{ config, lib, pkgsUnstable, ... }:
let
  commonKernelParams = [
    # VM/GPU passthrough
    "amd_iommu=on"
    "iommu=pt"
    "nested=1"

    # Isolate devices into IOMMU groups
    "pcie_acs_override=downstream,multifunction"
    "pci=routeirq"
  ];
in {
  boot = {
    # Something something Zen or Xanmod for IOMMU isolation something zfs
    kernelPackages = pkgsUnstable.linuxPackages_xanmod_stable;
    kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:1f82,10de:10fa" ];

    # Load into GPU before video driver
    initrd.kernelModules = [
      "vfio"
      "vfio_pci"
      "vfio_iommu_type1"
    ];

    # Secure boot
    lanzaboote.enable = true;
  };

  # Use second GPU on boot
  specialisation.gputwo.configuration = {
    boot.kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:2504,10de:228e" ];
    environment.sessionVariables.WLR_RENDERER = lib.mkForce "gles2";
  };
}