diff --git a/systemd_units/daas.service b/systemd_units/daas.service
index 52e2212..fb98477 100644
--- a/systemd_units/daas.service
+++ b/systemd_units/daas.service
@@ -12,6 +12,10 @@ User=caddy
 Group=caddy
 ExecStart=/usr/local/bin/daas
 Restart=always
+PrivateTmp=true
+PrivateDevices=true
+ProtectHome=true
+ProtectSystem=full
 
 [Install]
 WantedBy=multi-user.target
diff --git a/systemd_units/gitea.service b/systemd_units/gitea.service
index bb8a3d9..7d34e09 100644
--- a/systemd_units/gitea.service
+++ b/systemd_units/gitea.service
@@ -15,6 +15,10 @@ WorkingDirectory=/var/lib/gitea/
 ExecStart=/usr/local/bin/gitea web -c /etc/gitea/app.ini
 Restart=always
 Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea
+PrivateTmp=true
+PrivateDevices=true
+ProtectSystem=full
+ReadWriteDirectories=/var/lib/gitea
 CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 AmbientCapabilities=CAP_NET_BIND_SERVICE
 
diff --git a/systemd_units/mirror-bot-2.service b/systemd_units/mirror-bot-2.service
index 0f87da2..2dfaa3e 100644
--- a/systemd_units/mirror-bot-2.service
+++ b/systemd_units/mirror-bot-2.service
@@ -15,7 +15,6 @@ KillSignal=SIGQUIT
 TimeoutStopSec=5s
 PrivateTmp=true
 PrivateDevices=true
-ProtectSystem=full
 
 [Install]
 WantedBy=multi-user.target
diff --git a/systemd_units/mirror-bot.service b/systemd_units/mirror-bot.service
index 6684587..12cd4f0 100644
--- a/systemd_units/mirror-bot.service
+++ b/systemd_units/mirror-bot.service
@@ -15,7 +15,6 @@ KillSignal=SIGQUIT
 TimeoutStopSec=5s
 PrivateTmp=true
 PrivateDevices=true
-ProtectSystem=full
 
 [Install]
 WantedBy=multi-user.target