diff --git a/nix/nixos-module/server/lxc-containers.nix b/nix/nixos-module/server/lxc-containers.nix
index 8ec67cd..fe62465 100644
--- a/nix/nixos-module/server/lxc-containers.nix
+++ b/nix/nixos-module/server/lxc-containers.nix
@@ -168,16 +168,18 @@ in
 
             lxc.autodev = 1
             lxc.tty.max = 0
+            lxc.pty.max = 8
 
-            lxc.cap.drop = sys_module sys_time sys_nice sys_pacct sys_rawio sys_time mknod
-            lxc.apparmor.profile = unchanged
+            lxc.cap.drop = sys_module sys_time sys_nice sys_pacct sys_rawio
             security.privileged = false
+            lxc.apparmor.profile = lxc-container-default-with-mounting
 
             lxc.cgroup.memory.limit_in_bytes = 1G
             lxc.cgroup.memory.kmem.tcp.limit_in_bytes = 128M
 
             # tuntap
             lxc.cgroup.devices.allow = c 10:200 rw
+            lxc.cgroup2.devices.allow = c 10:200 rw
 
             ${netConfig ctName containers.${ctName}.physicalInterfaces}
           '';