From 4c53b59e8948f56b655b9bbc71cc9f77ab428e85 Mon Sep 17 00:00:00 2001
From: Ryan Yin <xiaoyin_c@qq.com>
Date: Sat, 1 Jul 2023 22:28:31 +0800
Subject: [PATCH] feat: enable libvirt(qemu/kvm) for ai

---
 hosts/idols/ai/default.nix   |  1 +
 modules/nixos/libvirt.nix    | 38 ++++++++++++++++++++++++++++++++++++
 modules/nixos/user-group.nix | 11 ++++++++++-
 3 files changed, 49 insertions(+), 1 deletion(-)
 create mode 100644 modules/nixos/libvirt.nix

diff --git a/hosts/idols/ai/default.nix b/hosts/idols/ai/default.nix
index 3f82745e..f73fa5af 100644
--- a/hosts/idols/ai/default.nix
+++ b/hosts/idols/ai/default.nix
@@ -15,6 +15,7 @@
     ../../../modules/nixos/fhs-fonts.nix
     # ../../../modules/nixos/hyprland.nix
     ../../../modules/nixos/i3.nix
+    ../../../modules/nixos/libvirt.nix
     ../../../modules/nixos/core-desktop.nix
     ../../../modules/nixos/remote-building.nix
     ../../../modules/nixos/user-group.nix
diff --git a/modules/nixos/libvirt.nix b/modules/nixos/libvirt.nix
new file mode 100644
index 00000000..ec6a94e5
--- /dev/null
+++ b/modules/nixos/libvirt.nix
@@ -0,0 +1,38 @@
+
+{ lib, pkgs, ... }:
+
+{
+  ###################################################################################
+  #
+  #  Enable Libvirt(QEMU/KVM)
+  #
+  ###################################################################################
+
+  virtualisation = {
+    libvirtd = {
+      enable = true;
+      # hanging this option to false may cause file permission issues for existing guests. 
+      # To fix these, manually change ownership of affected files in /var/lib/libvirt/qemu to qemu-libvirtd.
+      qemu.runAsRoot = true;
+    };
+
+    qemu = {
+      # default to QEMU/KVM
+      package = pkgs.qemu_kvm;
+    };
+  };
+  programs.dconf.enable = true;
+  environment.systemPackages = with pkgs; [ virt-manager ];
+
+  boot.kernelModules = [ "kvm-amd" "kvm-intel" ];
+  # Enable nested virsualization, required by security containers and nested vm.
+  boot.extraModprobeConfig = "options kvm_intel nested=1";  # for intel cpu
+  # boot.extraModprobeConfig = "options kvm_amd nested=1";  # for amd cpu
+
+
+  # NixOS VM should enable this:
+  # services.qemuGuest = {
+  #   enable = true;
+  #   package = pkgs.qemu_kvm.ga;
+  # };
+}
diff --git a/modules/nixos/user-group.nix b/modules/nixos/user-group.nix
index 7e1864f0..ac112962 100644
--- a/modules/nixos/user-group.nix
+++ b/modules/nixos/user-group.nix
@@ -13,7 +13,16 @@
     home = "/home/ryan";
     isNormalUser = true;
     description = "ryan";
-    extraGroups = [ "ryan" "users" "networkmanager" "wheel" "docker" "wireshark" "adbusers" ];
+    extraGroups = [ 
+      "ryan" 
+      "users"
+      "networkmanager" 
+      "wheel"
+      "docker"
+      "wireshark"
+      "adbusers"
+      "libvirtd"
+    ];
     openssh.authorizedKeys.keys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDiipi59EnVbi6bK1bGrcbfEM263wgdNfbrt6VBC1rHx ryan@ai-idols"
     ];