nix-config/modules/features/security/sysctl/security-sysctl-userns.nix

# Can break containers and flatpaks
{ ... }:
{
  config.dendritic.features.security-sysctl-userns = {
    nixosModules = [
      (
        { lib, ... }:
        {
          boot.kernel.sysctl = lib.mkForce {
            "kernel.unprivileged_userns_clone" = 0;
          };
        }
      )
    ];
  };
}