diff --git a/nixos/modules/config/update-users-groups.pl b/nixos/modules/config/update-users-groups.pl
index 232f886789d38ba..a71691617db38ab 100644
--- a/nixos/modules/config/update-users-groups.pl
+++ b/nixos/modules/config/update-users-groups.pl
@@ -222,13 +222,6 @@ sub parseUser {
         }
     }
 
-    # Ensure home directory incl. ownership and permissions.
-    if ($u->{createHome}) {
-        make_path($u->{home}, { mode => 0700 }) if ! -e $u->{home} and ! $is_dry;
-        chown $u->{uid}, $u->{gid}, $u->{home};
-        chmod 0700, $u->{home};
-    }
-
     if (defined $u->{passwordFile}) {
         if (-e $u->{passwordFile}) {
             $u->{hashedPassword} = read_file($u->{passwordFile});
diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix
index a34d28143418575..b535b73b560a5ed 100644
--- a/nixos/modules/config/users-groups.nix
+++ b/nixos/modules/config/users-groups.nix
@@ -685,6 +685,12 @@ in {
         else null
       ));
 
+    systemd.tmpfiles.rules = lib.concatLists (lib.mapAttrsToList
+      (_: user:
+        lib.optionals user.createHome [
+          "d ${lib.escapeShellArg user.home} 0700 ${user.name} ${user.group}"
+        ])
+      config.users.users);
   };
 
 }