home

My NixOS systems configurations.
Log | Files | Refs | LICENSE

libvirt.nix (1443B)


      1 { config, lib, pkgs, ... }:
      2 
      3 let
      4   inherit (lib) mkEnableOption mkIf mkMerge;
      5   cfg = config.modules.virtualisation.libvirt;
      6 in
      7 {
      8   options.modules.virtualisation.libvirt = {
      9     enable = mkEnableOption "Enable libvirt";
     10     nested = mkEnableOption "Enable nested virtualisation (kvm)";
     11     listenTCP = mkEnableOption "Expose and make libvirt to a TCP port";
     12   };
     13   config = mkIf cfg.enable (mkMerge [
     14     {
     15       virtualisation.libvirtd = {
     16         enable = true;
     17         # Used for UEFI boot of Home Assistant OS guest image
     18         qemu.ovmf.enable = true;
     19       };
     20       security.polkit.enable = true; # 22.11: libvirtd requires poltkit to be enabled
     21       environment.systemPackages = with pkgs; [ qemu vde2 libosinfo ];
     22     }
     23     (mkIf config.modules.desktop.enable {
     24       environment.systemPackages = with pkgs; [ virt-manager ];
     25     })
     26     (mkIf cfg.nested {
     27       boot.kernelParams = [ "kvm_intel.nested=1" ];
     28       environment.etc."modprobe.d/kvm.conf".text = ''
     29         options kvm_intel nested=1
     30       '';
     31     })
     32     (mkIf cfg.listenTCP {
     33       boot.kernel.sysctl = { "net.ipv4.ip_forward" = 1; };
     34       virtualisation.libvirtd = {
     35         allowedBridges = [ "br1" ];
     36         extraConfig = ''
     37           listen_tls = 0
     38           listen_tcp = 1
     39           auth_tcp="none"
     40           tcp_port = "16509"
     41         '';
     42         # extraOptions = [ "--listen" ];
     43       };
     44       networking.firewall.allowedTCPPorts = [ 16509 ];
     45     })
     46   ]);
     47 }