add existing modules by @CRTified and remove staticfiles

docs/book/src/SUMMARY.md

@@ -5,5 +5,6 @@
 - [Guide](guide.md)
 - [Options](options.md)
   - [KVMFR](options/kvmfr.md)
-  - [Libvirtd](options/libvirtd.md)
-  - [StaticFiles](options/staticfiles.md)
+  - [libvirtd](options/libvirtd.md)
+  - [vfio](options/vfio.md)
+  - [virtualisation](options/virtualisation.md)

flake.nix

@@ -12,8 +12,9 @@
       flake = {
         nixosModules = {
           kvmfr = import ./modules/kvmfr { std = inputs.nix-std.lib; };
-          staticfiles = import ./modules/staticfiles;
           libvirtd = import ./modules/libvirtd;
+          virtualisation = import ./modules/virtualisation;
+          vfio = import ./modules/vfio;
         };
       };
 
@@ -23,10 +24,6 @@
             inherit pkgs;
             module = self.nixosModules.kvmfr;
           };
-          staticfiles = import ./tests/staticfiles {
-            inherit pkgs;
-            module = self.nixosModules.staticfiles;
-          };
           libvirtd = import ./tests/libvirtd {
             inherit pkgs;
             imports = lib.attrValues self.nixosModules;

modules/libvirtd/default.nix

@@ -1,6 +1,43 @@
-{
+{ lib, pkgs, config, ... }:
+with lib;
+let
+  cfg = config.virtualisation.libvirtd;
+
+  boolToZeroOne = x: if x then "1" else "0";
+
+  aclString = with lib.strings;
+    concatMapStringsSep ''
+      ,
+        '' escapeNixString cfg.deviceACL;
+in {
   imports = [
-    ./hooks.nix
+    ./scopedHooks.nix
     ./qemuGuests.nix
   ];
+
+  options.virtualisation.libvirtd = {
+    deviceACL = mkOption {
+      type = types.listOf types.str;
+      default = [ ];
+    };
+    clearEmulationCapabilities = mkOption {
+      type = types.bool;
+      default = true;
+    };
+  };
+
+  # Add qemu-libvirtd to the input group if required
+  config.users.users."qemu-libvirtd" = {
+    extraGroups = optionals (!cfg.qemu.runAsRoot) [ "kvm" "input" ];
+    isSystemUser = true;
+  };
+
+  config.virtualisation.libvirtd.qemu.verbatimConfig = ''
+    clear_emulation_capabilities = ${
+      boolToZeroOne cfg.clearEmulationCapabilities
+    }
+    cgroup_device_acl = [
+      ${aclString}
+    ]
+  '';
 }

modules/libvirtd/hooks.nix → modules/libvirtd/scopedHooks.nix

@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 with lib;
 let
-  cfg = config.vfio.libvirtd.hooks;
+  cfg = config.virtualisation.libvirtd.scopedHooks;
 
   mkHook = name: hook:
     let
@@ -103,7 +103,7 @@ let
 in {
   ###### interface
 
-  options.vfio.libvirtd.hooks = {
+  options.virtualisation.libvirtd.scopedHooks = {
     daemon = mkOption {
       type = mkHooksSubmoduleType "daemon";
       description = "daemon hooks";

modules/vfio/default.nix

@@ -0,0 +1,63 @@
+{ lib, pkgs, config, ... }:
+with lib;
+let
+  cfg = config.virtualisation.vfio;
+in {
+  options.virtualisation.vfio = {
+    enable = mkEnableOption "VFIO Configuration";
+    IOMMUType = mkOption {
+      type = types.enum [ "intel" "amd" ];
+      example = "intel";
+      description = "Type of the IOMMU used";
+    };
+    devices = mkOption {
+      type = types.listOf (types.strMatching "[0-9a-f]{4}:[0-9a-f]{4}");
+      default = [ ];
+      example = [ "10de:1b80" "10de:10f0" ];
+      description = "PCI IDs of devices to bind to vfio-pci";
+    };
+    disableEFIfb = mkOption {
+      type = types.bool;
+      default = false;
+      example = true;
+      description = "Disables the usage of the EFI framebuffer on boot.";
+    };
+    blacklistNvidia = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Add Nvidia GPU modules to blacklist";
+    };
+    ignoreMSRs = mkOption {
+      type = types.bool;
+      default = false;
+      example = true;
+      description =
+        "Enables or disables kvm guest access to model-specific registers";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.udev.extraRules = ''
+      SUBSYSTEM=="vfio", OWNER="root", GROUP="kvm"
+    '';
+
+    boot.kernelParams = (if cfg.IOMMUType == "intel" then [
+      "intel_iommu=on"
+      "intel_iommu=igfx_off"
+    ] else
+      [ "amd_iommu=on" ]) ++ (optional (builtins.length cfg.devices > 0)
+        ("vfio-pci.ids=" + builtins.concatStringsSep "," cfg.devices))
+      ++ (optional cfg.disableEFIfb "video=efifb:off")
+      ++ (optionals cfg.ignoreMSRs [
+        "kvm.ignore_msrs=1"
+        "kvm.report_ignored_msrs=0"
+      ]);
+
+    boot.kernelModules = [ "vfio_virqfd" "vfio_pci" "vfio_iommu_type1" "vfio" ];
+
+    boot.initrd.kernelModules =
+      [ "vfio_virqfd" "vfio_pci" "vfio_iommu_type1" "vfio" ];
+    boot.blacklistedKernelModules =
+      optionals cfg.blacklistNvidia [ "nvidia" "nouveau" ];
+  };
+}

modules/virtualisation/default.nix

@@ -0,0 +1,35 @@
+{ lib, pkgs, config, ... }:
+with lib;
+let
+  cfg = config.virtualisation;
+in {
+  options.virtualisation = {
+    hugepages = {
+      enable = mkEnableOption "Hugepages";
+
+      defaultPageSize = mkOption {
+        type = types.strMatching "[0-9]*[kKmMgG]";
+        default = "1M";
+        description =
+          "Default size of huge pages. You can use suffixes K, M, and G to specify KB, MB, and GB.";
+      };
+      pageSize = mkOption {
+        type = types.strMatching "[0-9]*[kKmMgG]";
+        default = "1M";
+        description =
+          "Size of huge pages that are allocated at boot. You can use suffixes K, M, and G to specify KB, MB, and GB.";
+      };
+      numPages = mkOption {
+        type = types.ints.positive;
+        default = 1;
+        description = "Number of huge pages to allocate at boot.";
+      };
+    };
+  };
+
+  config.boot.kernelParams = optionals cfg.hugepages.enable [
+    "default_hugepagesz=${cfg.hugepages.defaultPageSize}"
+    "hugepagesz=${cfg.hugepages.pageSize}"
+    "hugepages=${toString cfg.hugepages.numPages}"
+  ];
+}

tests/libvirtd/default.nix

@@ -9,7 +9,7 @@ in pkgs.nixosTest ({
 
       virtualisation.libvirtd.enable = true;
 
-      vfio.libvirtd.hooks.qemu = {
+      virtualisation.libvirtd.scopedHooks.qemu = {
         printSomethingBeforeWin10Starts = {
           enable = true;