diff --git a/roles/bugbot/files/bugbot.service b/roles/bugbot/files/bugbot.service
index 1170655f4f464abf0be98532089c9a84b32559ec..1775f220ae0539a1c653c1e5fdb1b7b3af38afd8 100644
--- a/roles/bugbot/files/bugbot.service
+++ b/roles/bugbot/files/bugbot.service
@@ -5,8 +5,14 @@ Description=The official Arch Linux IRC bugbot
 EnvironmentFile=/srv/bugbot/env
 ExecStart=/srv/bugbot/bugbot.py
 Restart=on-failure
-ProtectSystem=full
+ProtectSystem=strict
 DynamicUser=yes
+PrivateDevices=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+MemoryDenyWriteExecute=true
+NoNewPrivileges=true
+
 
 [Install]
-WantedBy=default.target
+WantedBy=multi-user.target