diff --git a/nixos/modules/config/update-users-groups.pl b/nixos/modules/config/update-users-groups.pl
index bef08dc402078e1..4b4977f6a58d3cf 100644
--- a/nixos/modules/config/update-users-groups.pl
+++ b/nixos/modules/config/update-users-groups.pl
@@ -209,13 +209,6 @@ sub parseUser {
         }
     }
 
-    # Ensure home directory incl. ownership and permissions.
-    if ($u->{createHome}) {
-        make_path($u->{home}, { mode => 0700 }) if ! -e $u->{home};
-        chown $u->{uid}, $u->{gid}, $u->{home};
-        chmod 0700, $u->{home};
-    }
-
     if (defined $u->{passwordFile}) {
         if (-e $u->{passwordFile}) {
             $u->{hashedPassword} = read_file($u->{passwordFile});
diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix
index 567a8b6f3b97ed8..7e2ca2e08cd5e5b 100644
--- a/nixos/modules/config/users-groups.nix
+++ b/nixos/modules/config/users-groups.nix
@@ -673,6 +673,23 @@ in {
         else null
       ));
 
+    systemd.services = lib.flip lib.mapAttrs' config.users.users (_: user: {
+      name = "awake-oneshot-home-${user.name}";
+      value = lib.mkIf user.createHome {
+        description = "Create ${user.name} $HOME directory";
+
+        script = ''
+          mkdir -p ${lib.escapeShellArg user.home}
+          chown ${lib.escapeShellArg "${user.name}:${user.group}"} ${lib.escapeShellArg user.home}
+        '';
+
+        wantedBy = [ "multi-user.target" ];
+
+        serviceConfig.Type = "oneshot";
+
+        unitConfig.RequiresMountsFor = [ (lib.escapeShellArg user.home) ];
+      };
+    });
   };
 
 }