From 478f6b2b4bdba66f02f0d1dfa3cff17f6133beee Mon Sep 17 00:00:00 2001
From: Freya Murphy <freya@freyacat.org>
Date: Wed, 31 Dec 2025 13:38:01 -0500
Subject: add hardening module

---
 hosts/shinji/default.nix  | 1 +
 hosts/shinji/hardware.nix | 5 +----
 2 files changed, 2 insertions(+), 4 deletions(-)

(limited to 'hosts')

diff --git a/hosts/shinji/default.nix b/hosts/shinji/default.nix
index 34e84ec..1ae7d56 100644
--- a/hosts/shinji/default.nix
+++ b/hosts/shinji/default.nix
@@ -99,4 +99,5 @@
   bluetooth = true;
   network = true;
   tpm = true;
+  hardened = true;
 }
diff --git a/hosts/shinji/hardware.nix b/hosts/shinji/hardware.nix
index f1edca2..b35c2a2 100644
--- a/hosts/shinji/hardware.nix
+++ b/hosts/shinji/hardware.nix
@@ -30,13 +30,10 @@
   boot.initrd.kernelModules = [
     "vfio_pci"
     "vfio"
-    "vfio_iommu_type1"
   ];
   boot.kernelModules = ["kvm-amd"];
   boot.blacklistedKernelModules = ["nouveau"];
-  boot.kernelParams = [
-    "amd_iommu=on"
-  ];
+  boot.kernelParams = [];
   boot.extraModulePackages = [];
   boot.supportedFilesystems = ["ntfs"];
 
-- 
cgit v1.2.3-freya