46 lines
1.5 KiB
Nix
46 lines
1.5 KiB
Nix
|
{ lib, pkgs, config, ... }:
|
||
|
|
with lib;
|
||
|
|
let
|
||
|
|
cfg = config.virtualisation.libvirtd;
|
||
|
|
|
||
|
|
aclString = with lib.strings;
|
||
|
|
concatMapStringsSep ''
|
||
|
|
,
|
||
|
|
'' escapeNixString cfg.deviceACL;
|
||
|
|
in {
|
||
|
|
options.virtualisation.libvirtd = {
|
||
|
|
deviceACL = mkOption {
|
||
|
|
type = types.listOf types.str;
|
||
|
|
default = [ ];
|
||
|
|
description = "allowed devices";
|
||
|
|
};
|
||
|
|
};
|
||
|
|
|
||
|
|
# All this was part of the rabbit hole of getting looking glass working properly
|
||
|
|
# This below also seems very important
|
||
|
|
# https://forum.level1techs.com/t/new-looking-glass-beta-7-release-candidate-1/208250
|
||
|
|
# same here, wrt cpu max bits possibly preventing shared memory from working
|
||
|
|
# https://forum.level1techs.com/t/looking-glass-b6-and-b7-rc1-not-working-with-new-kernels/222134/7
|
||
|
|
# https://www.kraxel.org/blog/2023/12/qemu-phys-bits/
|
||
|
|
# https://libvirt.org/formatdomain.html#cpu-model-and-topology
|
||
|
|
#
|
||
|
|
# Needed to make sure to pass
|
||
|
|
# all these different /dev/'s, otherwise qemu won't be able to
|
||
|
|
# start properly. I'm not 100% on either where the user here
|
||
|
|
# got this list, nor which i actually *need*, but either way
|
||
|
|
# this was an immense help:
|
||
|
|
# https://forum.level1techs.com/t/solved-unable-to-connect-to-libvirt-qemu-system-after-changing-to-kernel-module/219006
|
||
|
|
|
||
|
|
#
|
||
|
|
config.virtualisation.libvirtd.qemu.verbatimConfig = ''
|
||
|
|
namespaces = []
|
||
|
|
|
||
|
|
cgroup_device_acl = [
|
||
|
|
"/dev/null", "/dev/full", "/dev/zero",
|
||
|
|
"/dev/random", "/dev/urandom",
|
||
|
|
"/dev/ptmx", "/dev/kvm",
|
||
|
|
"/dev/userfaultfd",
|
||
|
|
${aclString}
|
||
|
|
]
|
||
|
|
'';
|
||
|
|
}
|