Mostly security changes, add nouveau as a boot option, simplify settings and prepare for home-manager options

hosts/tower/boot/default.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
 let
   commonKernelParams = [
     # VM/GPU passthrough
@@ -21,6 +21,9 @@ in {
     kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:1f82,10de:10fa" ];
     blacklistedKernelModules = [ "pcspkr" ];
 
+    # Enable cross-compilation
+    binfmt.emulatedSystems = [ "aarch64-linux" ];
+
     # Needed for GPU passthrough
     initrd.kernelModules = [
       "vfio"
@@ -33,4 +36,14 @@ in {
   specialisation.gputwo.configuration = {
     boot.kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:2504,10de:228e" ];
   };
+
+  # Use Nouveau
+  specialisation.nouveau.configuration.config = {
+    environment.sessionVariables = {
+      NIXOS_OZONE_WL = lib.mkForce "0";
+      WLR_RENDERER = lib.mkForce "vulkan";
+    };
+    system.video.nvidia.enable = lib.mkForce false;
+    system.video.nouveau.enable = lib.mkForce true;
+  };
 }