{
  lib,
  pkgs,
  config,
  ...
}:
{
  imports = [
    ./systemd
    ./ssh-as-sudo.nix
    ./apparmor
    ./opensnitch
    ./security.nix
  ];

  specialisation.unhardened.configuration = { };
  # services.opensnitch.enable = lib.mkForce false;

  systemd.tpm2.enable = false;
  systemd.enableEmergencyMode = false;
  virtualisation.vswitch.enable = false;
  # services.resolved.enable = false;
  security.unprivilegedUsernsClone = true;
  environment.defaultPackages = lib.mkForce [ ];
  environment.systemPackages = with pkgs; [ nano ];
}