diff --git a/configuration.nix b/configuration.nix
index b38b941..b67013a 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -5,6 +5,12 @@
 { config, pkgs, ... }: {
   imports = [
     ./modules/nix-bitcoin.nix
+
+    # Use hardened kernel profile. See
+    # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/hardened.nix
+    # for the enabled options.
+     <nixpkgs/nixos/modules/profiles/hardened.nix>
+
     # FIXME: Uncomment next line to import your hardware configuration. If so,
     # add the hardware configuration file to the same directory as this file.
     # This is not needed when deploying to a virtual box.
@@ -97,6 +103,10 @@
   # nixos-generate-config, etc.):
 
 
+  # If the hardened profile is imported above, we need to explicitly allow
+  # user namespaces to enable sanboxed builds and services.
+  security.allowUserNamespaces = true;
+
   # This value determines the NixOS release with which your system is to be
   # compatible, in order to avoid breaking some software such as database
   # servers. You should change this only after NixOS release notes say you