diff --git a/flake.nix b/flake.nix
index 1ff7501..7b58c8a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -36,7 +36,7 @@
           # Enable core services
           services.bitcoind = {
             enable = true;
-            dataDir = "/var/lib/bitcoind"; # Explicitly set to your existing path (it's the default, but this confirms reuse)
+            dataDir = "/var/lib/bitcoind";
             address = "0.0.0.0";
             port = 23002;
             listen = true;
@@ -46,14 +46,13 @@
               address = "0.0.0.0";
               port = 8332;
               threads = 16;
-              allowip = ["10.1.1.0/24"]; # Adjust if needed
+              allowip = ["10.1.1.0/24"];
             };
             regtest = false;
-            # Remove this line: network = "mainnet";  # nix-bitcoin sets it by default
             dataDirReadableByGroup = false;
             disablewallet = null;
             dbCache = 4000;
-            prune = 10000; # Matches your existing bitcoin.conf; set to 0 to disable pruning (needs more disk space)
+            prune = 10000;
             zmqpubrawblock = "tcp://0.0.0.0:28332";
             zmqpubrawtx = "tcp://0.0.0.0:28333";
             user = "bitcoind";
@@ -72,16 +71,20 @@
             enable = true;
             address = "0.0.0.0";
             port = 23000;
-            lbtc = true; # If you want Liquid support
+            lbtc = true;
             user = "btcpayserver";
             group = "btcpayserver";
-            lightningBackend = "clightning"; # Or "lnd"
+            lightningBackend = "clightning";
           };
 
-          # PostgreSQL is handled automatically by nix-bitcoin's BTCPay module
-          # No need for custom postgresql module
+          # Relax seccomp and namespaces for BTCPayServer to avoid SIGSYS in LXC
+          systemd.services.btcpayserver.serviceConfig = {
+            SystemCallFilter = [];
+            PrivateMounts = false;
+            ProtectSystem = false;
+          };
 
-          # Container mode (if desired; test without first)
+          # Container mode (required for your Proxmox LXC)
           boot.isContainer = true;
 
           # Firewall: Open necessary ports
@@ -89,7 +92,7 @@
             config.services.btcpayserver.port
             config.services.bitcoind.port
             config.services.nbxplorer.port
-            22 # SSH
+            22
           ];
 
           # SSH setup
@@ -106,20 +109,12 @@
             "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAaV7JtUWkWrjo5FfCcpTCCEY/OJ+T1mJOLbe4avg0XH sysadmin@skrybit.io"
           ];
 
-          # Suppress unnecessary units (as in your original)
+          # Suppress unnecessary units
           systemd.suppressedSystemUnits = [
             "dev-mqueue.mount"
             "sys-kernel-debug.mount"
             "sys-fs-fuse-connections.mount"
           ];
-          # Relax seccomp for .NET services to avoid SIGSYS in LXC
-          systemd.services.btcpayserver.serviceConfig = {
-            SystemCallFilter = [];
-          };
-
-          systemd.services.nbxplorer.serviceConfig = {
-            SystemCallFilter = [];
-          };
 
           # State version
           system.stateVersion = "25.05";