{ config, pkgs, lib, ... }: { virtualisation = { lxd = { enable = true; recommendedSysctlSettings = true; }; libvirtd = { enable = true; qemu = { ovmf.enable = true; ovmf.packages = [ pkgs.OVMFFull.fd ] ++ lib.optional (pkgs.system == "x86_64-linux") pkgs.pkgsCross.aarch64-multiplatform.OVMF.fd; swtpm.enable = true; vhostUserPackages = [ pkgs.virtiofsd ]; runAsRoot = false; }; onBoot = "ignore"; onShutdown = "shutdown"; }; }; # no more cgroups v1 systemd.enableUnifiedCgroupHierarchy = lib.mkForce true; # Breaks IPv4 on bridge boot.kernel.sysctl."net.bridge.bridge-nf-call-iptables" = 0; programs.virt-manager.enable = true; environment.systemPackages = with pkgs; [ spice-gtk qemu ]; users.users = { artemis.extraGroups = [ "lxd" "libvirtd" ]; lxd = { isSystemUser = true; subUidRanges = [ { startUid = 16777216; count = 16777216; } { startUid = config.users.users.artemis.uid; count = 1; } ]; subGidRanges = [ { startGid = 16777216; count = 16777216; } { startGid = 100; count = 1; } { startGid = config.users.groups.artemis.gid; count = 1; } ]; group = "lxd"; }; }; }