diff --git a/scripts/systemd/gogs.service b/scripts/systemd/gogs.service
index 9f105bf8e..d9f12e30e 100644
--- a/scripts/systemd/gogs.service
+++ b/scripts/systemd/gogs.service
@@ -18,6 +18,10 @@ WorkingDirectory=/home/git/gogs
 ExecStart=/home/git/gogs/gogs web
 Restart=always
 Environment=USER=git HOME=/home/git
+# Hardening
+ProtectSystem=full
+PrivateDevices=yes
+PrivateTmp=yes
 
 [Install]
 WantedBy=multi-user.target