diff --git a/nixos/modules/gitea.nix b/nixos/modules/gitea.nix
index 0c808bc..259815a 100644
--- a/nixos/modules/gitea.nix
+++ b/nixos/modules/gitea.nix
@@ -74,6 +74,12 @@ in
       vmOverCommit = true;
     };
 
+    systemd.services.forgejo.serviceConfig = {
+      AmbientCapabilities = lib.mkForce "CAP_NET_BIND_SERVICE";
+      CapabilityBoundingSet = lib.mkForce "CAP_NET_BIND_SERVICE";
+      PrivateUsers = lib.mkForce false;
+    };
+
     services.nginx.virtualHosts."git.${config.networking.domain}" = {
       enableACME = true;
       forceSSL = true;