NixOS-Config/hosts/tower/boot/default.nix

{ config, pkgs, lib, ... }:
let
  commonKernelParams = [
    # VM/GPU passthrough
    "amd_iommu=on"
    "iommu=pt"
    "nested=1"

    # Virtualization nonsense
    "transparent_hugepage=never"

    # Isolate devices into IOMMU groups
    "pcie_acs_override=downstream,multifunction"
    "pci=routeirq"
  ];
in {
  boot = {
    # Must be Zen for IOMMU isolation
    kernelPackages = pkgs.unstable.linuxPackages_zen;
    kernel.sysctl."vm.max_map_count" = 2147483642;
    kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:1f82,10de:10fa" ];
    blacklistedKernelModules = [ "pcspkr" ];

    # Enable cross-compilation
    binfmt.emulatedSystems = [ "aarch64-linux" ];

    # Needed for GPU passthrough
    initrd.kernelModules = [
      "vfio"
      "vfio_pci"
      "vfio_iommu_type1"
    ];
  };

  # Use second GPU on boot
  specialisation.gputwo.configuration = {
    boot.kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:2504,10de:228e" ];
  };

  # Use Nouveau
  specialisation.nouveau.configuration.config = {
    environment.sessionVariables = {
      NIXOS_OZONE_WL = lib.mkForce "0";
      WLR_RENDERER = lib.mkForce "vulkan";
    };
    system.video.nvidia.enable = lib.mkForce false;
    system.video.nouveau.enable = lib.mkForce true;
  };
}