diff --git a/packages/bookwyrm/nixos-module.nix b/packages/bookwyrm/nixos-module.nix
index 42049e5..96849ae 100644
--- a/packages/bookwyrm/nixos-module.nix
+++ b/packages/bookwyrm/nixos-module.nix
@@ -24,6 +24,21 @@ with pkgs . kernelmaft ;
 
 					User=bookwyrm
 					Group=bookwyrm
+
+					ProtectSystem=strict
+					ProtectHome=tmpfs
+					PrivateTmp=disconnected
+					PrivateDevices=true
+					PrivateIPC=true
+					ProtectHostname=true
+					ProtectClock=true
+					ProtectKernelTunables=true
+					ProtectKernelModules=true
+					ProtectControlGroups=strict
+					RestrictNamespaces=true
+					LockPersonality=true
+					RestrictRealtime=true
+					RestrictSUIDSGID=true
 				'' ;
 			} ;
 		} ;