# from https://github.com/j-brn/nixos-vfio
{ lib, pkgs, config, ... }:
with lib;
let
  cfg = config.virtualisation.libvirtd;

  aclString = with lib.strings;
    concatMapStringsSep ''
      ,
        '' escapeNixString cfg.deviceACL;
in {
  options.virtualisation.libvirtd = {
    deviceACL = mkOption {
      type = types.listOf types.str;
      default = [ ];
      description = "allowed devices";
    };
  };

  # All this was part of the rabbit hole of getting looking glass working properly
  # This below also seems very important
  # https://forum.level1techs.com/t/new-looking-glass-beta-7-release-candidate-1/208250
  # same here, wrt cpu max bits possibly preventing shared memory from working
  # https://forum.level1techs.com/t/looking-glass-b6-and-b7-rc1-not-working-with-new-kernels/222134/7
  # https://www.kraxel.org/blog/2023/12/qemu-phys-bits/
  # https://libvirt.org/formatdomain.html#cpu-model-and-topology
  # 
  # Needed to make sure to pass
  # all these different /dev/'s, otherwise qemu won't be able to
  # start properly. I'm not 100% on either where the user here
  # got this list, nor which i actually *need*, but either way
  # this was an immense help:
  # https://forum.level1techs.com/t/solved-unable-to-connect-to-libvirt-qemu-system-after-changing-to-kernel-module/219006
  config.virtualisation.libvirtd.qemu.verbatimConfig = ''
    namespaces = []

    cgroup_device_acl = [
      "/dev/null", "/dev/full", "/dev/zero",
      "/dev/random", "/dev/urandom",
      "/dev/ptmx", "/dev/kvm",
      "/dev/userfaultfd",
      ${aclString}
    ]
  '';
}