diff --git a/nixos/module.nix b/nixos/module.nix
index 148ab38..07bffc7 100644
--- a/nixos/module.nix
+++ b/nixos/module.nix
@@ -122,26 +122,12 @@ in
         Restart = "always";
         RestartSec = 10;
 
-        # Hardening (compatible with nixos-rebuild requirements)
-        # Note: Some options are relaxed because nixos-rebuild requires:
+        # Minimal hardening - nixos-rebuild requires broad system access:
         # - Write access to /nix/store for building
+        # - Kernel namespace support for nix sandbox builds
         # - Ability to activate system configurations
         # - Network access for fetching from git/cache
-        # - Namespace support for nix sandbox builds
-        NoNewPrivileges = false;
-        ProtectSystem = "false";
-        ProtectHome = "read-only";
-        PrivateTmp = true;
-        PrivateDevices = false;
-        ProtectKernelTunables = true;
-        ProtectKernelModules = true;
-        ProtectControlGroups = true;
-        RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
-        RestrictNamespaces = false;
-        RestrictSUIDSGID = true;
-        LockPersonality = true;
-        MemoryDenyWriteExecute = false;
-        SystemCallArchitectures = "native";
+        # Following the approach of nixos auto-upgrade which has no hardening
       };
     };
   };