-
Notifications
You must be signed in to change notification settings - Fork 0
/
vfio.nix
79 lines (73 loc) · 2.5 KB
/
vfio.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
{config, pkgs, ... }:
let
secrets = (import ./private/secrets.nix);
unstable = import <unstable> {};
in
{
## PUT THIS IN YOUR MACHINE CONFIG
#boot = {
# # Use latest kernel
# kernelPackages = pkgs.linuxPackages_latest;
# loader = {
# # Use the systemd-boot EFI boot loader.
# systemd-boot.enable = true;
# efi.canTouchEfiVariables = true;
# };
#
# initrd.kernelModules = [ "i915" ];
#
# # intel_iommu enables iommu for intel CPUs with VT-d
# # CHANGE: intel_iommu enables iommu for intel CPUs with VT-d
# # use amd_iommu if you have an AMD CPU with AMD-Vi
# # These modules are required for PCI passthrough, and must come before early modesetting stuff
# kernelParams = [ "intel_iommu=on" "enable_gvt=1" "i915.enable_fbc=1" "i915.enable_guc=3" "pci=noaer" ];
# # Prevent nvidia drivers from loading (in case you don't want fan management when vm is not running)
# blacklistedKernelModules = [ "nouveau" "nvidia" ];
#
# # vfio kernel modules
# kernelModules = [ "vfio_virqfd" "vfio_pci" "vfio_iommu_type1" "vfio" ];
#
# # Bind vfio-pci to nvidia card ## CHANGE: Don't forget to put your own PCI IDs here
# extraModprobeConfig ="options vfio-pci ids=10de:1b06,10de:10ef";
#
# # Alternative binding
# # Load the nvidia driver at startup, but make sure the vfio-pci is available for switching
# # Nvidia driver is for fan control
# postBootCommands = ''
# # DEVS="0000:01:00.0 0000:01:00.1"
# #
# # for DEV in $DEVS; do
# # echo "nvidia" > /sys/bus/pci/devices/$DEV/driver_override
# # done
# # modprobe -i nvidia
# # modprobe -i vfio-pci
# # Setup Looking Glass shared memory object
# touch /dev/shm/looking-glass
# chown john:kvm /dev/shm/looking-glass
# chmod 660 /dev/shm/looking-glass
# '';
#};
environment.systemPackages = with pkgs; [
unstable.virtmanager
unstable.qemu
unstable.OVMF
unstable.looking-glass-client
];
# Enable virtualisation
virtualisation = {
libvirtd = {
enable = true;
qemuOvmf = true;
qemuPackage = unstable.qemu;
};
};
# libvrtd members
users.groups.libvirtd.members = [ "root" "${secrets.username}"];
# CHANGE: use
# ls /nix/store/*OVMF*/FV/OVMF{,_VARS}.fd | tail -n2 | tr '\n' : | sed -e 's/:$//'
# to find your nix store paths
virtualisation.libvirtd.qemuVerbatimConfig = ''
nvram = [ "${pkgs.OVMF}/FV/OVMF.fd:${pkgs.OVMF}/FV/OVMF_VARS.fd" ]
'';
networking.firewall.trustedInterfaces = [ "virbr1" ];
}