diff --git a/nixos/modules/services/networking/unbound.nix b/nixos/modules/services/networking/unbound.nix
index bcb48678b21..bc2d5e550ba 100644
--- a/nixos/modules/services/networking/unbound.nix
+++ b/nixos/modules/services/networking/unbound.nix
@@ -137,6 +137,7 @@ in
         NotifyAccess = "main";
         Type = "notify";
 
+        # FIXME: Which of these do we actualy need, can we drop the chroot flag?
         AmbientCapabilities = [
           "CAP_NET_BIND_SERVICE"
           "CAP_NET_RAW"