diff --git a/.vscode/settings.json b/.vscode/settings.json
index dead4b3..947618d 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -256,6 +256,7 @@
     "sessionmaker",
     "sessionstore",
     "shellcheck",
+    "signalbot",
     "signon",
     "Signons",
     "skia",
@@ -305,6 +306,7 @@
     "useragent",
     "usernamehw",
     "userprefs",
+    "vaninventory",
     "vfat",
     "victron",
     "virt",
diff --git a/systems/brain/services/van_inventory.nix b/systems/brain/services/van_inventory.nix
index aa076a5..e2a4645 100644
--- a/systems/brain/services/van_inventory.nix
+++ b/systems/brain/services/van_inventory.nix
@@ -6,11 +6,13 @@
 {
   networking.firewall.allowedTCPPorts = [ 8001 ];
 
-  users.users.vaninventory = {
-    isSystemUser = true;
-    group = "vaninventory";
+  users = {
+    users.vaninventory = {
+      isSystemUser = true;
+      group = "vaninventory";
+    };
+    groups.vaninventory = { };
   };
-  users.groups.vaninventory = { };
 
   systemd.services.van_inventory = {
     description = "Van Inventory API";
diff --git a/systems/jeeves/services/postgress.nix b/systems/jeeves/services/postgress.nix
index 46ad091..4f76549 100644
--- a/systems/jeeves/services/postgress.nix
+++ b/systems/jeeves/services/postgress.nix
@@ -30,11 +30,14 @@ in
       local hass     hass     trust
       local gitea    gitea    trust
 
+      # signalbot
+      local richie  signalbot   trust
+
       # math
       local postgres  math   trust
       host  postgres  math   127.0.0.1/32    trust
-      host  postgres  math   ::1/128         trust  
-      host  postgres  math   192.168.90.1/24 trust 
+      host  postgres  math   ::1/128         trust
+      host  postgres  math   192.168.90.1/24 trust
 
     '';
 
@@ -98,6 +101,12 @@ in
           replication = true;
         };
       }
+      {
+        name = "signalbot";
+        ensureClauses = {
+          login = true;
+        };
+      }
     ];
     ensureDatabases = [
       "hass"
diff --git a/systems/jeeves/services/signal_bot.nix b/systems/jeeves/services/signal_bot.nix
index 289d5af..fc1e773 100644
--- a/systems/jeeves/services/signal_bot.nix
+++ b/systems/jeeves/services/signal_bot.nix
@@ -7,6 +7,14 @@ let
   vars = import ../vars.nix;
 in
 {
+  users = {
+    users.signalbot = {
+      isSystemUser = true;
+      group = "signalbot";
+    };
+    groups.signalbot = { };
+  };
+
   systemd.services.signal-bot = {
     description = "Signal command and control bot";
     after = [
@@ -22,6 +30,8 @@ in
 
     serviceConfig = {
       Type = "simple";
+      User = "signalbot";
+      Group = "signalbot";
       EnvironmentFile = "${vars.secrets}/services/signal-bot";
       ExecStart = "${pkgs.my_python}/bin/python -m python.signal_bot.main";
       StateDirectory = "signal-bot";