diff --git a/modules/server/services/forgejo.nix b/modules/server/services/forgejo.nix
index aa70490c..984ccebb 100644
--- a/modules/server/services/forgejo.nix
+++ b/modules/server/services/forgejo.nix
@@ -79,5 +79,10 @@ in {
         journalmatch = _SYSTEMD_UNIT=forgejo.service
       '';
     };
+    systemd.services.forgejo.serviceConfig = {
+      AmbientCapabilities = lib.mkForce [ "CAP_NET_BIND_SERVICE" ];
+      CapabilityBoundingSet = lib.mkForce [ "CAP_NET_BIND_SERVICE" ];
+      PrivateUsers = lib.mkForce false;
+    };
   };
 }