diff --git a/configuration/services/conduit/matrix-hookshot.nix b/configuration/services/conduit/matrix-hookshot.nix
index 6846d99..6b788b2 100644
--- a/configuration/services/conduit/matrix-hookshot.nix
+++ b/configuration/services/conduit/matrix-hookshot.nix
@@ -29,16 +29,29 @@ let
     };
 
     # Encryption support
-    extraSettings = {
-      "de.sorunome.msc2409.push_ephemeral" = true;
-      push_ephemeral = true;
-      "org.matrix.msc3202" = true;
-    };
+    # TODO(tlater): Enable when
+    # https://github.com/matrix-org/matrix-hookshot/issues/1060 is
+    # fixed
+    # extraSettings = {
+    #   "de.sorunome.msc2409.push_ephemeral" = true;
+    #   push_ephemeral = true;
+    #   "org.matrix.msc3202" = true;
+    # };
 
     runtimeRegistration = "${cfg.registrationFile}";
   };
 in
 {
+  # users = {
+  #   users.matrix-hookshot = {
+  #     home = "/run/matrix-hookshot";
+  #     group = "matrix-hookshot";
+  #     isSystemUser = true;
+  #   };
+
+  #   groups.matrix-hookshot = { };
+  # };
+
   systemd.services.matrix-hookshot = {
     serviceConfig = {
       Type = lib.mkForce "exec";
@@ -49,6 +62,7 @@ in
       # Some library in matrix-hookshot wants a home directory
       Environment = [ "HOME=/run/matrix-hookshot" ];
 
+      # User = "matrix-hookshot";
       DynamicUser = true;
       StateDirectory = "matrix-hookshot";
       RuntimeDirectory = "matrix-hookshot";
@@ -62,7 +76,11 @@ in
       ProtectKernelModules = true;
       ProtectKernelLogs = true;
       ProtectControlGroups = true;
-      RestrictAddressFamilies = [ "AF_INET AF_INET6" ];
+      RestrictAddressFamilies = [
+        # "AF_UNIX"
+        "AF_INET"
+        "AF_INET6"
+      ];
       LockPersonality = true;
       RestrictRealtime = true;
       ProtectProc = "invisible";
@@ -71,6 +89,11 @@ in
     };
   };
 
+  # services.redis.servers.matrix-hookshot = {
+  #   enable = true;
+  #   user = "matrix-hookshot";
+  # };
+
   services.matrix-hookshot = {
     enable = true;
 
@@ -89,6 +112,8 @@ in
 
       bot.displayname = "Hookshot";
 
+      # cache.redisUri = "redis://${config.services.redis.servers.matrix-hookshot.unixSocket}";
+
       generic = {
         enabled = true;
         outbound = false;
@@ -98,7 +123,10 @@ in
         allowJsTransformationFunctions = true;
       };
 
-      encryption.storagePath = "/var/lib/matrix-hookshot/cryptostore";
+      # TODO(tlater): Enable when
+      # https://github.com/matrix-org/matrix-hookshot/issues/1060 is
+      # fixed
+      # encryption.storagePath = "/var/lib/matrix-hookshot/cryptostore";
 
       permissions = [
         {