{
  # Enable AppArmor
  security = {
    sudo.enable = false;
    doas = {
      enable = true;
      extraRules = [
        # Give wheel root access, allow persistant session
        {
          groups = ["wheel"];
          keepEnv = true;
          persist = true;
        }
      ];
    };
    apparmor.enable = true;
  };
}