{
pkgs,
# lib,
# fleetFlake,
...
}:
{
security.polkit.enable = true;
virtualisation.libvirtd.enable = true;
networking.firewall.interfaces."wg0" = {
allowedTCPPorts = [
5900 # vnc by QEMU
3389 # rdp installed in Windows itself
47984
47989
48010 # sunshine/moonlight
47990 # sunshine webui
];
allowedUDPPortRanges = [
{
from = 47998;
to = 48000;
}
{
from = 48002;
to = 48010;
}
];
};
hardware.opengl.enable = true;
virtualisation.spiceUSBRedirection.enable = true;
boot = {
initrd.kernelModules = [
"vfio_pci"
"vfio"
"vfio_iommu_type1"
"vfio_virqfd"
# "i915"
];
};
boot.kernelParams = [
"intel_iommu=on"
"vfio-pci.ids=8086:4680"
# "iommu=pt"
"i915.enable_guc=3"
"i915.max_vfs=7"
];
# boot.blacklistedKernelModules = ["i915"];
# boot.kernelModules = [
# # "vfio-pci"
# "i915"
# ];
# boot.extraModulePackages = [
# (config.boot.kernelPackages.callPackage ./i915-sriov-dkms.nix {} )
# ];
boot.initrd.availableKernelModules = [
# "i915"
];
# boot.initrd.kernelModules = [
# "i915"
# ];
# hardware = {
# firmware = [
# ((
# pkgs.runCommandNoCC
# "adls_dmc_ver2_01.bin"
# {}
# "mkdir -p $out/lib/firmware && cp ${./adls_dmc_ver2_01.bin} $out/lib/firmware/adls_dmc_ver2_01.bin"
# )
# // {
# # compressFirmware = false; # TODO can I re-enable compression?
# })
# ];
# };
# hardware.enableAllFirmware =
# builtins.trace "${
# (config.boot.kernelPackages.callPackage ./i915-sriov-dkms.nix {})
# }"
# true;
# boot.kernelModul = ''
# echo "vfio-pci" > /sys/bus/pci/devices/0000:00:02.0/driver_override
# echo 7 > /sys/devices/pci0000:00/0000:00:02.0/sriov_numvfs
# modprobe -i vfio-pci
# modprobe -i i915
# '';
boot.kernelPatches = [
# {
# name = "i915";
# patch = null;
# extraStructuredConfig = {
# INTEL_MEI_PXP = lib.kernel.module;
# DRM_I915_PXP = lib.kernel.yes;
# PMIC_OPREGION = lib.kernel.yes;
# };
# }
];
boot.kernel.sysctl = {
"devices/pci0000:00/0000:00:02.0/sriov_numvfs" = 7;
};
# -vnc :0 \
# -audiodev alsa,id=snd0,out.try-poll=off -device ich9-intel-hda -device hda-output,audiodev=snd0 \
# -device vfio-pci,host=00:02.0 \
systemd.services.vm-mara =
let
start-vm = pkgs.writeShellApplication {
name = "start-vm";
runtimeInputs = with pkgs; [ qemu ];
text = ''
[ ! -f /var/lib/vm-mara/w10.qcow2 ] && \
qemu-img create -f qcow2 /var/lib/vm-mara/w10.qcow2 50G
qemu-system-x86_64 \
-enable-kvm \
-cpu host,kvm=off,hv-spinlocks=819,hv-vapic=on,hv-relaxed=on,hv-vendor-id="IrisXE" \
-smp 4 \
-m 8192 \
-nic user,model=virtio-net-pci,hostfwd=tcp::3389-:3389,hostfwd=tcp::47989-:47989,hostfwd=tcp::47990-:47990,hostfwd=tcp::47984-:47984,hostfwd=tcp::48010-:48010,hostfwd=udp::47998-:47988,hostfwd=udp::47999-:47999,hostfwd=udp::48000-:48000,hostfwd=udp::48002-:48002,hostfwd=udp::48003-:48003,hostfwd=udp::48004-:48004,hostfwd=udp::48005-:48005,hostfwd=udp::48006-:48006,hostfwd=udp::48007-:48007,hostfwd=udp::48008-:48008,hostfwd=udp::48009-:48009,hostfwd=udp::48010-:48010 \
-cdrom /var/lib/vm-mara/virtio-win.iso \
-device nec-usb-xhci,id=usb,bus=pci.0,addr=0x4 \
-device usb-tablet \
-vnc :0 \
-nographic \
-vga none \
-drive file=/var/lib/vm-mara/w10.qcow2 \
-device vfio-pci,host=00:02.0,addr=03.0,x-vga=on,multifunction=on,romfile=${./adls_dmc_ver2_01.bin}
'';
};
in
{
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
ExecStart = "${start-vm}/bin/start-vm";
};
};
}