{
  boot = {
    tmp.cleanOnBoot = true;
    # Disable unused kernel modules
    # https://madaidans-insecurities.github.io/guides/linux-hardening.html?#kasr-kernel-modules
    blacklistedKernelModules = [
      # Obscure network protocols
      "af_802154"
      "appletalk"
      "atm"
      "ax25"
      "can"
      "dccp"
      "decnet"
      "econet"
      "ipx"
      "n-hdlc"
      "netrom"
      "p8022"
      "p8023"
      "psnap"
      "rds"
      "rose"
      "sctp"
      "tipc"
      "x25"
      # Old or rare or insufficiently audited filesystems
      # or ones I just don't want loaded
      "adfs"
      "affs"
      "befs"
      "bfs"
      "cramfs"
      "efs"
      "erofs"
      "f2fs"
      "freevxfs"
      "hfs"
      "hfsplus"
      "hpfs"
      "jffs2"
      "jfs"
      "minix"
      "nilfs2"
      "ntfs"
      "ocfs2"
      "omfs"
      "orangefs"
      "qnx4"
      "qnx6"
      "reiserfs"
      "sysv"
      "ubifs"
      "ufs"
      # Network filesystems - I don't use these
      "gfs2"
      "nfs"
      "nfsv3"
      "nfsv4"
      # Vivid driver
      # Only used for testing purposes, has caused security issues. Disable.
      "vivid"
    ];

    kernelParams = [
      # Page allocator randomization
      # Should hardon and improve performance
      "page_alloc.shuffle=1"
    ];
  };
}