2025-09-04 10:21:17 +02:00
|
|
|
{
|
|
|
|
|
lib,
|
|
|
|
|
pkgs,
|
2025-10-05 08:20:57 +02:00
|
|
|
config,
|
2025-09-04 10:21:17 +02:00
|
|
|
...
|
|
|
|
|
}: {
|
|
|
|
|
boot.kernelModules = lib.mkAfter ["tun"];
|
|
|
|
|
environment.systemPackages = with pkgs; [
|
2025-10-04 12:35:54 +02:00
|
|
|
qemu
|
2025-09-04 10:21:17 +02:00
|
|
|
qemu_kvm
|
|
|
|
|
virtiofsd
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
services = {
|
|
|
|
|
udev.extraRules = ''
|
2025-10-04 07:08:16 +02:00
|
|
|
SUBSYSTEM=="vfio", GROUP="kvm", MODE="0660"
|
2025-10-04 12:35:54 +02:00
|
|
|
KERNEL=="tun", GROUP="kvm", MODE="0660"
|
2025-09-04 10:21:17 +02:00
|
|
|
'';
|
|
|
|
|
spice-vdagentd.enable = true;
|
|
|
|
|
resolved.enable = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
virtualisation.libvirtd = {
|
|
|
|
|
enable = true;
|
2025-10-05 08:20:57 +02:00
|
|
|
qemu =
|
2025-10-05 00:29:24 +02:00
|
|
|
if lib.versionOlder config.system.nixos.release "25.11"
|
|
|
|
|
then {
|
|
|
|
|
ovmf.enable = true;
|
|
|
|
|
ovmf.packages = [pkgs.OVMFFull.fd];
|
|
|
|
|
runAsRoot = false;
|
|
|
|
|
swtpm.enable = true;
|
2025-10-05 08:20:57 +02:00
|
|
|
}
|
|
|
|
|
else {
|
2025-10-05 00:29:24 +02:00
|
|
|
runAsRoot = false;
|
|
|
|
|
swtpm.enable = true;
|
2025-10-05 08:20:57 +02:00
|
|
|
};
|
2025-09-04 10:21:17 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
users.users.lomig.extraGroups = ["libvirtd" "kvm" "input"];
|
|
|
|
|
|
|
|
|
|
environment.etc."qemu/bridge.conf".text = ''
|
|
|
|
|
allow br0
|
|
|
|
|
'';
|
2025-10-04 12:35:54 +02:00
|
|
|
|
|
|
|
|
security.wrappers.qemu-bridge-helper = lib.mkForce {
|
|
|
|
|
source = "${pkgs.qemu}/libexec/qemu-bridge-helper";
|
|
|
|
|
owner = "root";
|
|
|
|
|
group = "kvm";
|
2025-10-05 08:20:57 +02:00
|
|
|
setuid = true;
|
2025-10-04 12:35:54 +02:00
|
|
|
permissions = "u+rwx,g+rx,o+rx";
|
|
|
|
|
};
|
2025-09-04 10:21:17 +02:00
|
|
|
}
|
|
|
|
|
# vim: set ts=2 sw=2 sts=2 et :
|
|
|
|
|
|
