diff --git a/modules/security.nix b/modules/security.nix
index 000b0ff..89efc66 100644
--- a/modules/security.nix
+++ b/modules/security.nix
@@ -1,55 +1,27 @@
 { config, lib, pkgs, ... }:
 
-with lib;
+{
+  # Only show the current user's processes in /proc.
+  # Users with group 'proc' can still access all processes.
+  security.hideProcessInformation = true;
 
-let
-  inherit (config) nix-bitcoin-services;
-  dataDir = "/var/lib/dbus-hardening";
-  # Mitigates a security issue that allows unprivileged users to read
-  # other unprivileged user's processes' credentials from CGroup using
-  # `systemctl status`.
-  dbus-hardening = pkgs.writeText "dbus.conf" ''
+  # This mitigates a systemd security issue leaking (sub)process
+  # command lines.
+  # Only allow root to retrieve systemd unit information like
+  # cgroup paths (i.e. (sub)process command lines) via D-Bus.
+  # This D-Bus call is used by `systemctl status`.
+  services.dbus.packages = [ (pkgs.writeTextDir "etc/dbus-1/system.d/dbus.conf" ''
     <?xml version="1.0" encoding="UTF-8"?> <!-- -*- XML -*- -->
 
     <!DOCTYPE busconfig PUBLIC
      "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
      "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
 
-    <busconfig>
-      <policy user="root">
-        <allow send_destination="org.freedesktop.systemd1"
-          send_interface="org.freedesktop.systemd1.Manager"
-          send_member="GetUnitProcesses"/>
-      </policy>
-
       <policy context="mandatory">
         <deny send_destination="org.freedesktop.systemd1"
           send_interface="org.freedesktop.systemd1.Manager"
           send_member="GetUnitProcesses"/>
       </policy>
     </busconfig>
-  '';
-in {
-  config = {
-    systemd.tmpfiles.rules = [
-      "d '${dataDir}/etc/dbus-1/system.d' 0770 messagebus messagebus - -"
-    ];
-
-    services.dbus.packages = [ "${dataDir}" ];
-
-    systemd.services.hardeneddbus = {
-      description = "Install hardeneddbus";
-      wantedBy = [ "multi-user.target" ];
-      script = ''
-        cp ${dbus-hardening} ${dataDir}/etc/dbus-1/system.d/dbus.conf
-        chmod 640 ${dataDir}/etc/dbus-1/system.d/dbus.conf
-      '';
-      serviceConfig = nix-bitcoin-services.defaultHardening // {
-        PrivateNetwork = "true";
-        Type = "oneshot";
-        User = "messagebus";
-        ReadWritePaths = "${dataDir}";
-      };
-    };
-  };
+  '') ];
 }