diff --git a/examples/full-nixos/arion-compose.nix b/examples/full-nixos/arion-compose.nix
index 03eb78f..2ed625c 100644
--- a/examples/full-nixos/arion-compose.nix
+++ b/examples/full-nixos/arion-compose.nix
@@ -1,6 +1,7 @@
 {
   docker-compose.services.webserver = { pkgs, ... }: {
     nixos.useSystemd = true;
+    nixos.configuration.boot.tmpOnTmpfs = true;
     nixos.configuration.services.nginx.enable = true;
     nixos.configuration.services.nginx.virtualHosts.localhost.root = "${pkgs.nix.doc}/share/doc/nix/manual";
     service.useHostStore = true;
diff --git a/src/nix/modules/service/nixos-init.nix b/src/nix/modules/service/nixos-init.nix
index 0dab936..5c6da89 100644
--- a/src/nix/modules/service/nixos-init.nix
+++ b/src/nix/modules/service/nixos-init.nix
@@ -29,10 +29,10 @@ in
       "/sys/fs/cgroup:/sys/fs/cgroup:ro"
     ];
     service.tmpfs = [
-      "/tmp:exec,mode=777"
       "/run"          # noexec is fine because exes should be symlinked from elsewhere anyway
       "/run/wrappers" # noexec breaks this intentionally
-    ];
+    ] ++ lib.optional (config.nixos.evaluatedConfig.boot.tmpOnTmpfs) "/tmp:exec,mode=777";
+
     service.stop_signal = "SIGRTMIN+3";
     service.tty = true;
   };