From f58d2f92321d9683c13d9e2aed34f8542c9fb601 Mon Sep 17 00:00:00 2001 From: tulg Date: Wed, 22 Oct 2025 17:48:49 +0300 Subject: [PATCH] virgil/vfio --- hosts/archangel/hardware-configuration.nix | 42 +++++++------ hosts/virgil/configuration.nix | 71 ++++++++++++---------- hosts/virgil/hardware-configuration.nix | 42 +++++++------ hosts/virgil/vfio.nix | 10 +++ modules/home.nix | 1 - 5 files changed, 94 insertions(+), 72 deletions(-) create mode 100644 hosts/virgil/vfio.nix diff --git a/hosts/archangel/hardware-configuration.nix b/hosts/archangel/hardware-configuration.nix index 80e97df..64f2887 100644 --- a/hosts/archangel/hardware-configuration.nix +++ b/hosts/archangel/hardware-configuration.nix @@ -1,30 +1,34 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usb_storage" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-amd"]; + boot.extraModulePackages = []; - fileSystems."/" = - { device = "/dev/disk/by-uuid/48340a1a-5055-4d72-b83b-db57a3a7e230"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/48340a1a-5055-4d72-b83b-db57a3a7e230"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/5292-3A27"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/5292-3A27"; + fsType = "vfat"; + options = ["fmask=0022" "dmask=0022"]; + }; - swapDevices = [ ]; + swapDevices = []; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/hosts/virgil/configuration.nix b/hosts/virgil/configuration.nix index 900a744..1a2bc92 100644 --- a/hosts/virgil/configuration.nix +++ b/hosts/virgil/configuration.nix @@ -1,17 +1,18 @@ # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, self, ... }: - { - imports = - [ # Include the results of the hardware scan. -# ./disko.nix - ./hardware-configuration.nix - ]; - - + config, + pkgs, + self, + ... +}: { + imports = [ + # Include the results of the hardware scan. + # ./disko.nix + ./hardware-configuration.nix + ./vfio.nix + ]; # Bootloader. boot.loader.systemd-boot.enable = true; @@ -20,15 +21,20 @@ networking = { hostName = "virgil"; nameservers = ["127.0.0.1" "::1"]; - }; - + }; + services.dnscrypt-proxy2 = { enable = true; settings = { listen_addresses = ["127.0.0.1:53" "[::1]:53"]; }; }; - + virtualisation = { + libvirtd = { + enable = true; + qemuOvmf = true; + }; + }; services.zapret = { enable = true; params = [ @@ -52,14 +58,14 @@ # Select internationalisation properties. services.getty.autologinUser = "tulg"; programs.hyprland = { - enable = true; - xwayland.enable = true; + enable = true; + xwayland.enable = true; }; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.tulg = { isNormalUser = true; description = "Tulga"; - extraGroups = [ "networkmanager" "wheel" ]; + extraGroups = ["networkmanager" "wheel"]; packages = with pkgs; []; }; @@ -68,10 +74,10 @@ # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - # wget - git - rose-pine-gtk-theme + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget + git + rose-pine-gtk-theme ]; # Some programs need SUID wrappers, can be configured further or are @@ -88,11 +94,11 @@ services.openssh = { enable = true; settings = { - PasswordAuthentication = true; - PermitRootLogin = "yes"; + PasswordAuthentication = true; + PermitRootLogin = "yes"; }; - }; - fonts = { + }; + fonts = { packages = with pkgs; [ noto-fonts noto-fonts-cjk-sans @@ -110,9 +116,9 @@ fontconfig = { enable = true; defaultFonts = { - sansSerif = [ "Fira Sans Regular" ]; - serif = [ "Fira Sans Regular" ]; - monospace = [ "Fira Mono Regular" ]; + sansSerif = ["Fira Sans Regular"]; + serif = ["Fira Sans Regular"]; + monospace = ["Fira Mono Regular"]; }; }; }; @@ -122,11 +128,11 @@ # networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. # networking.firewall.enable = false; - users.users."root".openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIefprdYz4gFgBqGlrkycWcTYxFttQHRjDQmREtQTiGyqK1gQiB4z4Cbiayt7Emq224sbaobQPlNSyhlBCSo/Wf0bmZMz8NwNdwhFSkDnyD6LPaHg8fv9FXnWW0wBMl4oSD2wfGbMQBrecjgHXfJ64UiHyyhDllDDtWGgoY75wwfWHzX/NiGaEi0LHCQ8dsgp7H+BhssTkJPZbv6BJcA34yfb6dISjvW2S/QGKMwgYr9ArfGLUTWPbj+EbL7Bf9VsTFe9nP+FnYqEu4+oBIbY2heXWA+FCi0zxmMY4oYJxT5cJi1nffVOxboKLm4kIT93gv1WdcDiQDVdy5sJ1q0gJyiRt1HfJW4l8jn36VJ0FvdGmRliOTzSfeER0gbIsOcxeArHRV3ff/CoSocnSs0To5vFKgjlGwhdE8sJsqILgZnIoKwVvOXuDOz/RhbdBPpVsG7upk7bLJtLv9P5h0h/gUIWA1iktaYBSDL0UofjSrfNhZH6M0P+soIuooanSlVGivTlASw1pd+gjvebbc9ksvGZVqPQT0XegIvZkwfu8moERZUqv/xhNcyWTEGfFKoeHt5ub8Ac0LOe9Ak6N+p8xDjTdkmUgte5J/CNL1JL3JA/iqocAo+VvmIbPatbrOwUNcROOS3WeFg8MfNrbDyYCVNbZWAyM6wwfLB2fIUB2jw== tulg@highcommand" # content of authorized_keys file + users.users."root".openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIefprdYz4gFgBqGlrkycWcTYxFttQHRjDQmREtQTiGyqK1gQiB4z4Cbiayt7Emq224sbaobQPlNSyhlBCSo/Wf0bmZMz8NwNdwhFSkDnyD6LPaHg8fv9FXnWW0wBMl4oSD2wfGbMQBrecjgHXfJ64UiHyyhDllDDtWGgoY75wwfWHzX/NiGaEi0LHCQ8dsgp7H+BhssTkJPZbv6BJcA34yfb6dISjvW2S/QGKMwgYr9ArfGLUTWPbj+EbL7Bf9VsTFe9nP+FnYqEu4+oBIbY2heXWA+FCi0zxmMY4oYJxT5cJi1nffVOxboKLm4kIT93gv1WdcDiQDVdy5sJ1q0gJyiRt1HfJW4l8jn36VJ0FvdGmRliOTzSfeER0gbIsOcxeArHRV3ff/CoSocnSs0To5vFKgjlGwhdE8sJsqILgZnIoKwVvOXuDOz/RhbdBPpVsG7upk7bLJtLv9P5h0h/gUIWA1iktaYBSDL0UofjSrfNhZH6M0P+soIuooanSlVGivTlASw1pd+gjvebbc9ksvGZVqPQT0XegIvZkwfu8moERZUqv/xhNcyWTEGfFKoeHt5ub8Ac0LOe9Ak6N+p8xDjTdkmUgte5J/CNL1JL3JA/iqocAo+VvmIbPatbrOwUNcROOS3WeFg8MfNrbDyYCVNbZWAyM6wwfLB2fIUB2jw== tulg@highcommand" # content of authorized_keys file ]; - users.users."tulg".openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIefprdYz4gFgBqGlrkycWcTYxFttQHRjDQmREtQTiGyqK1gQiB4z4Cbiayt7Emq224sbaobQPlNSyhlBCSo/Wf0bmZMz8NwNdwhFSkDnyD6LPaHg8fv9FXnWW0wBMl4oSD2wfGbMQBrecjgHXfJ64UiHyyhDllDDtWGgoY75wwfWHzX/NiGaEi0LHCQ8dsgp7H+BhssTkJPZbv6BJcA34yfb6dISjvW2S/QGKMwgYr9ArfGLUTWPbj+EbL7Bf9VsTFe9nP+FnYqEu4+oBIbY2heXWA+FCi0zxmMY4oYJxT5cJi1nffVOxboKLm4kIT93gv1WdcDiQDVdy5sJ1q0gJyiRt1HfJW4l8jn36VJ0FvdGmRliOTzSfeER0gbIsOcxeArHRV3ff/CoSocnSs0To5vFKgjlGwhdE8sJsqILgZnIoKwVvOXuDOz/RhbdBPpVsG7upk7bLJtLv9P5h0h/gUIWA1iktaYBSDL0UofjSrfNhZH6M0P+soIuooanSlVGivTlASw1pd+gjvebbc9ksvGZVqPQT0XegIvZkwfu8moERZUqv/xhNcyWTEGfFKoeHt5ub8Ac0LOe9Ak6N+p8xDjTdkmUgte5J/CNL1JL3JA/iqocAo+VvmIbPatbrOwUNcROOS3WeFg8MfNrbDyYCVNbZWAyM6wwfLB2fIUB2jw== tulg@highcommand" # content of authorized_keys file + users.users."tulg".openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIefprdYz4gFgBqGlrkycWcTYxFttQHRjDQmREtQTiGyqK1gQiB4z4Cbiayt7Emq224sbaobQPlNSyhlBCSo/Wf0bmZMz8NwNdwhFSkDnyD6LPaHg8fv9FXnWW0wBMl4oSD2wfGbMQBrecjgHXfJ64UiHyyhDllDDtWGgoY75wwfWHzX/NiGaEi0LHCQ8dsgp7H+BhssTkJPZbv6BJcA34yfb6dISjvW2S/QGKMwgYr9ArfGLUTWPbj+EbL7Bf9VsTFe9nP+FnYqEu4+oBIbY2heXWA+FCi0zxmMY4oYJxT5cJi1nffVOxboKLm4kIT93gv1WdcDiQDVdy5sJ1q0gJyiRt1HfJW4l8jn36VJ0FvdGmRliOTzSfeER0gbIsOcxeArHRV3ff/CoSocnSs0To5vFKgjlGwhdE8sJsqILgZnIoKwVvOXuDOz/RhbdBPpVsG7upk7bLJtLv9P5h0h/gUIWA1iktaYBSDL0UofjSrfNhZH6M0P+soIuooanSlVGivTlASw1pd+gjvebbc9ksvGZVqPQT0XegIvZkwfu8moERZUqv/xhNcyWTEGfFKoeHt5ub8Ac0LOe9Ak6N+p8xDjTdkmUgte5J/CNL1JL3JA/iqocAo+VvmIbPatbrOwUNcROOS3WeFg8MfNrbDyYCVNbZWAyM6wwfLB2fIUB2jw== tulg@highcommand" # content of authorized_keys file ]; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions @@ -134,8 +140,7 @@ # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - nix.settings.experimental-features = [ "nix-command" "flakes"]; + nix.settings.experimental-features = ["nix-command" "flakes"]; services.displayManager.ly.enable = true; system.stateVersion = "25.05"; # Did you read the comment? - } diff --git a/hosts/virgil/hardware-configuration.nix b/hosts/virgil/hardware-configuration.nix index 644a67d..7613335 100644 --- a/hosts/virgil/hardware-configuration.nix +++ b/hosts/virgil/hardware-configuration.nix @@ -1,30 +1,34 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ (modulesPath + "/profiles/qemu-guest.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-amd"]; + boot.extraModulePackages = []; - fileSystems."/" = - { device = "/dev/disk/by-partlabel/disk-nixos-root"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-partlabel/disk-nixos-root"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-partlabel/disk-nixos-ESP"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-partlabel/disk-nixos-ESP"; + fsType = "vfat"; + options = ["fmask=0022" "dmask=0022"]; + }; - swapDevices = [ ]; + swapDevices = []; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/hosts/virgil/vfio.nix b/hosts/virgil/vfio.nix new file mode 100644 index 0000000..437b7b4 --- /dev/null +++ b/hosts/virgil/vfio.nix @@ -0,0 +1,10 @@ +{ + config, + pkgs, + ... +}: { + boot.kernelparams = ["amd_iommu=on"]; + boot.blacklistedKernelModules = ["nvidia" "nouveau"]; + boot.kernelModules = ["vfio_virqfd" "vfio_pci" "vfio_iommu_type1" "vfio"]; + boot.extraModprobeConfig = "options vfio-pci ids=10de:2705,10de:22bb"; +} diff --git a/modules/home.nix b/modules/home.nix index f9de7ad..77d46d3 100644 --- a/modules/home.nix +++ b/modules/home.nix @@ -1,6 +1,5 @@ { config, - lib, pkgs, inputs, ...