diff --git a/modules/server/containers/apps/servarr.nix b/modules/server/containers/apps/servarr.nix
index 5b72c4a..88f5d54 100644
--- a/modules/server/containers/apps/servarr.nix
+++ b/modules/server/containers/apps/servarr.nix
@@ -8,7 +8,7 @@ let
     contents = with pkgs; [ cacert openssl ];
     config = {
       Cmd = [ "${appPkg}/${binaryPath}" "-nobrowser" "-data=/config" ];
-      Env = [ "DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1" ];
+      Env = [ "DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1" "HOME=/tmp" ];
     };
   };
 
@@ -22,12 +22,13 @@ let
   };
 
   sharedVolumes = [
-    "${serverCfg.mediaPath or "/mnt/media"}:/media" # Fast hardlinking requires a single shared root
+    "${serverCfg.dataPath}/media:/media" # Fast hardlinking requires a single shared root
     "${serverCfg.configPath}/servarr:/config-root"
   ];
 in {
   sops = true;
   paths = [
+    { path = "${serverCfg.dataPath}/media/"; mode = "0755"; }
     { path = "${serverCfg.configPath}/servarr/prowlarr"; mode = "0755"; }
     { path = "${serverCfg.configPath}/servarr/radarr";   mode = "0755"; }
     { path = "${serverCfg.configPath}/servarr/sonarr";   mode = "0755"; }
@@ -40,6 +41,9 @@ in {
       imageStream = images.prowlarr;
       port = 9696;
       secret = name;
+      extraOptions = [
+        "--tmpfs=/tmp:rw,noexec,nosuid,size=512m"
+      ];
       overrides.volumes = sharedVolumes ++ [ "${serverCfg.configPath}/servarr/prowlarr:/config" ];
     };
 
@@ -49,6 +53,9 @@ in {
       imageStream = images.radarr;
       port = 7878;
       secret = name;
+      extraOptions = [
+        "--tmpfs=/tmp:rw,noexec,nosuid,size=512m"
+      ];
       overrides.volumes = sharedVolumes ++ [ "${serverCfg.configPath}/servarr/radarr:/config" ];
     };
 
@@ -58,6 +65,9 @@ in {
       imageStream = images.sonarr;
       port = 8989;
       secret = name;
+      extraOptions = [
+        "--tmpfs=/tmp:rw,noexec,nosuid,size=512m"
+      ];
       overrides.volumes = sharedVolumes ++ [ "${serverCfg.configPath}/servarr/sonarr:/config" ];
     };
   };