diff --git a/modules/lamassu-lnbits.nix b/modules/lamassu-lnbits.nix
index 804f7bd..a726069 100644
--- a/modules/lamassu-lnbits.nix
+++ b/modules/lamassu-lnbits.nix
@@ -328,11 +328,20 @@ in
         Group = cfg.group;
         # Build can take a while, especially on first run
         TimeoutStartSec = "30min";
-        # Allow write access to data directory for cloning and building
-        ReadWritePaths = [ cfg.dataDir "/tmp" ];
-        # Relax sandboxing for build scripts
+        # Completely disable sandboxing for build (npm scripts need full access)
         PrivateTmp = false;
+        PrivateDevices = false;
+        ProtectSystem = false;
+        ProtectHome = false;
         NoNewPrivileges = false;
+        ProtectKernelTunables = false;
+        ProtectKernelModules = false;
+        ProtectControlGroups = false;
+        RestrictNamespaces = false;
+        RestrictSUIDSGID = false;
+        LockPersonality = false;
+        # Don't restrict syscalls
+        SystemCallFilter = "";
       };
 
       script = ''