @@ in
       owner = config.users.users.kavita.name;
       inherit (config.users.users.kavita) group;
     };
-    users.groups.kavita.gid = { inherit gid; };
+    users.groups.kavita = { inherit gid; };
     users.users.kavita = {
       inherit uid;
       isSystemUser = true;
diff --git a/modules/servers/nextcloud.nix b/modules/servers/nextcloud.nix
index efe00d5..30e4853 100644
--- a/modules/servers/nextcloud.nix
+++ b/modules/servers/nextcloud.nix
@@ -51,7 +51,7 @@ in
       "nodejs-14.21.3"
       "openssl-1.1.1v"
     ];
-    users.groups.nextcloud.gid = { inherit gid; };
+    users.groups.nextcloud = { inherit gid; };
     users.users.nextcloud = {
       inherit uid;
       isSystemUser = true;
diff --git a/modules/servers/oauth2-proxy.nix b/modules/servers/oauth2-proxy.nix
index fec2d53..802b0fa 100644
--- a/modules/servers/oauth2-proxy.nix
+++ b/modules/servers/oauth2-proxy.nix
@@ -13,7 +13,7 @@ in
 {
   options.my.servers.oauth2-proxy = setup.mkOptions "oauth2-proxy" "auth-proxy" 4180;
   config = lib.mkIf (cfg.enable && config.my.secureHost) {
-    users.groups.oauth2-proxy.gid = { inherit gid; };
+    users.groups.oauth2-proxy = { inherit gid; };
     users.users.oauth2-proxy = {
       inherit uid;
       isSystemUser = true;
diff --git a/modules/servers/paperless.nix b/modules/servers/paperless.nix
index 99d816c..e8db7a8 100644
--- a/modules/servers/paperless.nix
+++ b/modules/servers/paperless.nix
@@ -10,7 +10,7 @@ in
   options.my.servers.paperless.enable = lib.mkEnableOption "Paperless-ngx document management system";
   config = lib.mkIf (cfg.enable && config.my.servers.postgres.enable) {
     networking.firewall.allowedTCPPorts = [ port ];
-    users.groups.paperless.gid = { inherit gid; };
+    users.groups.paperless = { inherit gid; };
     users.users.paperless = {
       inherit uid;
       isSystemUser = true;
diff --git a/modules/servers/plex.nix b/modules/servers/plex.nix
index c9fdb8f..2d761a4 100644
--- a/modules/servers/plex.nix
+++ b/modules/servers/plex.nix
@@ -15,41 +15,43 @@ in
       group = "piracy";
       isSystemUser = true;
     };
-    services.plex = {
-      inherit (cfg) enable;
-      group = "piracy";
-    };
-    nginx = lib.mkIf cfg.enableProxy {
-      virtualHosts."${cfg.host}" = {
-        forceSSL = true;
-        enableACME = true;
-        http2 = true;
-        serverAliases = [
-          "plex.rotehaare.art"
-        ];
-        extraConfig = ''
-          # Some players don't reopen a socket and playback stops totally instead of resuming after an extended pause
-          send_timeout 100m;
-          # Plex headers
-          proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier;
-          proxy_set_header X-Plex-Device $http_x_plex_device;
-          proxy_set_header X-Plex-Device-Name $http_x_plex_device_name;
-          proxy_set_header X-Plex-Platform $http_x_plex_platform;
-          proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version;
-          proxy_set_header X-Plex-Product $http_x_plex_product;
-          proxy_set_header X-Plex-Token $http_x_plex_token;
-          proxy_set_header X-Plex-Version $http_x_plex_version;
-          proxy_set_header X-Plex-Nocache $http_x_plex_nocache;
-          proxy_set_header X-Plex-Provides $http_x_plex_provides;
-          proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor;
-          proxy_set_header X-Plex-Model $http_x_plex_model;
-          # Buffering off send to the client as soon as the data is received from Plex.
-          proxy_redirect off;
-          proxy_buffering off;
-        '';
-        locations."/" = {
-          proxyPass = cfg.local;
-          proxyWebsockets = true;
+    services = {
+      plex = {
+        inherit (cfg) enable;
+        group = "piracy";
+      };
+      nginx = lib.mkIf cfg.enableProxy {
+        virtualHosts."${cfg.host}" = {
+          forceSSL = true;
+          enableACME = true;
+          http2 = true;
+          serverAliases = [
+            "plex.rotehaare.art"
+          ];
+          extraConfig = ''
+            # Some players don't reopen a socket and playback stops totally instead of resuming after an extended pause
+            send_timeout 100m;
+            # Plex headers
+            proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier;
+            proxy_set_header X-Plex-Device $http_x_plex_device;
+            proxy_set_header X-Plex-Device-Name $http_x_plex_device_name;
+            proxy_set_header X-Plex-Platform $http_x_plex_platform;
+            proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version;
+            proxy_set_header X-Plex-Product $http_x_plex_product;
+            proxy_set_header X-Plex-Token $http_x_plex_token;
+            proxy_set_header X-Plex-Version $http_x_plex_version;
+            proxy_set_header X-Plex-Nocache $http_x_plex_nocache;
+            proxy_set_header X-Plex-Provides $http_x_plex_provides;
+            proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor;
+            proxy_set_header X-Plex-Model $http_x_plex_model;
+            # Buffering off send to the client as soon as the data is received from Plex.
+            proxy_redirect off;
+            proxy_buffering off;
+          '';
+          locations."/" = {
+            proxyPass = cfg.local;
+            proxyWebsockets = true;
+          };
         };
       };
     };
diff --git a/modules/servers/synapse.nix b/modules/servers/synapse.nix
index 51d27e4..3539033 100644
--- a/modules/servers/synapse.nix
+++ b/modules/servers/synapse.nix
@@ -30,7 +30,7 @@ in
       synapse = { inherit domain; };
       element = { inherit domain; };
     };
-    users.groups.matrix-synapse.gid = { inherit gid; };
+    users.groups.matrix-synapse = { inherit gid; };
     users.users.matrix-synapse = {
       inherit uid;
       isSystemUser = true;
diff --git a/modules/servers/vaultwarden.nix b/modules/servers/vaultwarden.nix
index 0781a82..a8e442b 100644
--- a/modules/servers/vaultwarden.nix
+++ b/modules/servers/vaultwarden.nix
@@ -15,7 +15,7 @@ in
   options.my.servers.vaultwarden = setup.mkOptions "vaultwarden" "vault" 8222;
   config = lib.mkIf (cfg.enable && config.my.servers.postgres.enable && config.my.secureHost) {
     sops.secrets.vaultwarden.sopsFile = ../../secrets/env.yaml;
-    users.groups.vaultwarden.gid = { inherit gid; };
+    users.groups.vaultwarden = { inherit gid; };
     users.users.vaultwarden = {
       inherit uid;
       isSystemUser = true;
diff --git a/modules/users/nixremote.nix b/modules/users/nixremote.nix
index b464b1a..31508fd 100644
--- a/modules/users/nixremote.nix
+++ b/modules/users/nixremote.nix
@@ -31,9 +31,9 @@
     users = {
       groups.nixremote.gid = config.my.users.nixremote.gid;
       users.nixremote = {
-        uid = 979;
         inherit (config.my.users.nixremote) home;
-        isNormalUser = true;
+        uid = 979;
+        isSystemUser = true;
         createHome = true;
         group = "nixremote";
         openssh.authorizedKeys.keyFiles = config.my.users.nixremote.authorizedKeys;