nix-dotfiles/services/virt.nix

{ config, pkgs, lib, ... }:
{

  # Enable libvirt and QEMU
  virtualisation.libvirtd.enable = true;
  virtualisation.libvirtd.qemu.package = pkgs.qemu_kvm;

  boot.kernelModules = [ "kvm-intel" "vfio_pci" "drm" "drm_kms_helper"];
  
  # Add the relevant packages for virtualization, including secure boot and TPM support
  virtualisation.libvirtd.qemu = {
    runAsRoot = true;
    swtpm.enable = true;
    ovmf = {
      enable = true;
      packages = [(pkgs.OVMF.override {
        secureBoot = true;
        tpmSupport = true;
      }).fd];
    };
  };

  # Add your user to the libvirt group to allow managing VMs without sudo
  users.users.gunalx.extraGroups = [ "libvirtd" ];

  # Enable nested virtualization if needed
  boot.extraModprobeConfig = "options kvm_intel nested=1";

  # (Optional) Enable the virt-manager graphical tool for managing VMs
  programs.virt-manager.enable = true;

}
nixvirt opnsense gandalf 2024-10-26 15:17:38 +02:00			`{ config, pkgs, lib, ... }:`
			`{`

			`# Enable libvirt and QEMU`
			`virtualisation.libvirtd.enable = true;`
			`virtualisation.libvirtd.qemu.package = pkgs.qemu_kvm;`

			`boot.kernelModules = [ "kvm-intel" "vfio_pci" "drm" "drm_kms_helper"];`

			`# Add the relevant packages for virtualization, including secure boot and TPM support`
			`virtualisation.libvirtd.qemu = {`
			`runAsRoot = true;`
			`swtpm.enable = true;`
			`ovmf = {`
			`enable = true;`
			`packages = [(pkgs.OVMF.override {`
			`secureBoot = true;`
			`tpmSupport = true;`
			`}).fd];`
			`};`
			`};`

			`# Add your user to the libvirt group to allow managing VMs without sudo`
			`users.users.gunalx.extraGroups = [ "libvirtd" ];`

			`# Enable nested virtualization if needed`
			`boot.extraModprobeConfig = "options kvm_intel nested=1";`

			`# (Optional) Enable the virt-manager graphical tool for managing VMs`
			`programs.virt-manager.enable = true;`

			`}`