home

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README | LICENSE

commit 5b00437c986ebd0e4e751596d504c27ade694c46
parent cee0eb627d03bb977be2ffdf54dbb6fdfc48fe1f
Author: Vincent Demeester <vincent@sbr.pm>
Date:   Fri,  7 May 2021 10:48:28 +0200

flake: add modules.virtualisation 🥼

With initial configuration from libvirt.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>

Diffstat:
Msystems/hosts/foo.flake.nix | 18++----------------
Msystems/modules/default.flake.nix | 2+-
Asystems/modules/virtualisation/default.flake.nix | 9+++++++++
Asystems/modules/virtualisation/libvirt.nix | 39+++++++++++++++++++++++++++++++++++++++
4 files changed, 51 insertions(+), 17 deletions(-)

diff --git a/systems/hosts/foo.flake.nix b/systems/hosts/foo.flake.nix @@ -33,8 +33,8 @@ in zsh.enable = true; }; virtualisation = { - enable = true; - nested = true; + libvirt.enable = true; + libvirt.nested = true; }; }; profiles = { @@ -44,20 +44,6 @@ in }; environment.systemPackages = with pkgs; [ tektoncd-cli nyxt ]; - /* - profiles = { - desktop.i3.enable = true; - laptop.enable = true; - home = true; - dev.enable = true; - yubikey.enable = true; - virtualization = { enable = true; nested = true; }; - docker.enable = true; - redhat.enable = true; - scanning.enable = true; - }; - environment.systemPackages = with pkgs; [ virtmanager ]; - */ virtualisation.podman.enable = true; virtualisation.containers = { diff --git a/systems/modules/default.flake.nix b/systems/modules/default.flake.nix @@ -9,6 +9,6 @@ ./programs ./services ./shell - ./virtualisation + ./virtualisation/default.flake.nix ]; } diff --git a/systems/modules/virtualisation/default.flake.nix b/systems/modules/virtualisation/default.flake.nix @@ -0,0 +1,9 @@ +# Virtualisation is grouping modules related to virtualisation, such +# as containers (podman, docker, …), vm (qemu, libvirt, …). +{ lib, ... }: + +{ + imports = [ + ./libvirt.nix + ]; +} diff --git a/systems/modules/virtualisation/libvirt.nix b/systems/modules/virtualisation/libvirt.nix @@ -0,0 +1,39 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkEnableOption mkIf mkMerge; + cfg = config.modules.virtualisation.libvirt; +in +{ + options.modules.virtualisation.libvirt = { + enable = mkEnableOption "Enable libvirt"; + nested = mkEnableOption "Enable nested virtualisation (kvm)"; + listenTCP = mkEnableOption "Expose and make libvirt to a TCP port"; + }; + config = mkIf cfg.enable (mkMerge [ + { + virtualisation.libvirtd.enable = true; + environment.systemPackages = with pkgs; [ qemu vde2 libosinfo ]; + } + (mkIf cfg.nested { + boot.kernelParams = [ "kvm_intel.nested=1" ]; + environment.etc."modprobe.d/kvm.conf".text = '' + options kvm_intel nested=1 + ''; + }) + (mkIf cfg.listenTCP { + boot.kernel.sysctl = { "net.ipv4.ip_forward" = 1; }; + virtualisation.libvirtd = { + allowedBridges = [ "br1" ]; + extraConfig = '' + listen_tls = 0 + listen_tcp = 1 + auth_tcp="none" + tcp_port = "16509" + ''; + # extraOptions = [ "--listen" ]; + }; + networking.firewall.allowedTCPPorts = [ 16509 ]; + }) + ]); +}