diff --git a/modules/services/dnote.nix b/modules/services/dnote.nix
index 3955246..40ed0ee 100644
--- a/modules/services/dnote.nix
+++ b/modules/services/dnote.nix
@@ -37,6 +37,9 @@ let
   };
 
   immutableEnvironment = {
+    HOME = "/var/lib/dnote";
+    XDG_DATA_HOME = "/var/lib/dnote";
+    XDG_CONFIG_HOME = "/var/lib/dnote";
     GO_ENV = "PRODUCTION";
     OnPremises = true;
     DBHost = "/var/run/postgresql";
@@ -90,26 +93,10 @@ in
       after = [ "postgresql.service" ];
       requires = [ "postgresql.service" ];
       serviceConfig = {
-        ExecStart = "${pkgs-unstable.dnote}/bin/dnote-server -port ${toString cfg.port} start";
+        ExecStart = "${pkgs-unstable.dnote}/bin/dnote-server start --port ${toString cfg.port}";
         EnvironmentFile = lib.mkIf (cfg.environmentFile != null) cfg.environmentFile;
         User = cfg.user;
-        BindPaths = [
-          "/var/run/postgresql"
-        ];
-        BindReadOnlyPaths = [
-          /run/systemd/resolve/stub-resolv.conf
-          /etc/ssl
-          /etc/static/ssl
-          /etc/resolv.conf
-          /etc/static/resolv.conf
-          /etc/nsswitch.conf
-          /etc/static/nsswitch.conf
-          /etc/hosts
-        ];
-      };
-      confinement = {
-        enable = true;
-        packages = [ pkgs.cacert ];
+        StateDirectory = "dnote";
       };
       wantedBy = [ "multi-user.target" ];
     };