update the VM stuff to have access to libvirt and all that jazz

2026-03-23 22:41:31 -04:00 · 2026-03-05 16:53:55 -05:00 · 2026-03-05 16:53:55 -05:00 · ad58fdcc16
commit ad58fdcc16
parent 581f91056a
3 changed files with 21 additions and 7 deletions
--- a/hosts/common/optional/vms.nix
+++ b/hosts/common/optional/vms.nix
@ -10,8 +10,19 @@
    "riscv64-linux"
  ];

+  programs.virt-manager.enable = true;
+  virtualisation.libvirtd = {
+    enable = true;
+    qemu = {
+      swtpm.enable = true;
+    };
+  };
+
+  networking.firewall.trustedInterfaces = [ "virbr0" ];
+
  environment.systemPackages = [
    pkgs.qemu
    pkgs.quickemu
+    pkgs.dnsmasq # Required by virt-manager
  ];
 }
--- a/hosts/common/users/primary/nixos.nix
+++ b/hosts/common/users/primary/nixos.nix
@ -5,14 +5,18 @@
  lib,
  pkgs,
  ...
-}: let
+}:
+let
  hostSpec = config.hostSpec;
  ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;

  # Decrypt password to /run/secrets-for-users/ so it can be used to create the user
-  sopsHashedPasswordFile = lib.optionalString (!config.hostSpec.isMinimal) config.sops.secrets."passwords/${hostSpec.username}".path;
+  sopsHashedPasswordFile = lib.optionalString (
+    !config.hostSpec.isMinimal
+  ) config.sops.secrets."passwords/${hostSpec.username}".path;
  virtPass = pkgs.writeText "password" "$y$j9T$ZbQbNHUSFsePoP0X.TdwR/$.EKJWDSY7ZO/nqf4FxgUYA3a47CYAKLzaV7ZAy745R/";
-in {
+in
+{
  users = {
    mutableUsers = false; # Only allow declarative credentials; Required for password to be set via sops during system activation!
    users = {
@ -21,9 +25,7 @@ in {
        home = "/home/${hostSpec.username}";
        isNormalUser = true;
        hashedPasswordFile =
-          if config.hostSpec.isVirtual
-          then builtins.toString virtPass
-          else sopsHashedPasswordFile;
+          if config.hostSpec.isVirtual then builtins.toString virtPass else sopsHashedPasswordFile;
        linger = true;

        extraGroups = lib.flatten [
@ -38,7 +40,7 @@ in {
            "networkmanager"
            "scanner" # for print/scan"
            "lp" # for print/scan"
-            "vboxusers"
+            "libvirtd"
          ])
        ];
      };
--- a/hosts/nixos/Incarceron/default.nix
+++ b/hosts/nixos/Incarceron/default.nix
@ -40,6 +40,7 @@
      "hosts/common/optional/keyd.nix"
      "hosts/common/optional/pentesting.nix"
      "hosts/common/optional/docker.nix"
+      "hosts/common/optional/vms.nix"
      "hosts/common/optional/printing.nix"
      "hosts/common/optional/gaming.nix"
      "modules/services/mesh/client.nix"