diff --git a/modules/profiles/system/builders/nix-docker.nix b/modules/profiles/system/builders/nix-docker.nix
index 461c7e43..e55611bc 100644
--- a/modules/profiles/system/builders/nix-docker.nix
+++ b/modules/profiles/system/builders/nix-docker.nix
@@ -1,8 +1,4 @@
-# NOTE: After this is applied, the permissions on the SSH key still need to be set:
-#
-#   $ sudo chmod 0400 /etc/nix/docker_rsa
-#
-# Also need to add to /var/root/.ssh/config, see nix-docker's README
+# NOTE: Also need to add to /var/root/.ssh/config, see nix-docker's README
 
 { config, pkgs, ... }: {
   environment = {
@@ -12,6 +8,7 @@
       "nix/docker_rsa" = {
         enable = true;
         source = "${pkgs.nix-docker}/ssh/insecure_rsa";
+        mode = "0400";
       };
 
       "nix/remote-build-env" = {