diff --git a/plenums_invite.service b/plenums_invite.service
index d2d42ad..6e1e4b9 100644
--- a/plenums_invite.service
+++ b/plenums_invite.service
@@ -3,12 +3,13 @@ Description=Send invitation to Hackspace's Announce Discourse
 
 [Service]
 Type=oneshot
-ExecStart=/opt/plenums_invite/invite.py
+ExecStart=/opt/plenums_invite/invite.py -c ${CREDENTIALS_DIRECTORY}/plenums_invite_conf
 
 WorkingDirectory=/opt/plenums_invite
+LoadCredential=plenums_invite_conf:/opt/plenums_invite/invite.conf
 
 UMask=077
-#DynamicUser=yes
+DynamicUser=yes
 
 PrivateDevices=yes
 PrivateUsers=yes
@@ -34,4 +35,5 @@ RestrictRealtime=true
 RestrictNamespaces=true
 SystemCallArchitectures=native
 LockPersonality=yes
+SystemCallFilter=~@clock @debug @module @mount @raw-io @reboot @swap @privileged @resources @cpu-emulation @obsolete
 RestrictAddressFamilies=AF_INET AF_INET6