diff --git a/shared/modules/state.nix b/shared/modules/state.nix
index 10264a7..ca49cba 100644
--- a/shared/modules/state.nix
+++ b/shared/modules/state.nix
@@ -29,5 +29,12 @@ in {
         ];
       };
     };
+
+    # fixes the following error, when trying to use impermanence
+    # in `/var/lib/private`, which is needed for DynamicUser.
+    # Error: Directory "/var/lib/private" already exists, but has mode 0755 that is too permissive (0700 was requested), refusing.
+    systemd.tmpfiles.rules = [
+        "d /var/lib/private 0700 root root - -"
+    ];
   };
 }