diff --git a/nixos/modules/services/misc/gotenberg.nix b/nixos/modules/services/misc/gotenberg.nix
index ed8629a7fa46..e92e11b50c71 100644
--- a/nixos/modules/services/misc/gotenberg.nix
+++ b/nixos/modules/services/misc/gotenberg.nix
@@ -228,7 +228,6 @@ in
         ProtectKernelModules = true;
         ProtectKernelTunables = true;
         ProtectProc = "invisible";
-        ProcSubset = "pid";
 
         RestrictAddressFamilies = [
           "AF_UNIX"
@@ -240,11 +239,10 @@ in
         RestrictRealtime = true;
 
         LockPersonality = true;
-        MemoryDenyWriteExecute = true;
 
         SystemCallFilter = [
+          "@sandbox"
           "@system-service"
-          "~@privileged"
         ];
         SystemCallArchitectures = "native";