{ config, lib, pkgs, ... }:
let
cfg = config.profiles.virtualisation;
in {
options = {
profiles.virtualisation = {
enable = lib.mkEnableOption "virtualisation";
qemu.enable = lib.mkOption {
type = lib.types.bool;
default = true;
};
podman.enable = lib.mkOption {
type = lib.types.bool;
default = true;
};
};
};
config = lib.mkIf cfg.enable (lib.mkMerge [
(lib.mkIf cfg.podman.enable {
users.groups.podman.members = [ config.nixos-config.defaultUser ];
virtualisation.podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
environment.systemPackages = with pkgs; [
podman-compose
];
})
(lib.mkIf cfg.qemu.enable {
users.groups.libvirtd.members = [ "root" config.nixos-config.defaultUser ];
users.groups.kvm.members = [ "root" config.nixos-config.defaultUser ];
virtualisation = {
libvirtd = {
enable = true;
qemu = {
ovmf.enable = true;
ovmf.packages = [ pkgs.OVMFFull.fd ];
verbatimConfig = ''
nvram = [ "${pkgs.OVMF}/FV/OVMF.fd:${pkgs.OVMF}/FV/OVMF_VARS.fd" ]
'';
swtpm.enable = true;
};
};
spiceUSBRedirection.enable = true; # USB passthrough
};
environment = {
etc = {
"ovmf/edk2-x86_64-secure-code.fd" = {
source = config.virtualisation.libvirtd.qemu.package + "/share/qemu/edk2-x86_64-secure-code.fd";
};
"ovmf/edk2-i386-vars.fd" = {
source = config.virtualisation.libvirtd.qemu.package + "/share/qemu/edk2-i386-vars.fd";
};
};
systemPackages = with pkgs; [
virt-manager
virt-viewer
qemu
OVMF
gvfs # Used for shared folders between Linux and Windows
swtpm
];
};
services = { # Enable file sharing between OS
gvfs.enable = true;
};
})
]);
}