diff --git a/hosts/rpi4/services.nix b/hosts/rpi4/services.nix
index 78986fd..d7bcef2 100644
--- a/hosts/rpi4/services.nix
+++ b/hosts/rpi4/services.nix
@@ -24,19 +24,19 @@
 
     age.secrets.authelia-users = {
       file = ../../secrets/authelia-users.age;
-      group = "authelia-main";
+      group = "authelia-shared";
       mode = "0750";
     };
 
     age.secrets.authelia-jwt = {
       file = ../../secrets/authelia-jwt.age;
-      group = "authelia-main";
+      group = "authelia-shared";
       mode = "0750";
     };
 
     age.secrets.authelia-storage = {
       file = ../../secrets/authelia-storage.age;
-      group = "authelia-main";
+      group = "authelia-shared";
       mode = "0750";
     };
 
@@ -81,8 +81,10 @@
       8123
     ];
 
+    users.groups.authelia-shared = { };
     services.authelia.instances = lib.mapAttrs (inst: opts: {
       enable = true;
+      group = "authelia-shared";
       secrets = {
         jwtSecretFile = config.age.secrets.authelia-jwt.path;
         storageEncryptionKeyFile = config.age.secrets.authelia-storage.path;