add hardening module

author: Freya Murphy <freya@freyacat.org> 2025-12-31 13:38:01 -0500
committer: Freya Murphy <freya@freyacat.org> 2025-12-31 21:20:20 -0500
commit: 478f6b2b4bdba66f02f0d1dfa3cff17f6133beee (patch)
tree: 906c18a56258f35b32ff9a4e76e15b53a1b7702f /hosts
parent: switch to sudo-rs (diff)
download: dotfiles-nix-478f6b2b4bdba66f02f0d1dfa3cff17f6133beee.tar.gz
dotfiles-nix-478f6b2b4bdba66f02f0d1dfa3cff17f6133beee.tar.bz2
dotfiles-nix-478f6b2b4bdba66f02f0d1dfa3cff17f6133beee.zip
2 files changed, 2 insertions, 4 deletions
diff --git a/hosts/shinji/default.nix b/hosts/shinji/default.nix
index 34e84ec..1ae7d56 100644
--- a/hosts/shinji/default.nix
+++ b/hosts/shinji/default.nix
@@ -99,4 +99,5 @@
   bluetooth = true;
   network = true;
   tpm = true;
+  hardened = true;
 }
diff --git a/hosts/shinji/hardware.nix b/hosts/shinji/hardware.nix
index f1edca2..b35c2a2 100644
--- a/hosts/shinji/hardware.nix
+++ b/hosts/shinji/hardware.nix
@@ -30,13 +30,10 @@
   boot.initrd.kernelModules = [
     "vfio_pci"
     "vfio"
-    "vfio_iommu_type1"
   ];
   boot.kernelModules = ["kvm-amd"];
   boot.blacklistedKernelModules = ["nouveau"];
-  boot.kernelParams = [
-    "amd_iommu=on"
-  ];
+  boot.kernelParams = [];
   boot.extraModulePackages = [];
   boot.supportedFilesystems = ["ntfs"];
author	Freya Murphy <freya@freyacat.org>	2025-12-31 13:38:01 -0500
committer	Freya Murphy <freya@freyacat.org>	2025-12-31 21:20:20 -0500
commit	478f6b2b4bdba66f02f0d1dfa3cff17f6133beee (patch)
tree	906c18a56258f35b32ff9a4e76e15b53a1b7702f /hosts
parent	switch to sudo-rs (diff)
download	dotfiles-nix-478f6b2b4bdba66f02f0d1dfa3cff17f6133beee.tar.gz dotfiles-nix-478f6b2b4bdba66f02f0d1dfa3cff17f6133beee.tar.bz2 dotfiles-nix-478f6b2b4bdba66f02f0d1dfa3cff17f6133beee.zip