diff --git a/nixos/components/network/syncthing.nix b/nixos/components/network/syncthing.nix
index 5aa872a..168ba6c 100644
--- a/nixos/components/network/syncthing.nix
+++ b/nixos/components/network/syncthing.nix
@@ -4,6 +4,21 @@ with lib; {
   networking.firewall.interfaces."gummybears".allowedTCPPorts = [ 8384 ];
 
   clanCore.facts.services.syncthing = factsGenerator.syncthing { };
+  tmpfiles.settings.syncthing.d = {
+    "/run/facts/syncthing" = {
+      type = "d";
+      user = config.services.syncthing.user;
+      group = config.services.syncthing.group;
+      mode = "400";
+    };
+    "/run/facts/syncthing.key" = {
+      type = "C";
+      user = config.services.syncthing.user;
+      group = config.services.syncthing.group;
+      mode = "400";
+      argument = config.clanCore.facts.services.syncthing.secret."syncthing.key".path;
+    };
+  };
 
   services.syncthing = {
     guiAddress = lib.mkDefault "${config.networking.hostName}.${ config.clan.static-hosts.topLevelDomain }:8384";