{ pkgs, ... }: let commonKernelParams = [ # Nvidia settings "nvidia_drm.fbdev=1" "nouveau.config=NvGspRm=1" # VM/GPU passthrough "amd_iommu=on" "iommu=pt" "nested=1" # Virtualization nonsense "transparent_hugepage=never" # Isolate devices into IOMMU groups "pcie_acs_override=downstream,multifunction" "pci=routeirq" ]; in { boot = { kernelPackages = pkgs.unstable.linuxPackages_zen; blacklistedKernelModules = [ "pcspkr" ]; kernel.sysctl."vm.max_map_count" = 2147483642; kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:1f82,10de:10fa" ]; # Encryption and TPM initrd = { systemd.enable = true; luks.devices = { "crypt-nvme" = { device = "/dev/disk/by-uuid/52110c74-19b6-40ef-9710-e6c9b157005f"; preLVM = true; allowDiscards = true; }; }; }; }; # Additional entry to boot from the second GPU specialisation = { gputwo.configuration = { boot.kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:2504,10de:228e" ]; }; }; }