diff --git a/harden.sh b/harden.sh
index ccd80b3..73aa3e9 100755
--- a/harden.sh
+++ b/harden.sh
@@ -19,11 +19,13 @@ else
     dotfilesDir=$(pwd);
 fi
 pushd $dotfilesDir &> /dev/null;
-chown -R root:root system;
-chown -R root:root patches;
-chown root:root flake.lock;
-chown root:root flake.nix
-chown root:root profiles/*/configuration.nix;
+chown 0:0 .;
+chown 0:0 profiles/*;
+chown -R 0:0 system;
+chown -R 0:0 patches;
+chown 0:0 flake.lock;
+chown 0:0 flake.nix
+chown 0:0 profiles/*/configuration.nix;
+chown 0:0 harden.sh;
 chown 1000:users **/README.org;
-chown root:root harden.sh;
 popd &> /dev/null;
diff --git a/user/app/git/git.nix b/user/app/git/git.nix
index 3d51049..d2feab2 100644
--- a/user/app/git/git.nix
+++ b/user/app/git/git.nix
@@ -7,5 +7,6 @@
   programs.git.userEmail = userSettings.email;
   programs.git.extraConfig = {
     init.defaultBranch = "main";
+    safe.directory = "/home/" + userSettings.username + "/.dotfiles";
   };
 }