diff --git a/README.md b/README.md
index 8e3d8b0..2d02ff0 100644
--- a/README.md
+++ b/README.md
@@ -64,9 +64,10 @@ Hardware requirements
 ---
 * Disk space: 300 GB (235GB for Bitcoin blockchain + some room)
   * Bitcoin Core pruning is not supported at the moment because it's not supported by c-lightning. It's possible to use pruning but you need to know what you're doing.
-* RAM: 2GB of memory. ECC memory is better.
+* RAM: 2GB of memory. ECC memory is better. Additionally, it's recommended to use DDR4 memory with targeted row refresh (TRR) enabled (https://rambleed.com/).
 
-Tested hardware includes [pcengine's apu2c4](https://pcengines.ch/apu2c4.htm), [GB-BACE-3150](https://www.gigabyte.com/Mini-PcBarebone/GB-BACE-3150-rev-10), [GB-BACE-3160](https://www.gigabyte.com/de/Mini-PcBarebone/GB-BACE-3160-rev-10#ov)
+Tested hardware includes [pcengine's apu2c4](https://pcengines.ch/apu2c4.htm), [GB-BACE-3150](https://www.gigabyte.com/Mini-PcBarebone/GB-BACE-3150-rev-10), [GB-BACE-3160](https://www.gigabyte.com/de/Mini-PcBarebone/GB-BACE-3160-rev-10#ov).
+Some hardware (including Intel NUCs) may not be compatible with the hardened kernel turned on by default (see https://github.com/fort-nix/nix-bitcoin/issues/39#issuecomment-517366093 for a workaround).
 
 Usage
 ---
diff --git a/modules/clightning.nix b/modules/clightning.nix
index ba05966..b7aa4b9 100644
--- a/modules/clightning.nix
+++ b/modules/clightning.nix
@@ -79,12 +79,10 @@ in {
       after = [ "bitcoind.service" ];
       preStart = ''
         mkdir -m 0770 -p ${cfg.dataDir}
-        rm -f ${cfg.dataDir}/config
-        chown 'clightning:clightning' '${cfg.dataDir}'
         cp ${configFile} ${cfg.dataDir}/config
-        chown 'clightning:clightning' '${cfg.dataDir}/config'
-        chmod +w ${cfg.dataDir}/config
-        chmod o-rw ${cfg.dataDir}/config
+        chown -R 'clightning:clightning' '${cfg.dataDir}'
+        # give group read access to allow using lightning-cli
+        chmod u=rw,g=r,o= ${cfg.dataDir}/config
         # The RPC socket has to be removed otherwise we might have stale sockets
         rm -f ${cfg.dataDir}/lightning-rpc
         echo "bitcoin-rpcpassword=$(cat /secrets/bitcoin-rpcpassword)" >> '${cfg.dataDir}/config'
diff --git a/modules/nix-bitcoin-services.nix b/modules/nix-bitcoin-services.nix
index fd43bde..da401e6 100644
--- a/modules/nix-bitcoin-services.nix
+++ b/modules/nix-bitcoin-services.nix
@@ -1,3 +1,6 @@
+# See `man systemd.exec` and `man systemd.resource-control` for an explanation
+# of the various systemd options available through this module.
+
 { config, lib, pkgs, ... }:
 
 with lib;
@@ -42,6 +45,3 @@ in
     '';
   };
 }
-
-
-