nixos-config/sets/virtualization.nix

{
  config,
  pkgs,
  lib,
  ...
}:

{
  virtualisation = {
    lxd = {
      enable = true;
      recommendedSysctlSettings = true;
    };
    libvirtd = {
      enable = true;
      qemu = {
        ovmf.enable = true;
        ovmf.packages = [
          pkgs.OVMFFull.fd
        ] ++ lib.optional (pkgs.system == "x86_64-linux") pkgs.pkgsCross.aarch64-multiplatform.OVMF.fd;
        swtpm.enable = true;
        vhostUserPackages = [ pkgs.virtiofsd ];
        runAsRoot = false;
      };
      onBoot = "ignore";
      onShutdown = "shutdown";
    };
  };

  # no more cgroups v1
  systemd.enableUnifiedCgroupHierarchy = lib.mkForce true;

  # Breaks IPv4 on bridge
  boot.kernel.sysctl."net.bridge.bridge-nf-call-iptables" = 0;

  programs.virt-manager.enable = true;
  environment.systemPackages = with pkgs; [
    spice-gtk
    qemu
  ];

  users.users = {
    artemis.extraGroups = [
      "lxd"
      "libvirtd"
    ];
    lxd = {
      isSystemUser = true;
      subUidRanges = [
        {
          startUid = 16777216;
          count = 16777216;
        }
        {
          startUid = config.users.users.artemis.uid;
          count = 1;
        }
      ];
      subGidRanges = [
        {
          startGid = 16777216;
          count = 16777216;
        }
        {
          startGid = 100;
          count = 1;
        }
        {
          startGid = config.users.groups.artemis.gid;
          count = 1;
        }
      ];
      group = "lxd";
    };
  };
}
reformat with nixfmt-rfc-style 2024-03-02 03:13:17 +00:00			`{`
			`config,`
			`pkgs,`
			`lib,`
			`...`
			`}:`
Further modularlize config 2020-11-17 01:51:13 +00:00
			`{`
			`virtualisation = {`
			`lxd = {`
			`enable = true;`
			`recommendedSysctlSettings = true;`
			`};`
Add libvirtd 2020-12-13 06:57:45 +00:00			`libvirtd = {`
			`enable = true;`
add packages to libvirtd 2024-02-25 00:06:18 +00:00			`qemu = {`
			`ovmf.enable = true;`
reformat with nixfmt-rfc-style 2024-03-02 03:13:17 +00:00			`ovmf.packages = [`
			`pkgs.OVMFFull.fd`
			`] ++ lib.optional (pkgs.system == "x86_64-linux") pkgs.pkgsCross.aarch64-multiplatform.OVMF.fd;`
add packages to libvirtd 2024-02-25 00:06:18 +00:00			`swtpm.enable = true;`
			`vhostUserPackages = [ pkgs.virtiofsd ];`
			`runAsRoot = false;`
			`};`
Add libvirtd 2020-12-13 06:57:45 +00:00			`onBoot = "ignore";`
			`onShutdown = "shutdown";`
			`};`
Further modularlize config 2020-11-17 01:51:13 +00:00			`};`

Unified cgroup hierarchy, add m1 rules 2022-10-29 00:53:29 +00:00			`# no more cgroups v1`
			`systemd.enableUnifiedCgroupHierarchy = lib.mkForce true;`

Add kerberos, various config 2021-02-20 23:32:07 +00:00			`# Breaks IPv4 on bridge`
			`boot.kernel.sysctl."net.bridge.bridge-nf-call-iptables" = 0;`

Use programs.virt-manager, remove nano 2023-11-29 18:58:03 +00:00			`programs.virt-manager.enable = true;`
reformat with nixfmt-rfc-style 2024-03-02 03:13:17 +00:00			`environment.systemPackages = with pkgs; [`
			`spice-gtk`
			`qemu`
			`];`
Add libvirtd 2020-12-13 06:57:45 +00:00
Further modularlize config 2020-11-17 01:51:13 +00:00			`users.users = {`
reformat with nixfmt-rfc-style 2024-03-02 03:13:17 +00:00			`artemis.extraGroups = [`
			`"lxd"`
			`"libvirtd"`
			`];`
Change subuid, add brlaser workaround 2020-12-02 04:17:30 +00:00			`lxd = {`
Add isSystemUser to appease nixpkgs 2021-04-20 00:12:53 +00:00			`isSystemUser = true;`
Reformat with nixfmt 2023-08-26 23:00:18 +00:00			`subUidRanges = [`
			`{`
			`startUid = 16777216;`
			`count = 16777216;`
			`}`
			`{`
			`startUid = config.users.users.artemis.uid;`
			`count = 1;`
			`}`
			`];`
			`subGidRanges = [`
			`{`
			`startGid = 16777216;`
			`count = 16777216;`
			`}`
			`{`
			`startGid = 100;`
			`count = 1;`
			`}`
			`{`
			`startGid = config.users.groups.artemis.gid;`
			`count = 1;`
			`}`
			`];`
Add groups for users 2021-09-18 17:09:49 +00:00			`group = "lxd";`
Further modularlize config 2020-11-17 01:51:13 +00:00			`};`
			`};`
			`}`