74 lines
1.7 KiB
Nix
74 lines
1.7 KiB
Nix
{
|
|
config,
|
|
pkgs,
|
|
lib,
|
|
inputs,
|
|
...
|
|
}: {
|
|
imports = [
|
|
inputs.nixos-vfio.nixosModules.vfio
|
|
];
|
|
|
|
boot.kernelParams = ["amd_iommu=on"];
|
|
boot.blacklistedKernelModules = ["nvidia" "nouveau"];
|
|
boot.extraModulePackages = [config.boot.kernelPackages.kvmfr];
|
|
boot.kernelModules = ["vfio_virqfd" "vfio_pci" "vfio_iommu_type1" "vfio"];
|
|
boot.extraModprobeConfig = "options vfio-pci ids=10de:2705,10de:22bb";
|
|
|
|
virtualisation.libvirtd = {
|
|
deviceACL = [
|
|
"/dev/kvm"
|
|
"/dev/kvmfr0"
|
|
"/dev/kvmfr1"
|
|
"/dev/kvmfr2"
|
|
"/dev/shm/scream"
|
|
"/dev/shm/looking-glass"
|
|
"/dev/null"
|
|
"/dev/full"
|
|
"/dev/zero"
|
|
"/dev/random"
|
|
"/dev/urandom"
|
|
"/dev/ptmx"
|
|
"/dev/kvm"
|
|
"/dev/kqemu"
|
|
"/dev/rtc"
|
|
"/dev/hpet"
|
|
"/dev/vfio/vfio"
|
|
];
|
|
};
|
|
virtualisation.spiceUSBRedirection.enable = true;
|
|
|
|
virtualisation.vfio = {
|
|
enable = true;
|
|
IOMMUType = "amd";
|
|
devices = [
|
|
"10de:2705"
|
|
"10de:22bb"
|
|
];
|
|
};
|
|
systemd.tmpfiles.rules = [
|
|
"c /dev/kvmfr0 0660 tulg kvm -"
|
|
];
|
|
virtualisation.kvmfr = {
|
|
enable = true;
|
|
devices = lib.singleton {
|
|
size = 64;
|
|
permissions = {
|
|
user = "tulg";
|
|
mode = "0660";
|
|
};
|
|
};
|
|
};
|
|
users.users.tulg.extraGroups = ["kvm"];
|
|
boot.initrd.services.udev.rules = ''
|
|
SUBSYSTEM=="kvmfr", OWNER="tulg", GROUP="kvm", MODE="0660"
|
|
'';
|
|
systemd.services.fix-kvmfr0 = {
|
|
description = "Fix permissions for /dev/kvmfr0";
|
|
wantedBy = ["multi-user.target"];
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
ExecStart = "${pkgs.bash}/bin/bash -c 'for i in {1..10}; do if [ -e /dev/kvmfr0 ]; then chown root:kvm /dev/kvmfr0 && chmod 0660 /dev/kvmfr0 && exit 0; fi; sleep 1; done; exit 1'";
|
|
};
|
|
};
|
|
}
|