{ lib, config, ... }:
{
  imports = [
    # ./systemd.nix
    ./ssh-as-sudo.nix
  ];

  specialisation.unhardened.configuration = { };
  services.opensnitch.enable = lib.mkForce false;

  systemd.tpm2.enable = false;
  systemd.enableEmergencyMode = false;
  virtualisation.vswitch.enable = false;
  services.resolved.enable = false;
  security.unprivilegedUsernsClone = true;
}