diff --git a/configuration.nix b/configuration.nix
index 3687f7a..1d0b45b 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -23,14 +23,6 @@ in {
   time.timeZone = "UTC";
 
   boot.kernelPackages = unstable.linuxPackages_latest;
-  boot.kernelModules = [
-    "pl2303"
-    "fuse"
-    "veth" "usbnet" "mii" "cdc_ether"
-    "ipt_REJECT" "xt_CHECKSUM" "iptable_mangle"
-    "snd_usb_audio"
-    "thunderbolt" "intel_wmi_thunderbolt"
-  ];
   boot.blacklistedKernelModules = [ "nouveau" ];
   boot.earlyVconsoleSetup = true;
 
diff --git a/security.nix b/security.nix
index 5c6f9ca..790e48c 100644
--- a/security.nix
+++ b/security.nix
@@ -8,6 +8,7 @@ let
 in {
   security.allowUserNamespaces = true;
   security.allowSimultaneousMultithreading = true;
+  security.lockKernelModules = false;
 
   programs.ssh.startAgent = false;
   programs.gnupg = {