diff --git a/nixos/modules/profiles/hardened.nix b/nixos/modules/profiles/hardened.nix
index c8d306ef3ca..456538742f5 100644
--- a/nixos/modules/profiles/hardened.nix
+++ b/nixos/modules/profiles/hardened.nix
@@ -25,6 +25,13 @@ with lib;
     "nohibernate"
   ];
 
+  boot.blacklistedKernelModules = [
+    # Obscure network protocols
+    "ax25"
+    "netrom"
+    "rose"
+  ];
+
   # Restrict ptrace() usage to processes with a pre-defined relationship
   # (e.g., parent/child)
   boot.kernel.sysctl."kernel.yama.ptrace_scope" = mkOverride 500 1;