diff --git a/module.nix b/module.nix
index 5260c65..3167015 100644
--- a/module.nix
+++ b/module.nix
@@ -120,6 +120,13 @@ in
         RestrictSUIDSGID = true;
         MemoryDenyWriteExecute = true;
         LockPersonality = true;
+      } // lib.optionalAttrs cfg.flake.enable {
+        # nix and git need writable cache directories
+        StateDirectory = "nixos-exporter";
+        Environment = [
+          "HOME=/var/lib/nixos-exporter"
+          "XDG_CACHE_HOME=/var/lib/nixos-exporter/.cache"
+        ];
       };
     };