Security updates

modules/boot.nix

@@ -1,11 +1,32 @@
 { config, pkgs, ... }:
 
 {
-  boot.loader.systemd-boot.enable = true;
+  boot.loader.systemd-boot = {
+    enable = true;
+    editor = false;
+    configurationLimit = 10;
+  };
+
   boot.loader.efi.canTouchEfiVariables = true;
   boot.kernelPackages = pkgs.linuxPackages_latest;
   boot.initrd.kernelModules = [ "amdgpu" ];
-  boot.kernelParams = [ "preempt=full" ];
+  
+  # Kernel parameters for security and performance
+  boot.kernelParams = [
+    "preempt=full"
+    "slab_nomerge"
+    "init_on_alloc=1"
+    "init_on_free=1"
+    "page_alloc.shuffle=1"
+    "randomize_kstack_offset=on"
+    "vsyscall=none"
+    "mitigations=auto"
+  ];
+
+  boot.kernelModules = [ "tcp_bbr" ];
+
+  boot.tmp.useTmpfs = true;
+  boot.tmp.tmpfsSize = "4G";
 
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
   xdg.portal.config.common.default = [ "gnome" ];