From b2382ad8b44789ad6b71c0ce58ba214f24568437 Mon Sep 17 00:00:00 2001
From: Sebastien Bourdeauducq <sb@m-labs.hk>
Date: Mon, 21 Dec 2020 16:39:15 +0800
Subject: [PATCH] nixops: install libvirtd, add virtualized-gpu specialisation

for running Windoze trashware that non-software engineers love
---
 nixops/desktop.nix | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/nixops/desktop.nix b/nixops/desktop.nix
index 30df0d3..7f275ce 100644
--- a/nixops/desktop.nix
+++ b/nixops/desktop.nix
@@ -22,6 +22,15 @@ in
     });
   };
 
+  specialisation = {
+    virtualized-gpu.configuration = {
+      boot.kernelParams = ["intel_iommu=on"];
+      boot.kernelModules = ["vfio_pci" "vfio"];
+      boot.blacklistedKernelModules = ["amdgpu"];
+      boot.extraModprobeConfig = "options vfio-pci ids=1002:67df,1002:aaf0";
+    };
+  };
+
   networking.hostName = host;
   networking.firewall.allowedTCPPorts = [ 1883 ];
 
@@ -49,10 +58,14 @@ in
         vscode-extensions.matklad.rust-analyzer
       ];
     })
+    virt-manager spice-gtk
     (import ./fish-nix-shell)
   ];
   programs.wireshark.enable = true;
   programs.wireshark.package = pkgs.wireshark;
+  virtualisation.libvirtd.enable = true;
+  virtualisation.libvirtd.qemuOvmf = true;
+  security.wrappers.spice-client-glib-usb-acl-helper.source = "${pkgs.spice-gtk}/bin/spice-client-glib-usb-acl-helper";
 
   services.openssh.enable = true;
   services.openssh.forwardX11 = true;