{ config, lib, pkgs, ... }: let gpuIDs = [ "1002:7480" # Graphics "1002:ab30" # Audio "1022:15c0" # Top Right physical USB C port ]; in { options.vfio.enable = with lib; mkEnableOption "Configure the machine for VFIO"; options.vfio.earlyKMS = with lib; mkEnableOption "Configure the machine to load the GPU driver during initramfs"; options.vfio.applyACSpatch = with lib; mkEnableOption ''If set, the following things will happen: - The ACS override patch is applied - Applies the i915-vga-arbiter patch - Adds pcie_acs_override=downstream to the command line ''; config = let cfg = config.vfio; in { networking.bridges = { "winvm0" = { interfaces = [ "eth0" ]; }; }; networking.interfaces.eth0.useDHCP = true; networking.interfaces.winvm0.useDHCP = true; programs.virt-manager.enable = true; users.groups.libvirtd.members = ["evar"]; hardware.graphics.enable = true; virtualisation.libvirtd.enable = true; virtualisation.libvirtd.qemu.swtpm.enable = true; # for TPM 2.0 support virtualisation.spiceUSBRedirection.enable = true; boot = { initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" # "vfio_virqfd" # This is apparently a part of the kernel now ] ++ lib.optional cfg.earlyKMS "amdgpu"; # kernelPatches = [] ++ lib.optional cfg.applyACSpatch # { # name = "add-acs-overrides"; # patch = pkgs.fetchurl { # name = "add-acs-overrides.patch"; # url = "https://aur.archlinux.org/cgit/aur.git/plain/1001-6.8.0-add-acs-overrides.patch?h=linux-vfio"; # sha256 = "1qd68s9r0ppynksbffqn2qbp1whqpbfp93dpccp9griwhx5srx6v"; # }; # }; kernelParams = [ # enable IOMMU "amd_iommu=on" ] ++ lib.optional cfg.enable # isolate the GPU ("vfio-pci.ids=" + lib.concatStringsSep "," gpuIDs); # ++ lib.optional cfg.applyACSpatch "pcie_acs_override=downstream,multifunction"; }; }; }