{ pkgs, ... }:
let
  commonKernelParams = [
    # Nvidia settings
    "nvidia_drm.fbdev=1"
    "nouveau.config=NvGspRm=1"

    # VM/GPU passthrough
    "amd_iommu=on"
    "iommu=pt"
    "nested=1"

    # Virtualization nonsense
    "transparent_hugepage=never"

    # Isolate devices into IOMMU groups
    "pcie_acs_override=downstream,multifunction"
    "pci=routeirq"
  ];              
in {
  boot = {
    kernelPackages = pkgs.unstable.linuxPackages_zen;
    blacklistedKernelModules = [
      "pcspkr"
    ];               
    kernel.sysctl."vm.max_map_count" = 2147483642;       
    kernelParams = commonKernelParams ++ [
      "vfio-pci.ids=10de:1f82,10de:10fa"
    ];

    # Encryption and TPM
    initrd = {
      systemd.enable = true;
      luks.devices = {
        "crypt-ssd" = {
          device = "/dev/disk/by-uuid/52110c74-19b6-40ef-9710-e6c9b157005f";
          preLVM = true;
          allowDiscards = true;
        };
      };
    };
  };

  # Additional entry to boot from the second GPU
  specialisation = {
    gputwo.configuration = {
      boot.kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:2504,10de:228e" ];
    };
  };
}