diff --git a/modules/nixos/syncplay.nix b/modules/nixos/syncplay.nix
index 89fa31a0..6de87a37 100644
--- a/modules/nixos/syncplay.nix
+++ b/modules/nixos/syncplay.nix
@@ -76,6 +76,15 @@ in {
           "${cfg.certDir}"
         ])
       ];
+      NoNewPrivileges = true;
+      PrivateDevices = true;
+      PrivateMounts = true;
+      PrivateTmp = true;
+      ProtectSystem = "strict";
+      ProtectHome = true;
+      ProtectControlGroups = true;
+      ProtectProc = "invisible";
+      RemoveIPC = true;
     };
   };
 }