4 files changed, 59 insertions, 21 deletions
diff --git a/modules/virtualisation/default.nix b/modules/virtualisation/default.nix
index 765923f..e61cf6f 100644
--- a/modules/virtualisation/default.nix
+++ b/modules/virtualisation/default.nix
@@ -2,5 +2,11 @@
   imports = [
     ./docker.nix
     ./libvirtd.nix
+    ./qemu.nix
   ];
+
+  virtualisation = {
+    kvmgt.enable = true;
+    spiceUSBRedirection.enable = true;
+  };
 }
diff --git a/modules/virtualisation/docker.nix b/modules/virtualisation/docker.nix
index 88d689a..570957a 100644
--- a/modules/virtualisation/docker.nix
+++ b/modules/virtualisation/docker.nix
@@ -1,4 +1,4 @@
-{ pkgs, lib, ... }:
+{ lib, ... }:
 {
   virtualisation.docker = {
     enable = true;
@@ -10,7 +10,6 @@
 
     daemon.settings = {
       default-runtime = "nvidia";
-      runtimes.nvidia.path = "${pkgs.nvidia-docker}/bin/nvidia-container-runtime";
       experimental = true;
     };
 
@@ -25,7 +24,6 @@
 
       daemon.settings = {
         default-runtime = "nvidia";
-        runtimes.nvidia.path = "${pkgs.nvidia-docker}/bin/nvidia-container-runtime";
         experimental = true;
       };
     };
diff --git a/modules/virtualisation/libvirtd.nix b/modules/virtualisation/libvirtd.nix
index 4618c46..556135b 100644
--- a/modules/virtualisation/libvirtd.nix
+++ b/modules/virtualisation/libvirtd.nix
@@ -1,26 +1,15 @@
 { pkgs, ... }:
 {
   boot.extraModprobeConfig = "options kvm_intel nested=1";
-  environment.systemPackages = [ pkgs.virt-manager ];
+
+  environment.systemPackages = with pkgs; [
+    virt-manager
+    virt-viewer
+  ];
 
   virtualisation.libvirtd = {
     enable = true;
-
-    qemu = {
-      package = pkgs.qemu_kvm;
-      runAsRoot = true;
-      swtpm.enable = true;
-
-      ovmf = {
-        enable = true;
-
-        packages = [
-          (pkgs.OVMF.override {
-            secureBoot = true;
-            tpmSupport = true;
-          }).fd
-        ];
-      };
-    };
+    onBoot = "ignore";
+    onShutdown = "shutdown";
   };
 }
diff --git a/modules/virtualisation/qemu.nix b/modules/virtualisation/qemu.nix
new file mode 100644
index 0000000..d59f482
--- /dev/null
+++ b/modules/virtualisation/qemu.nix
@@ -0,0 +1,45 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    qemu_kvm
+    qemu
+  ];
+
+  hardware.pulseaudio.extraConfig = ''
+    load-module module-native-protocol-unix auth-group=qemu-libvirtd socket=/tmp/pulse-socket
+  '';
+
+  boot.kernelModules = [ "vfio-pci" ];
+
+  networking.firewall.trustedInterfaces = [
+    "virbr0"
+    "br0"
+  ];
+
+  services.udev.extraRules = ''
+    SUBSYSTEM=="vfio", OWNER="root", GROUP="kvm"
+  '';
+
+  virtualisation.libvirtd.qemu = {
+    package = pkgs.qemu_kvm;
+    runAsRoot = false;
+    swtpm.enable = true;
+
+    ovmf = {
+      enable = true;
+
+      packages = [
+        (pkgs.OVMFFull.override {
+          secureBoot = true;
+          tpmSupport = true;
+        }).fd
+      ];
+    };
+
+    verbatimConfig = ''
+      namespaces = []
+
+      dynamic_ownership = 0
+    '';
+  };
+}