{
  imports = [
    ./apparmor.nix
    ./audit.nix
    ./doas.nix
    ./kernel.nix
    ./pam.nix
    ./polkit.nix
    ./sudo.nix
  ];

  security.virtualisation.flushL1DataCache = "always";
  programs.firejail.enable = true;
}