diff --git a/nixos/modules/services/monitoring/graphite.nix b/nixos/modules/services/monitoring/graphite.nix
index cb67b9d4fcbb..abdaf6ec2968 100644
--- a/nixos/modules/services/monitoring/graphite.nix
+++ b/nixos/modules/services/monitoring/graphite.nix
@@ -184,6 +184,7 @@ in {
         ExecStart = "${pkgs.twisted}/bin/twistd ${carbonOpts "carbon-cache"}";
         User = "graphite";
         Group = "graphite";
+        PermissionsStartOnly = true;
       };
       restartTriggers = [
         pkgs.pythonPackages.carbon
@@ -194,7 +195,7 @@ in {
       ];
       preStart = ''
         mkdir -m 0700 -p ${cfg.dataDir}/whisper
-        if [ "$(id -u)" = 0 ]; then chown -R graphite:graphite ${cfg.dataDir}; fi
+        chown -R graphite:graphite ${cfg.dataDir}
       '';
     };
 
@@ -235,6 +236,7 @@ in {
       description = "Graphite Web Interface";
       wantedBy = [ "multi-user.target" ];
       after = [ "network-interfaces.target" ];
+      path = [ pkgs.perl ];
       environment = {
         PYTHONPATH = "${pkgs.python27Packages.graphite_web}/lib/python2.7/site-packages";
         DJANGO_SETTINGS_MODULE = "graphite.settings";
@@ -248,11 +250,11 @@ in {
           --call django.core.handlers.wsgi:WSGIHandler'';
         User = "graphite";
         Group = "graphite";
+        PermissionsStartOnly = true;
       };
       preStart = ''
         if ! test -e ${dataDir}/db-created; then
           mkdir -m 0700 -p ${dataDir}/{whisper/,log/webapp/}
-          if [ "$(id -u)" = 0 ]; then chown -R graphite:graphite ${cfg.dataDir}; fi
 
           # populate database
           ${pkgs.python27Packages.graphite_web}/bin/manage-graphite.py syncdb --noinput
@@ -261,6 +263,8 @@ in {
           ${pkgs.python27Packages.graphite_web}/bin/build-index.sh
 
           touch ${dataDir}/db-created
+
+          chown -R graphite:graphite ${cfg.dataDir}
         fi
       '';
       restartTriggers = [