From 08d10de09d3278165755043b1b5507ce009c6441 Mon Sep 17 00:00:00 2001
From: Alex Auvolat <alex@adnab.me>
Date: Wed, 29 Nov 2023 12:57:53 +0100
Subject: lindy: do vfio virtualization once again

---
 nixos/Makefile    |  3 +++
 nixos/common.nix  |  5 +++++
 nixos/lindy.nix   | 27 +++++++++++++++++++++++----
 nixpkgs/lindy.nix | 11 +++++++++++
 4 files changed, 42 insertions(+), 4 deletions(-)

diff --git a/nixos/Makefile b/nixos/Makefile
index a0f2628..9de3ebe 100644
--- a/nixos/Makefile
+++ b/nixos/Makefile
@@ -1,6 +1,9 @@
 all:
 	sudo nixos-rebuild switch -I nixos-config=`hostname`.nix
 
+vfio:
+	sudo nixos-rebuild switch -I nixos-config=`hostname`.nix --specialisation intelVfio
+
 boot:
 	sudo nixos-rebuild boot -I nixos-config=`hostname`.nix
 
diff --git a/nixos/common.nix b/nixos/common.nix
index 0a66a5a..4621b38 100644
--- a/nixos/common.nix
+++ b/nixos/common.nix
@@ -102,6 +102,9 @@
   # Enable touchpad support (enabled default in most desktopManager).
   services.xserver.libinput.enable = true;
 
+  # Enable libvirt
+  virtualisation.libvirtd.enable = true;
+
   # -------------------- users ---------------------
 
   # Define a user account. Don't forget to set a password with ‘passwd’.
@@ -115,6 +118,7 @@
       "plugdev"
       "dialout"
       "kvm"
+      "libvirtd"
     ];
     openssh.authorizedKeys.keys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJpaBZdYxHqMxhv2RExAOa7nkKhPBOHupMP3mYaZ73w9"
@@ -247,6 +251,7 @@
     gnupg
     dig
     inetutils
+    pciutils
     file
     distrobox
     killall
diff --git a/nixos/lindy.nix b/nixos/lindy.nix
index aafb07b..c9331fa 100644
--- a/nixos/lindy.nix
+++ b/nixos/lindy.nix
@@ -120,10 +120,26 @@ Komaru UUID=caf8496f-006b-4762-bb20-506d4c7bdb51 /nix/persist/root/komaru_key
   services.cron.enable = true;
   services.cron.systemCronJobs = [ "0 20 * * * root /media/Zonz/lindy/do-backup.sh" ];
 
-  # Nvidia graphics
-  boot.kernelParams = [ "i915.modeset=0" ];
-  hardware.nvidia.modesetting.enable = true;
-  services.xserver.videoDrivers = [ "nvidia" ];
+  # Graphics
+  specialisation = {
+    nvidia.configuration = {
+      boot.kernelParams = [ "i915.modeset=0" ];
+      hardware.nvidia.modesetting.enable = true;
+      services.xserver.videoDrivers = [ "nvidia" ];
+    };
+    intelVfio.configuration = {
+      boot.blacklistedKernelModules = [ "nouveau" "nvidia" "nvidia_modeset" "nvidia_uvm" "nvidia_drm" ];
+      boot.kernelParams = [ "intel_iommu=on" "iommu=pt" "vfio-pci.ids=10de:17c2,10de:0fb0,8086:0c01" ];
+      boot.initrd.availableKernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
+      services.xserver.videoDrivers = [ "modesetting" ];
+      systemd.tmpfiles.rules = [
+        "f	/dev/shm/looking-glass	0660	lx	kvm	-"
+      ];
+      environment.systemPackages = with pkgs; [
+        looking-glass-client
+      ];
+    };
+  };
   hardware.opengl.enable = true;
 
   # Docker, VirtualBox
@@ -136,6 +152,9 @@ Komaru UUID=caf8496f-006b-4762-bb20-506d4c7bdb51 /nix/persist/root/komaru_key
     # 8910 8920 # web dev
     4317 4318 # jaeger container
   ];
+  networking.firewall.allowedUDPPorts = [
+    4010 # scream
+  ];
 
   # GnuPG agent at system level, if at home level conflicts with arch
   programs.gnupg.agent = {
diff --git a/nixpkgs/lindy.nix b/nixpkgs/lindy.nix
index 98b5dcd..66cb4f9 100644
--- a/nixpkgs/lindy.nix
+++ b/nixpkgs/lindy.nix
@@ -9,5 +9,16 @@
     enableBashIntegration = true;
     keys = [ "~/.ssh/id_ed25519" ];
   };
+
+  # scream listener for virtual machine
+  systemd.user.services."scream-listener" = {
+    Unit = { Description = "Scream listener"; };
+    Service = {
+      ExecStart = "${pkgs.scream}/bin/scream -o pulse -i virbr0";
+      RestartSec = 10;
+      Restart = "always";
+    };
+    Install = { WantedBy = [ "default.target" ]; };
+  };
 }
 
-- 
cgit v1.2.3