diff --git a/machines/heimdall/configuration.nix b/machines/heimdall/configuration.nix
index 52c64b3..5aa02ac 100644
--- a/machines/heimdall/configuration.nix
+++ b/machines/heimdall/configuration.nix
@@ -141,11 +141,18 @@
     };
   };
 
-  security.apparmor = {
-    enable = true;
-    killUnconfinedConfinables = true;
+  security = {
+    sudo-rs = {
+      enable = true;
+    };
+    sudo.enable = false;
+
+    apparmor = {
+      enable = true;
+      killUnconfinedConfinables = true;
+    };
+    protectKernelImage = true;
   };
-  security.protectKernelImage = true;
 
   sops.defaultSopsFile = ./secrets.yaml;
   sops.secrets = {