2023-03-11

1 files changed, 10 insertions, 12 deletions

diff --git a/modules/nixos/profiles/headful.nix b/modules/nixos/profiles/headful.nix
index d0ca777..67bec29 100644
--- a/modules/nixos/profiles/headful.nix
+++ b/modules/nixos/profiles/headful.nix
@@ -22,6 +22,7 @@ in {
       home.packages = with pkgs; [
         calibre
         imv
+        mumble
         neochat
         tdesktop
         tor-browser
@@ -33,18 +34,15 @@ in {
     boot = {
       kernelPackages = mkDefault pkgs.linuxPackages_latest;
 
-      # There are (arguably) not a lot of reasons to keep mitigations enabled
-      # for on machine that is not web-facing. First of all, to completely
-      # mitigate any possible Spectre holes one would need to disable
-      # Hyperthreading altogether which will essentially put one's computer into
-      # the stone age by not being able to to effectively utilise multi-core its
-      # multicore capabilities. Secondly, by enabling mitigations, we introduce
-      # a plethora of performance overheads[1], which, albeit small, but still
-      # contribute to the overall speed of things. This is however still poses a
-      # security risk, which I am willing to take.
-      #
-      # [1]: https://www.phoronix.com/scan.php?page=article&item=spectre-meltdown-2&num=11
-      kernelParams = ["mitigations=off"];
+      kernelParams = [
+        # https://wiki.archlinux.org/title/improving_performance#Watchdogs
+        "nowatchdog"
+        "kernel.nmi_watchdog=0"
+        # A security risk I'm willing to take for a reason[1].
+        #
+        # [1]: https://www.phoronix.com/scan.php?page=article&item=spectre-meltdown-2&num=11
+        "mitigations=off"
+      ];
 
       loader = {
         efi.canTouchEfiVariables = true;