diff --git a/roles/common/tasks/ansibleuser.yml b/roles/common/tasks/ansibleuser.yml
index 2cfc2d3..152f08d 100644
--- a/roles/common/tasks/ansibleuser.yml
+++ b/roles/common/tasks/ansibleuser.yml
@@ -9,6 +9,16 @@
         password_lock: yes
         system: yes
       become: yes
+    - name: Ensure perms on Ansible user home
+      file:
+        path: "/home/ansible"
+        mode: "0700"
+    - name: Ensure ownership of Ansible user home
+      file:
+        path: "/home/ansible"
+        owner: ansible
+        group: ansible
+        recurse: yes
     - name: Add Ansible key to user
       authorized_key:
         user: ansible
diff --git a/roles/desktop/tasks/main.yml b/roles/desktop/tasks/main.yml
index 3364012..767a860 100644
--- a/roles/desktop/tasks/main.yml
+++ b/roles/desktop/tasks/main.yml
@@ -17,6 +17,8 @@
       loop:
         # Works around a bug where this causes failed logins
         - "/etc/X11/Xsession.d/70im-config_launch"
+        # Works around SDDM never actually sourcing a user's xsessionrc
+        - "/etc/X11/Xsession.d/99x11-common_start"
     - name: Copy system configs
       template:
         src: "{{ item.src }}"