diff --git a/hosts/forgejo-ci/default.nix b/hosts/forgejo-ci/default.nix
index ab65ed8..f6809f7 100644
--- a/hosts/forgejo-ci/default.nix
+++ b/hosts/forgejo-ci/default.nix
@@ -6,6 +6,7 @@
     ];
   lyn.sops.secrets."hosts/forgejo-ci/forgejo_ci_token" = {};
   lyn.kernel.latest.enable = true; 
+  lyn.kernel.hardened.enable = true;
   lyn.profiles.base.enable = true;
   lyn.profiles.vm.enable = true;
   lyn.services.forgejo-ci.enable = true;
diff --git a/modules/kernel/hardened.nix b/modules/kernel/hardened.nix
index 3c02f5b..c01e471 100644
--- a/modules/kernel/hardened.nix
+++ b/modules/kernel/hardened.nix
@@ -1,6 +1,7 @@
-{lib, pkgs, config, ...}: let 
-    ifApparmor = config.lyn.kernel.hardened.apparmor.enable; 
-in{
+{lib, pkgs, config, cfg, ...}: let 
+    ifApparmor = cfg.apparmor.enable; 
+in {
+    opt.apparmor.enable = lib.mkEnableOption "apparmor";
     boot.kernelPackages = let
 	kernel = pkgs.linux-libre;
 	llvm = pkgs.llvmPackages_latest;