diff --git a/modules/lamassu-lnbits.nix b/modules/lamassu-lnbits.nix
index 14d393c..804f7bd 100644
--- a/modules/lamassu-lnbits.nix
+++ b/modules/lamassu-lnbits.nix
@@ -310,8 +310,17 @@ in
         # Common native dependencies for Node.js modules
         libuv
         openssl
+        # Additional dependencies for some npm packages
+        expat              # for node-expat
       ];
 
+      environment = {
+        # Tell node-gyp where to find Python
+        PYTHON = "${pkgs.python3}/bin/python3";
+        # Ensure HOME is set for npm/pnpm cache
+        HOME = cfg.dataDir;
+      };
+
       serviceConfig = {
         Type = "oneshot";
         RemainAfterExit = true;
@@ -320,7 +329,10 @@ in
         # Build can take a while, especially on first run
         TimeoutStartSec = "30min";
         # Allow write access to data directory for cloning and building
-        ReadWritePaths = [ cfg.dataDir ];
+        ReadWritePaths = [ cfg.dataDir "/tmp" ];
+        # Relax sandboxing for build scripts
+        PrivateTmp = false;
+        NoNewPrivileges = false;
       };
 
       script = ''