commit 5b00437c986ebd0e4e751596d504c27ade694c46
parent cee0eb627d03bb977be2ffdf54dbb6fdfc48fe1f
Author: Vincent Demeester <vincent@sbr.pm>
Date: Fri, 7 May 2021 10:48:28 +0200
flake: add modules.virtualisation 🥼
With initial configuration from libvirt.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Diffstat:
4 files changed, 51 insertions(+), 17 deletions(-)
diff --git a/systems/hosts/foo.flake.nix b/systems/hosts/foo.flake.nix
@@ -33,8 +33,8 @@ in
zsh.enable = true;
};
virtualisation = {
- enable = true;
- nested = true;
+ libvirt.enable = true;
+ libvirt.nested = true;
};
};
profiles = {
@@ -44,20 +44,6 @@ in
};
environment.systemPackages = with pkgs; [ tektoncd-cli nyxt ];
- /*
- profiles = {
- desktop.i3.enable = true;
- laptop.enable = true;
- home = true;
- dev.enable = true;
- yubikey.enable = true;
- virtualization = { enable = true; nested = true; };
- docker.enable = true;
- redhat.enable = true;
- scanning.enable = true;
- };
- environment.systemPackages = with pkgs; [ virtmanager ];
- */
virtualisation.podman.enable = true;
virtualisation.containers = {
diff --git a/systems/modules/default.flake.nix b/systems/modules/default.flake.nix
@@ -9,6 +9,6 @@
./programs
./services
./shell
- ./virtualisation
+ ./virtualisation/default.flake.nix
];
}
diff --git a/systems/modules/virtualisation/default.flake.nix b/systems/modules/virtualisation/default.flake.nix
@@ -0,0 +1,9 @@
+# Virtualisation is grouping modules related to virtualisation, such
+# as containers (podman, docker, …), vm (qemu, libvirt, …).
+{ lib, ... }:
+
+{
+ imports = [
+ ./libvirt.nix
+ ];
+}
diff --git a/systems/modules/virtualisation/libvirt.nix b/systems/modules/virtualisation/libvirt.nix
@@ -0,0 +1,39 @@
+{ config, lib, pkgs, ... }:
+
+let
+ inherit (lib) mkEnableOption mkIf mkMerge;
+ cfg = config.modules.virtualisation.libvirt;
+in
+{
+ options.modules.virtualisation.libvirt = {
+ enable = mkEnableOption "Enable libvirt";
+ nested = mkEnableOption "Enable nested virtualisation (kvm)";
+ listenTCP = mkEnableOption "Expose and make libvirt to a TCP port";
+ };
+ config = mkIf cfg.enable (mkMerge [
+ {
+ virtualisation.libvirtd.enable = true;
+ environment.systemPackages = with pkgs; [ qemu vde2 libosinfo ];
+ }
+ (mkIf cfg.nested {
+ boot.kernelParams = [ "kvm_intel.nested=1" ];
+ environment.etc."modprobe.d/kvm.conf".text = ''
+ options kvm_intel nested=1
+ '';
+ })
+ (mkIf cfg.listenTCP {
+ boot.kernel.sysctl = { "net.ipv4.ip_forward" = 1; };
+ virtualisation.libvirtd = {
+ allowedBridges = [ "br1" ];
+ extraConfig = ''
+ listen_tls = 0
+ listen_tcp = 1
+ auth_tcp="none"
+ tcp_port = "16509"
+ '';
+ # extraOptions = [ "--listen" ];
+ };
+ networking.firewall.allowedTCPPorts = [ 16509 ];
+ })
+ ]);
+}