From 0ef23d4501592a192ba020a2ac34abb1a3d8fc5e Mon Sep 17 00:00:00 2001 From: Azat Bahawi Date: Sat, 11 Mar 2023 12:51:58 +0300 Subject: 2023-03-11 --- modules/nixos/profiles/headful.nix | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) (limited to 'modules/nixos/profiles/headful.nix') diff --git a/modules/nixos/profiles/headful.nix b/modules/nixos/profiles/headful.nix index d0ca777..67bec29 100644 --- a/modules/nixos/profiles/headful.nix +++ b/modules/nixos/profiles/headful.nix @@ -22,6 +22,7 @@ in { home.packages = with pkgs; [ calibre imv + mumble neochat tdesktop tor-browser @@ -33,18 +34,15 @@ in { boot = { kernelPackages = mkDefault pkgs.linuxPackages_latest; - # There are (arguably) not a lot of reasons to keep mitigations enabled - # for on machine that is not web-facing. First of all, to completely - # mitigate any possible Spectre holes one would need to disable - # Hyperthreading altogether which will essentially put one's computer into - # the stone age by not being able to to effectively utilise multi-core its - # multicore capabilities. Secondly, by enabling mitigations, we introduce - # a plethora of performance overheads[1], which, albeit small, but still - # contribute to the overall speed of things. This is however still poses a - # security risk, which I am willing to take. - # - # [1]: https://www.phoronix.com/scan.php?page=article&item=spectre-meltdown-2&num=11 - kernelParams = ["mitigations=off"]; + kernelParams = [ + # https://wiki.archlinux.org/title/improving_performance#Watchdogs + "nowatchdog" + "kernel.nmi_watchdog=0" + # A security risk I'm willing to take for a reason[1]. + # + # [1]: https://www.phoronix.com/scan.php?page=article&item=spectre-meltdown-2&num=11 + "mitigations=off" + ]; loader = { efi.canTouchEfiVariables = true; -- cgit v1.2.3