nixos-config/sets/virtualization.nix

{
  config,
  pkgs,
  lib,
  ...
}:

{
  virtualisation = {
    lxd = {
      enable = true;
      recommendedSysctlSettings = true;
    };
    libvirtd = {
      enable = true;
      qemu = {
        ovmf.enable = true;
        ovmf.packages = [
          pkgs.OVMFFull.fd
        ] ++ lib.optional (pkgs.system == "x86_64-linux") pkgs.pkgsCross.aarch64-multiplatform.OVMF.fd;
        swtpm.enable = true;
        vhostUserPackages = [ pkgs.virtiofsd ];
        runAsRoot = false;
      };
      onBoot = "ignore";
      onShutdown = "shutdown";
    };
  };

  # Breaks IPv4 on bridge
  boot.kernel.sysctl."net.bridge.bridge-nf-call-iptables" = 0;

  # lxd reduses this from default, increase this to what SteamOS uses
  boot.kernel.sysctl."vm.max_map_count" = lib.mkForce 2147483642;

  programs.virt-manager.enable = true;
  environment.systemPackages = with pkgs; [
    spice-gtk
    qemu
  ];

  users.users = {
    artemis.extraGroups = [
      "lxd"
      "libvirtd"
    ];
    lxd = {
      isSystemUser = true;
      subUidRanges = [
        {
          startUid = 16777216;
          count = 16777216;
        }
        {
          startUid = config.users.users.artemis.uid;
          count = 1;
        }
      ];
      subGidRanges = [
        {
          startGid = 16777216;
          count = 16777216;
        }
        {
          startGid = 100;
          count = 1;
        }
        {
          startGid = config.users.groups.artemis.gid;
          count = 1;
        }
      ];
      group = "lxd";
    };
  };
}