{ pkgs, ... }:
{
  boot = {
    kernelPackages = pkgs.linuxPackages_hardened;
    loader.systemd-boot.enable = true;
  };
}