create special network for crusader which cannot ping lan

hardware-configuration.nix

@@ -8,11 +8,26 @@
     [ (modulesPath + "/installer/scan/not-detected.nix")
     ];
 
+  # 1) Make sure vfio and vfio_pci are in the initrd
+  boot.initrd.kernelModules = [ "vfio" "vfio_pci" ];
+
+  # 2) Also load them again in the running system
+  boot.kernelModules = [ "vfio" "vfio_pci" ];
+
+  # 3) Kernel params to turn on IOMMU and bind your card to vfio-pci
+  boot.kernelParams = lib.mkForce [
+    # for AMD hosts (use the intel line if you’re on Intel)
+    "amd_iommu=on"
+    "iommu=pt"
+
+    # helps isolate PCIe ports if your card shares groups
+    "pci_acs_override=downstream,multifunction"
+
+    # <<< the important bit: early vfio binding for 1b4b:9215 >>>
+    "vfio-pci.ids=1b4b:9215"
+  ];
+
   boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-amd" "vfio_pci" ];
-  boot.kernelParams = [ "amd_iommu=on" "iommu=pt" "pci_acs_override=downstream,multifunction" ];
-  boot.extraModulePackages = [ ];
 
   swapDevices =
     [ { device = "/dev/disk/by-uuid/7e34cdc3-bd48-435a-8ea2-e1fe43926262"; }
@@ -27,4 +42,15 @@
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
   hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+
+  services.xserver.videoDrivers = [ "nvidia" ];
+  hardware.nvidia = {
+    package = config.boot.kernelPackages.nvidiaPackages.legacy_470;
+    modesetting.enable = true;
+    powerManagement.enable = true;
+    open = false; # <--- this must be false for proprietary
+    nvidiaSettings = true;
+  };
+  nixpkgs.config.allowUnfree = true;
+  nixpkgs.config.nvidia.acceptLicense = true;
 }