diff --git a/security/hardening.nix b/security/hardening.nix
index 62622c8..a679d06 100644
--- a/security/hardening.nix
+++ b/security/hardening.nix
@@ -35,7 +35,7 @@ in
   ];
 
   config = mkIf cfg.enable {
-    aviallon.boot.kernel.package = mkIf cfg.hardcore pkgs.linuxKernel.kernels.linux_hardened;
+    aviallon.boot.kernel.package = mkIf cfg.hardcore (mkDefault pkgs.linuxKernel.kernels.linux_hardened);
     security.lockKernelModules = mkIf cfg.hardcore (mkQuasiForce true);
     # security.protectKernelImage = mkIf cfg.hardcore (mkOverride 500 false); # needed for kexec