diff --git a/nixos/modules/services/hardware/irqbalance.nix b/nixos/modules/services/hardware/irqbalance.nix
index b139154432cf..39c139576bfa 100644
--- a/nixos/modules/services/hardware/irqbalance.nix
+++ b/nixos/modules/services/hardware/irqbalance.nix
@@ -17,8 +17,15 @@ in
       irqbalance = {
         description = "irqbalance daemon";
         path = [ pkgs.irqbalance ];
-        serviceConfig =
-          { ExecStart = "${pkgs.irqbalance}/bin/irqbalance --foreground"; };
+        serviceConfig = {
+          ExecStart = "${pkgs.irqbalance}/bin/irqbalance --foreground";
+          CapabilityBoundingSet = "";
+          NoNewPrivileges = "yes";
+          ReadOnlyPaths = "/";
+          ReadWritePaths = "/proc/irq";
+          RestrictAddressFamilies = "AF_UNIX";
+          RuntimeDirectory = "irqbalance/";
+        };
         wantedBy = [ "multi-user.target" ];
       };
     };