{ pkgs, lib, ... }: with lib; { security.chromiumSuidSandbox.enable = true; security.lockKernelModules = false; boot.kernel.sysctl."user.max_user_namespaces" = 63414; imports = [ <nixpkgs/nixos/modules/profiles/hardened.nix> ]; }