From cfed9ca808558d6e6c98161c0094eed6abc7a0cf Mon Sep 17 00:00:00 2001
From: j-brn <me@bricker.io>
Date: Sun, 1 Oct 2023 01:44:33 +0200
Subject: [PATCH] add existing modules by @crtified and remove staticfiles

---
 docs/book/src/SUMMARY.md                      |  5 +-
 flake.nix                                     |  7 +-
 modules/libvirtd/default.nix                  | 41 +++++++++++-
 .../libvirtd/{hooks.nix => scopedHooks.nix}   |  4 +-
 modules/staticfiles/default.nix               | 66 -------------------
 modules/vfio/default.nix                      | 63 ++++++++++++++++++
 modules/virtualisation/default.nix            | 35 ++++++++++
 tests/libvirtd/default.nix                    |  2 +-
 8 files changed, 145 insertions(+), 78 deletions(-)
 rename modules/libvirtd/{hooks.nix => scopedHooks.nix} (97%)
 delete mode 100644 modules/staticfiles/default.nix
 create mode 100644 modules/vfio/default.nix
 create mode 100644 modules/virtualisation/default.nix

diff --git a/docs/book/src/SUMMARY.md b/docs/book/src/SUMMARY.md
index 1fe74c9..5a2e346 100644
--- a/docs/book/src/SUMMARY.md
+++ b/docs/book/src/SUMMARY.md
@@ -5,5 +5,6 @@
 - [Guide](guide.md)
 - [Options](options.md)
   - [KVMFR](options/kvmfr.md)
-  - [Libvirtd](options/libvirtd.md)
-  - [StaticFiles](options/staticfiles.md)
+  - [libvirtd](options/libvirtd.md)
+  - [vfio](options/vfio.md)
+  - [virtualisation](options/virtualisation.md)
diff --git a/flake.nix b/flake.nix
index 64fe586..b371580 100644
--- a/flake.nix
+++ b/flake.nix
@@ -12,8 +12,9 @@
       flake = {
         nixosModules = {
           kvmfr = import ./modules/kvmfr { std = inputs.nix-std.lib; };
-          staticfiles = import ./modules/staticfiles;
           libvirtd = import ./modules/libvirtd;
+          virtualisation = import ./modules/virtualisation;
+          vfio = import ./modules/vfio;
         };
       };
 
@@ -23,10 +24,6 @@
             inherit pkgs;
             module = self.nixosModules.kvmfr;
           };
-          staticfiles = import ./tests/staticfiles {
-            inherit pkgs;
-            module = self.nixosModules.staticfiles;
-          };
           libvirtd = import ./tests/libvirtd {
             inherit pkgs;
             imports = lib.attrValues self.nixosModules;
diff --git a/modules/libvirtd/default.nix b/modules/libvirtd/default.nix
index 827a5ed..6c50cfd 100644
--- a/modules/libvirtd/default.nix
+++ b/modules/libvirtd/default.nix
@@ -1,6 +1,43 @@
-{
+{ lib, pkgs, config, ... }:
+with lib;
+let
+  cfg = config.virtualisation.libvirtd;
+
+  boolToZeroOne = x: if x then "1" else "0";
+
+  aclString = with lib.strings;
+    concatMapStringsSep ''
+      ,
+        '' escapeNixString cfg.deviceACL;
+in {
   imports = [
-    ./hooks.nix
+    ./scopedHooks.nix
     ./qemuGuests.nix
   ];
+
+  options.virtualisation.libvirtd = {
+    deviceACL = mkOption {
+      type = types.listOf types.str;
+      default = [ ];
+    };
+    clearEmulationCapabilities = mkOption {
+      type = types.bool;
+      default = true;
+    };
+  };
+
+  # Add qemu-libvirtd to the input group if required
+  config.users.users."qemu-libvirtd" = {
+    extraGroups = optionals (!cfg.qemu.runAsRoot) [ "kvm" "input" ];
+    isSystemUser = true;
+  };
+
+  config.virtualisation.libvirtd.qemu.verbatimConfig = ''
+    clear_emulation_capabilities = ${
+      boolToZeroOne cfg.clearEmulationCapabilities
+    }
+    cgroup_device_acl = [
+      ${aclString}
+    ]
+  '';
 }
diff --git a/modules/libvirtd/hooks.nix b/modules/libvirtd/scopedHooks.nix
similarity index 97%
rename from modules/libvirtd/hooks.nix
rename to modules/libvirtd/scopedHooks.nix
index d14ac11..087af33 100644
--- a/modules/libvirtd/hooks.nix
+++ b/modules/libvirtd/scopedHooks.nix
@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 with lib;
 let
-  cfg = config.vfio.libvirtd.hooks;
+  cfg = config.virtualisation.libvirtd.scopedHooks;
 
   mkHook = name: hook:
     let
@@ -103,7 +103,7 @@ let
 in {
   ###### interface
 
-  options.vfio.libvirtd.hooks = {
+  options.virtualisation.libvirtd.scopedHooks = {
     daemon = mkOption {
       type = mkHooksSubmoduleType "daemon";
       description = "daemon hooks";
diff --git a/modules/staticfiles/default.nix b/modules/staticfiles/default.nix
deleted file mode 100644
index 4efa32f..0000000
--- a/modules/staticfiles/default.nix
+++ /dev/null
@@ -1,66 +0,0 @@
-{ lib, config, ... }:
-
-with lib;
-
-let
-  cfg = config.environment.staticFiles;
-
-  installStaticFile = path: drv: ''
-    echo "linking '${drv}' to '${path}'..."
-
-    DIR=$(dirname "${path}")
-    if [ ! -d "''${DIR}" ]; then
-      mkdir -p "''${DIR}"
-    fi
-
-    ln -sfn "${drv}" "${path}"
-    echo "${path}" >> "${cfg.stateFileLocation}"
-  '';
-
-  cleanupStaticFiles = ''
-    echo "[static_files] cleaning up static files..."
-
-    if [ -e "${cfg.stateFileLocation}" ]; then
-      for path in $(cat "${cfg.stateFileLocation}"); do
-        if [ -e "''${path}" ]; then
-          echo "removing ''${path}..."
-          rm -rf "''${path}"
-        fi
-      done
-
-      rm -f "${cfg.stateFileLocation}"
-    fi
-  '';
-
-  installStaticFiles = concatStringsSep "\n"
-    ([ "echo [static_files] installing static files..." ]
-      ++ (mapAttrsToList installStaticFile cfg.files));
-in {
-  options.environment.staticFiles = {
-    stateFileLocation = mkOption {
-      type = types.str;
-      default = "/.static_files";
-      description = mdDoc ''
-        Path at which the file containing the list of files to cleanup is stored/read from.
-      '';
-    };
-
-    files = mkOption {
-      type = types.attrsOf types.package;
-      default = { };
-      description = mdDoc ''
-        attrset of paths and derivations to link.
-      '';
-    };
-  };
-
-  config = {
-    system.activationScripts = {
-      staticfilesCleanup = { text = cleanupStaticFiles; };
-      staticfilesInstall = {
-        text = installStaticFiles;
-        deps = [ "staticfilesCleanup" ];
-      };
-    };
-  };
-}
diff --git a/modules/vfio/default.nix b/modules/vfio/default.nix
new file mode 100644
index 0000000..54fa22e
--- /dev/null
+++ b/modules/vfio/default.nix
@@ -0,0 +1,63 @@
+{ lib, pkgs, config, ... }:
+with lib;
+let
+  cfg = config.virtualisation.vfio;
+in {
+  options.virtualisation.vfio = {
+    enable = mkEnableOption "VFIO Configuration";
+    IOMMUType = mkOption {
+      type = types.enum [ "intel" "amd" ];
+      example = "intel";
+      description = "Type of the IOMMU used";
+    };
+    devices = mkOption {
+      type = types.listOf (types.strMatching "[0-9a-f]{4}:[0-9a-f]{4}");
+      default = [ ];
+      example = [ "10de:1b80" "10de:10f0" ];
+      description = "PCI IDs of devices to bind to vfio-pci";
+    };
+    disableEFIfb = mkOption {
+      type = types.bool;
+      default = false;
+      example = true;
+      description = "Disables the usage of the EFI framebuffer on boot.";
+    };
+    blacklistNvidia = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Add Nvidia GPU modules to blacklist";
+    };
+    ignoreMSRs = mkOption {
+      type = types.bool;
+      default = false;
+      example = true;
+      description =
+        "Enables or disables kvm guest access to model-specific registers";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.udev.extraRules = ''
+      SUBSYSTEM=="vfio", OWNER="root", GROUP="kvm"
+    '';
+
+    boot.kernelParams = (if cfg.IOMMUType == "intel" then [
+      "intel_iommu=on"
+      "intel_iommu=igfx_off"
+    ] else
+      [ "amd_iommu=on" ]) ++ (optional (builtins.length cfg.devices > 0)
+        ("vfio-pci.ids=" + builtins.concatStringsSep "," cfg.devices))
+      ++ (optional cfg.disableEFIfb "video=efifb:off")
+      ++ (optionals cfg.ignoreMSRs [
+        "kvm.ignore_msrs=1"
+        "kvm.report_ignored_msrs=0"
+      ]);
+
+    boot.kernelModules = [ "vfio_virqfd" "vfio_pci" "vfio_iommu_type1" "vfio" ];
+
+    boot.initrd.kernelModules =
+      [ "vfio_virqfd" "vfio_pci" "vfio_iommu_type1" "vfio" ];
+    boot.blacklistedKernelModules =
+      optionals cfg.blacklistNvidia [ "nvidia" "nouveau" ];
+  };
+}
\ No newline at end of file
diff --git a/modules/virtualisation/default.nix b/modules/virtualisation/default.nix
new file mode 100644
index 0000000..79d3c97
--- /dev/null
+++ b/modules/virtualisation/default.nix
@@ -0,0 +1,35 @@
+{ lib, pkgs, config, ... }:
+with lib;
+let
+  cfg = config.virtualisation;
+in {
+  options.virtualisation = {
+    hugepages = {
+      enable = mkEnableOption "Hugepages";
+
+      defaultPageSize = mkOption {
+        type = types.strMatching "[0-9]*[kKmMgG]";
+        default = "1M";
+        description =
+          "Default size of huge pages. You can use suffixes K, M, and G to specify KB, MB, and GB.";
+      };
+      pageSize = mkOption {
+        type = types.strMatching "[0-9]*[kKmMgG]";
+        default = "1M";
+        description =
+          "Size of huge pages that are allocated at boot. You can use suffixes K, M, and G to specify KB, MB, and GB.";
+      };
+      numPages = mkOption {
+        type = types.ints.positive;
+        default = 1;
+        description = "Number of huge pages to allocate at boot.";
+      };
+    };
+  };
+
+  config.boot.kernelParams = optionals cfg.hugepages.enable [
+    "default_hugepagesz=${cfg.hugepages.defaultPageSize}"
+    "hugepagesz=${cfg.hugepages.pageSize}"
+    "hugepages=${toString cfg.hugepages.numPages}"
+  ];
+}
\ No newline at end of file
diff --git a/tests/libvirtd/default.nix b/tests/libvirtd/default.nix
index 9a9fa01..3ea904a 100644
--- a/tests/libvirtd/default.nix
+++ b/tests/libvirtd/default.nix
@@ -9,7 +9,7 @@ in pkgs.nixosTest ({
 
       virtualisation.libvirtd.enable = true;
 
-      vfio.libvirtd.hooks.qemu = {
+      virtualisation.libvirtd.scopedHooks.qemu = {
         printSomethingBeforeWin10Starts = {
           enable = true;