Commit 5b00437c986e

Vincent Demeester <vincent@sbr.pm>
2021-05-07 10:48:28
flake: add modules.virtualisation 🥼
With initial configuration from libvirt. Signed-off-by: Vincent Demeester <vincent@sbr.pm>
main
1 parent cee0eb6
Changed files (4)
systems
hosts
foo.flake.nix
modules
virtualisation
default.flake.nix
libvirt.nix
default.flake.nix
systems/hosts/foo.flake.nix
@@ -33,8 +33,8 @@ in
       zsh.enable = true;
     };
     virtualisation = {
-      enable = true;
-      nested = true;
+      libvirt.enable = true;
+      libvirt.nested = true;
     };
   };
   profiles = {
@@ -44,20 +44,6 @@ in
   };
 
   environment.systemPackages = with pkgs; [ tektoncd-cli nyxt ];
-  /*
-  profiles = {
-    desktop.i3.enable = true;
-    laptop.enable = true;
-    home = true;
-    dev.enable = true;
-    yubikey.enable = true;
-    virtualization = { enable = true; nested = true; };
-    docker.enable = true;
-    redhat.enable = true;
-    scanning.enable = true;
-  };
-  environment.systemPackages = with pkgs; [ virtmanager ];
-  */
 
   virtualisation.podman.enable = true;
   virtualisation.containers = {
systems/modules/virtualisation/default.flake.nix
@@ -0,0 +1,9 @@
+# Virtualisation is grouping modules related to virtualisation, such
+# as containers (podman, docker, …), vm (qemu, libvirt, …).
+{ lib, ... }:
+
+{
+  imports = [
+    ./libvirt.nix
+  ];
+}
systems/modules/virtualisation/libvirt.nix
@@ -0,0 +1,39 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkEnableOption mkIf mkMerge;
+  cfg = config.modules.virtualisation.libvirt;
+in
+{
+  options.modules.virtualisation.libvirt = {
+    enable = mkEnableOption "Enable libvirt";
+    nested = mkEnableOption "Enable nested virtualisation (kvm)";
+    listenTCP = mkEnableOption "Expose and make libvirt to a TCP port";
+  };
+  config = mkIf cfg.enable (mkMerge [
+    {
+      virtualisation.libvirtd.enable = true;
+      environment.systemPackages = with pkgs; [ qemu vde2 libosinfo ];
+    }
+    (mkIf cfg.nested {
+      boot.kernelParams = [ "kvm_intel.nested=1" ];
+      environment.etc."modprobe.d/kvm.conf".text = ''
+        options kvm_intel nested=1
+      '';
+    })
+    (mkIf cfg.listenTCP {
+      boot.kernel.sysctl = { "net.ipv4.ip_forward" = 1; };
+      virtualisation.libvirtd = {
+        allowedBridges = [ "br1" ];
+        extraConfig = ''
+          listen_tls = 0
+          listen_tcp = 1
+          auth_tcp="none"
+          tcp_port = "16509"
+        '';
+        # extraOptions = [ "--listen" ];
+      };
+      networking.firewall.allowedTCPPorts = [ 16509 ];
+    })
+  ]);
+}
systems/modules/default.flake.nix
@@ -9,6 +9,6 @@
     ./programs
     ./services
     ./shell
-    ./virtualisation
+    ./virtualisation/default.flake.nix
   ];
 }