vfio

hosts/virgil/vfio.nix

@@ -5,21 +5,13 @@
   inputs,
   ...
 }: {
-
-
   imports = [
-   inputs.nixos-vfio.nixosModules.vfio
+    inputs.nixos-vfio.nixosModules.vfio
+  ];
 
-
-
-   
-   ];
-
-
- 
   boot.kernelParams = ["amd_iommu=on"];
   boot.blacklistedKernelModules = ["nvidia" "nouveau"];
-  boot.extraModulePackages = [ config.boot.kernelPackages.kvmfr ];
+  boot.extraModulePackages = [config.boot.kernelPackages.kvmfr];
   boot.kernelModules = ["vfio_virqfd" "vfio_pci" "vfio_iommu_type1" "vfio"];
   boot.extraModprobeConfig = "options vfio-pci ids=10de:2705,10de:22bb";
 
@@ -54,14 +46,29 @@
       "10de:22bb"
     ];
   };
+  systemd.tmpfiles.rules = [
+    "c /dev/kvmfr0 0660 tulg kvm -"
+  ];
   virtualisation.kvmfr = {
     enable = true;
     devices = lib.singleton {
-      size = 128;
+      size = 64;
       permissions = {
         user = "tulg";
-        mode = "0777";
+        mode = "0660";
       };
     };
   };
+  users.users.tulg.extraGroups = ["kvm"];
+  boot.initrd.services.udev.rules = ''
+    SUBSYSTEM=="kvmfr", OWNER="tulg", GROUP="kvm", MODE="0660"
+  '';
+  systemd.services.fix-kvmfr0 = {
+    description = "Fix permissions for /dev/kvmfr0";
+    wantedBy = ["multi-user.target"];
+    serviceConfig = {
+      Type = "oneshot";
+      ExecStart = "${pkgs.bash}/bin/bash -c 'for i in {1..10}; do if [ -e /dev/kvmfr0 ]; then chown root:kvm /dev/kvmfr0 && chmod 0660 /dev/kvmfr0 && exit 0; fi; sleep 1; done; exit 1'";
+    };
+  };
 }