diff --git a/nixos/modules/services/monitoring/prometheus/blackbox-exporter.nix b/nixos/modules/services/monitoring/prometheus/blackbox-exporter.nix
index 7a343299c31..388e4d4ac01 100644
--- a/nixos/modules/services/monitoring/prometheus/blackbox-exporter.nix
+++ b/nixos/modules/services/monitoring/prometheus/blackbox-exporter.nix
@@ -54,6 +54,7 @@ in {
         Restart = "always";
         PrivateTmp = true;
         WorkingDirectory = /tmp;
+        AmbientCapabilities = [ "CAP_NET_RAW" ]; # for ping probes
         ExecStart = ''
           ${pkgs.prometheus-blackbox-exporter}/bin/blackbox_exporter \
             -web.listen-address :${toString cfg.port} \