etcnixos -> system

2025-11-21 12:19:28 -05:00
parent 946d72b66b
commit 8a06e4560d
18 changed files with 2 additions and 2 deletions
--- a/system/vm.nix
+++ b/system/vm.nix
@@ -0,0 +1,61 @@
+{
+  pkgs,
+  username,
+  lib,
+  ...
+}:
+{
+  programs.virt-manager.enable = true;
+
+  users.groups.libvirtd.members = [ username ];
+
+  virtualisation.libvirtd = {
+    enable = true;
+
+    package = pkgs.libvirt;
+
+    qemu = {
+      package = (
+        pkgs.qemu_kvm.overrideAttrs (old: {
+          patches = old.patches ++ [
+            # amd?
+            (pkgs.fetchpatch {
+              url = "https://github.com/Scrut1ny/Hypervisor-Phantom/raw/d09d66813570704e2b05440f290d6f9bdf2d26c7/Hypervisor-Phantom/patches/QEMU/amd-qemu-9.2.0.patch";
+              sha256 = "BbzgjRa3qaYH1yXXqU6M/S68SxXWpAc9ObTG5qXu6YA=";
+            })
+
+            # or intel!
+            /*
+              (pkgs.fetchpatch {
+                url = "https://github.com/Scrut1ny/Hypervisor-Phantom/raw/d09d66813570704e2b05440f290d6f9bdf2d26c7/Hypervisor-Phantom/patches/QEMU/intel-qemu-9.2.0.patch";
+                sha256 = "kXY6R/0Tsotf0mGUIevDLlLWHEznnF1dt0K2ayX7XAg=";
+              })
+            */
+          ];
+        })
+      );
+
+      ovmf.packages = lib.mkForce [
+        (pkgs.OVMF.overrideAttrs (old: {
+          secureBoot = true;
+          tpmSupport = true;
+          # TODO! add patches from: https://github.com/Scrut1ny/Hypervisor-Phantom/tree/main/Hypervisor-Phantom/patches/EDK2
+        })).fd
+      ];
+    };
+  };
+
+  virtualisation.spiceUSBRedirection.enable = true;
+
+  users.users."${username}".extraGroups = [ "libvirtd" ];
+
+  # boot.kernelPatches = [
+  #   {
+  #     name = "undetected-kvm";
+  #     patch = pkgs.fetchurl {
+  #       url = "https://raw.githubusercontent.com/Scrut1ny/Hypervisor-Phantom/d09d66813570704e2b05440f290d6f9bdf2d26c7/Hypervisor-Phantom/patches/Kernel/linux-6.13-svm.patch";
+  #       sha256 = "zz18xerutulLGzlHhnu26WCY8rVQXApyeoDtCjbejIk=";
+  #     };
+  #   }
+  # ];
+}