diff options
author | Azat Bahawi <azat@bahawi.net> | 2023-03-11 12:51:58 +0300 |
---|---|---|
committer | Azat Bahawi <azat@bahawi.net> | 2023-03-11 12:51:58 +0300 |
commit | 0ef23d4501592a192ba020a2ac34abb1a3d8fc5e (patch) | |
tree | 17f0377d71f7c645acf8502c769a0ade76cbc901 /modules/nixos/profiles | |
parent | 2023-02-20 (diff) |
2023-03-11
Diffstat (limited to '')
-rw-r--r-- | modules/nixos/profiles/headful.nix | 22 |
1 files changed, 10 insertions, 12 deletions
diff --git a/modules/nixos/profiles/headful.nix b/modules/nixos/profiles/headful.nix index d0ca777..67bec29 100644 --- a/modules/nixos/profiles/headful.nix +++ b/modules/nixos/profiles/headful.nix @@ -22,6 +22,7 @@ in { home.packages = with pkgs; [ calibre imv + mumble neochat tdesktop tor-browser @@ -33,18 +34,15 @@ in { boot = { kernelPackages = mkDefault pkgs.linuxPackages_latest; - # There are (arguably) not a lot of reasons to keep mitigations enabled - # for on machine that is not web-facing. First of all, to completely - # mitigate any possible Spectre holes one would need to disable - # Hyperthreading altogether which will essentially put one's computer into - # the stone age by not being able to to effectively utilise multi-core its - # multicore capabilities. Secondly, by enabling mitigations, we introduce - # a plethora of performance overheads[1], which, albeit small, but still - # contribute to the overall speed of things. This is however still poses a - # security risk, which I am willing to take. - # - # [1]: https://www.phoronix.com/scan.php?page=article&item=spectre-meltdown-2&num=11 - kernelParams = ["mitigations=off"]; + kernelParams = [ + # https://wiki.archlinux.org/title/improving_performance#Watchdogs + "nowatchdog" + "kernel.nmi_watchdog=0" + # A security risk I'm willing to take for a reason[1]. + # + # [1]: https://www.phoronix.com/scan.php?page=article&item=spectre-meltdown-2&num=11 + "mitigations=off" + ]; loader = { efi.canTouchEfiVariables = true; |