Mostly security changes, add nouveau as a boot option, simplify settings and prepare for home-manager options

2024-11-29 01:49:18 -05:00 · 2024-11-29 01:49:18 -05:00 · 137a9ab6d9
commit 137a9ab6d9
parent 6021f46c20
58 changed files with 281 additions and 269 deletions
--- a/hosts/extern/boot/default.nix
+++ b/hosts/extern/boot/default.nix
@ -1,36 +1,8 @@
-{ config, pkgs, ... }:
-let
-  commonKernelParams = [
-    # VM/GPU passthrough
-    "amd_iommu=on"
-    "iommu=pt"
-    "nested=1"
-
-    # Virtualization nonsense
-    "transparent_hugepage=never"
-
-    # Isolate devices into IOMMU groups
-    "pcie_acs_override=downstream,multifunction"
-    "pci=routeirq"
-  ];
-in {
+{ pkgs, ... }:
+{
  boot = {
-    # Must be Zen for IOMMU isolation
-    kernelPackages = pkgs.unstable.linuxPackages_zen;
+    kernelPackages = pkgs.unstable.linuxPackages_latest;
    kernel.sysctl."vm.max_map_count" = 2147483642;
-    kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:1f82,10de:10fa" ];
    blacklistedKernelModules = [ "pcspkr" ];
-
-    # Needed for GPU passthrough
-    initrd.kernelModules = [
-      "vfio"
-      "vfio_pci"
-      "vfio_iommu_type1"
-    ];
-  };
-
-  # Use second GPU on boot
-  specialisation.gputwo.configuration = {
-    boot.kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:2504,10de:228e" ];
  };
 }