nixops: install libvirtd, add virtualized-gpu specialisation

for running Windoze trashware that non-software engineers love

nixops/desktop.nix

@@ -22,6 +22,15 @@ in
     });
   };
 
+  specialisation = {
+    virtualized-gpu.configuration = {
+      boot.kernelParams = ["intel_iommu=on"];
+      boot.kernelModules = ["vfio_pci" "vfio"];
+      boot.blacklistedKernelModules = ["amdgpu"];
+      boot.extraModprobeConfig = "options vfio-pci ids=1002:67df,1002:aaf0";
+    };
+  };
+
   networking.hostName = host;
   networking.firewall.allowedTCPPorts = [ 1883 ];
 
@@ -49,10 +58,14 @@ in
         vscode-extensions.matklad.rust-analyzer
       ];
     })
+    virt-manager spice-gtk
     (import ./fish-nix-shell)
   ];
   programs.wireshark.enable = true;
   programs.wireshark.package = pkgs.wireshark;
+  virtualisation.libvirtd.enable = true;
+  virtualisation.libvirtd.qemuOvmf = true;
+  security.wrappers.spice-client-glib-usb-acl-helper.source = "${pkgs.spice-gtk}/bin/spice-client-glib-usb-acl-helper";
 
   services.openssh.enable = true;
   services.openssh.forwardX11 = true;