{ config, pkgs, lib, ... }:
let
  commonKernelParams = [
    # VM/GPU passthrough
    "amd_iommu=on"
    "iommu=pt"
    "nested=1"

    # Virtualization nonsense
    "transparent_hugepage=never"

    # Isolate devices into IOMMU groups
    "pcie_acs_override=downstream,multifunction"
    "pci=routeirq"
  ];
in {
  boot = {
    # Must be Zen for IOMMU isolation
    kernelPackages = pkgs.unstable.linuxPackages_zen;
    kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:1f82,10de:10fa" ];

    # Needed for GPU passthrough
    initrd.kernelModules = [
      "vfio"
      "vfio_pci"
      "vfio_iommu_type1"
    ];
  };

  # Use second GPU on boot
  specialisation.gputwo.configuration = {
    boot.kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:2504,10de:228e" ];
    environment.sessionVariables.WLR_RENDERER = lib.mkForce "gles2";
  };

  # Use Nouveau
  specialisation.nouveau.configuration.config = {
    system.video.nvidia.enable = lib.mkForce false;
    system.video.nouveau.enable = lib.mkForce true;
    environment.sessionVariables.NIXOS_OZONE_WL = lib.mkForce "";
  };
}