diff --git a/module.nix b/module.nix
index a1a1f5a..29c0aed 100644
--- a/module.nix
+++ b/module.nix
@@ -90,17 +90,23 @@ in
         ExecStartPre = "${strojnadzor}/bin/strojnadzor-admin migrate";
         ExecStart = "${strojnadzor}/bin/strojnadzor-admin runserver-gunicorn";
         StateDirectory = "strojnadzor";
+        CapabilityBoundingSet = "";
         LockPersonality = true;
         NoNewPrivileges = true;
         PrivateDevices = true;
-        RestrictNamespaces = true;
+        # PrivateNetwork = true;
         PrivateTmp = true;
+        PrivateUsers = true;
         ProtectControlGroups = true;
         ProtectHome = true;
         ProtectKernelModules = true;
         ProtectKernelTunables = true;
         ProtectSystem = "strict";
+        RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
+        RestrictNamespaces = true;
         RestrictSUIDSGID = true;
+        SystemCallErrorNumber = "EPERM";
+        SystemCallFilter = "@system-service";
       };
       environment.STROJNADZOR_DATA_DIR = "${cfg.stateDir}";
     };