core: move variables and virtualisation to desktop

author: Fuwn <[email protected]> 2024-09-22 15:12:25 -0700
committer: Fuwn <[email protected]> 2024-09-22 15:13:02 -0700
commit: 9884d07e6574ef81e1e7da94f90ee08bee036dd3 (patch)
tree: 268ddd123679ca3b6b5b56a2b3b9d9707271b2f7 /modules/desktop/virtualisation/qemu.nix
parent: lock: rui, tsutsumi (diff)
download: nixos-config-9884d07e6574ef81e1e7da94f90ee08bee036dd3.tar.xz
nixos-config-9884d07e6574ef81e1e7da94f90ee08bee036dd3.zip
1 files changed, 45 insertions, 0 deletions
diff --git a/modules/desktop/virtualisation/qemu.nix b/modules/desktop/virtualisation/qemu.nix
new file mode 100644
index 0000000..849ead1
--- /dev/null
+++ b/modules/desktop/virtualisation/qemu.nix
@@ -0,0 +1,45 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    qemu_kvm
+    qemu
+  ];
+
+  hardware.pulseaudio.extraConfig = ''
+    load-module module-native-protocol-unix auth-group=qemu-libvirtd socket=/tmp/pulse-socket
+  '';
+
+  boot.kernelModules = [ "vfio-pci" ];
+
+  networking.firewall.trustedInterfaces = [
+    "virbr0"
+    "br0"
+  ];
+
+  services.udev.extraRules = ''
+    SUBSYSTEM=="vfio", OWNER="root", GROUP="kvm"
+  '';
+
+  virtualisation.libvirtd.qemu = {
+    package = pkgs.qemu_kvm;
+    runAsRoot = true;
+    swtpm.enable = true;
+
+    ovmf = {
+      enable = true;
+
+      packages = [
+        (pkgs.OVMFFull.override {
+          secureBoot = true;
+          tpmSupport = true;
+        }).fd
+      ];
+    };
+
+    verbatimConfig = ''
+      namespaces = []
+
+      dynamic_ownership = 0
+    '';
+  };
+}
author	Fuwn <[email protected]>	2024-09-22 15:12:25 -0700
committer	Fuwn <[email protected]>	2024-09-22 15:13:02 -0700
commit	9884d07e6574ef81e1e7da94f90ee08bee036dd3 (patch)
tree	268ddd123679ca3b6b5b56a2b3b9d9707271b2f7 /modules/desktop/virtualisation/qemu.nix
parent	lock: rui, tsutsumi (diff)
download	nixos-config-9884d07e6574ef81e1e7da94f90ee08bee036dd3.tar.xz nixos-config-9884d07e6574ef81e1e7da94f90ee08bee036dd3.zip