diff --git a/base/default.nix b/base/default.nix
index 8b28c7a..027390b 100644
--- a/base/default.nix
+++ b/base/default.nix
@@ -10,6 +10,7 @@
 
     ./services/acme.nix
     ./services/auto-upgrade.nix
+    ./services/dbus.nix
     ./services/irqbalance.nix
     ./services/logrotate.nix
     ./services/nginx.nix
@@ -48,6 +49,8 @@
 
   programs.zsh.enable = true;
 
+  security.lockKernelModules = true;
+  security.protectKernelImage = true;
   security.sudo.execWheelOnly = true;
   security.sudo.extraConfig = ''
     Defaults lecture = never
diff --git a/base/services/dbus.nix b/base/services/dbus.nix
new file mode 100644
index 0000000..e9409da
--- /dev/null
+++ b/base/services/dbus.nix
@@ -0,0 +1,7 @@
+{ ... }:
+{
+  services.dbus = {
+    enable = true;
+    implementation = "broker";
+  };
+}