diff --git a/modules/secrets/tang.nix b/modules/secrets/tang.nix
index 9b3fa47..7c30abf 100644
--- a/modules/secrets/tang.nix
+++ b/modules/secrets/tang.nix
@@ -8,13 +8,17 @@ let
 in longrun {
   inherit name;
   buildInputs = [ json-to-fstree ];
+  notification-fd = 10;
   run = ''
+    set -e
     statedir=/run/${name}
-    mkdir -m 0700 $statedir
+    mkdir -p -m 0700 $statedir
     ( in_outputs ${name}
       while : ; do
-        ${tangc}/bin/tangc decrypt < ${path} > $statedir/input.json
+        ${tangc}/bin/tangc decrypt < ${path} > $statedir/.input.json
+        mv $statedir/.input.json $statedir/input.json
         ${json-to-fstree}/bin/json-to-fstree file://$statedir/input.json .
+        echo ready >&10
         sleep ${builtins.toString (interval * 60)}
       done
     )