diff --git a/ansible/files/postgresql_config/postgresql.service.j2 b/ansible/files/postgresql_config/postgresql.service.j2
index 4cc138ec7..30bbd5f6d 100644
--- a/ansible/files/postgresql_config/postgresql.service.j2
+++ b/ansible/files/postgresql_config/postgresql.service.j2
@@ -22,7 +22,9 @@ OOMScoreAdjust=-1000
 EnvironmentFile=-/etc/environment.d/postgresql.env
 LimitNOFILE=16384
 {% if supabase_internal is defined %}
-ReadOnlyPaths=/etc
+ProtectHome=yes
+ReadOnlyPaths=/etc /opt
+InaccessiblePaths=-/var/lib/supabase -/var/lib/supabase-admin-agent -/var/lib/cloud -/var/cache/supabase-admin-agent -/opt/saltstack -/etc/salt
 {% endif %}
 [Install]
 WantedBy=multi-user.target
diff --git a/ansible/vars.yml b/ansible/vars.yml
index 0a9e3bd8f..0f77b1820 100644
--- a/ansible/vars.yml
+++ b/ansible/vars.yml
@@ -10,9 +10,9 @@ postgres_major:
 
 # Full version strings for each major version
 postgres_release:
-  postgresorioledb-17: "17.5.1.042-orioledb"
-  postgres17: "17.6.1.021"
-  postgres15: "15.14.1.021"
+  postgresorioledb-17: "17.5.1.043-orioledb"
+  postgres17: "17.6.1.022"
+  postgres15: "15.14.1.022"
 
 # Non Postgres Extensions
 pgbouncer_release: 1.19.0