{
  lib,
  config,
  ...
}:
{
  config.systemd.services = lib.mkIf (config.specialisation != { }) {
    nix-daemon.serviceConfig = {
      MemoryDenyWriteExecute = true;
      SystemCallArchitectures = "native";
      RestrictSUIDSGID = true; # good, somehow???

      RestrictAddressFamilies = [
        "AF_UNIX"
        "AF_INET"
        "AF_INET6"
        # "AF_NETLINK" # needed for some checks
      ]; # needed to download sources and caches
      RestrictNamespaces = [
        "user"
        "net"
        "uts"
        "mnt"
        "ipc"
        "pid"
      ]; # namespaces needed for sandboxing
      SystemCallFilter = [
        "@system-service"
        "@cpu-emulation"
        "@mount"
        "@privileged"
      ];

      LockPersonality = true;
      ProtectControlGroups = true;
      ProtectKernelModules = true; # todo: does kvm need a modprobe here?
      PrivateMounts = true;
      ProtectProc = "invisible";
      ProtectClock = true;

      # file system
      # PrivateTmp = true; # breaks --keep-failed
      ProtectSystem = "strict";
      ReadWritePaths = [
        "/nix"
        "/tmp"
      ];

      # Scheduling: only do as much as resources are available
      LimitNICE = 1;
      Nice = 19;
      RestrictRealtime = true;

      # devices
      DevicePolicy = "closed"; # allow pseudo-devices like /dev/null, but no real devices
      DeviceAllow = "/dev/kvm"; # kvm is needed for VM tests

      CapabilityBoundingSet = [
        "CAP_FOWNER"
        "CAP_CHOWN"
        "CAP_SETUID"
        "CAP_SETGID"
        "CAP_SYS_ADMIN"
        "CAP_DAC_OVERRIDE"
      ];

      NoNewPrivileges = false; # build processes might need more

      # ProtectKernelLogs=true; # BAD
      # ProtectKernelTunables = true; # BAD
      # PrivateUsers=true; BAD
      # ProtectHome = "read-only"; # BAD
      # ProtectHostname = true; # BAD!
      # PrivateNetwork = true; # BAD!
    };
  };
}