dotfiles/etcnixos/vm.nix

{
  pkgs,
  username,
  lib,
  ...
}:
{

  environment.systemPackages = with pkgs; [
    # https://github.com/quickemu-project/quickemu
    (quickemu.overrideAttrs (old: {
      patches = [
        # patch to allow forcing a specific ISO file via an environment variable `FILE_NAME`
        (pkgs.fetchpatch {
          url = "https://github.com/Titaniumtown/quickemu/commit/f96d52a6b6f4b3187171d8cab61a273475da3b6c.diff";
          sha256 = "vXVI4EeJGhOlx8ARTCvB98Ajalk0bVakL98WojqcI3c=";
        })
      ];
    }))
  ];

  programs.virt-manager.enable = true;

  users.groups.libvirtd.members = [ username ];

  virtualisation.libvirtd = {
    enable = true;

    package = pkgs.libvirt;

    qemu = {
      package = (
        pkgs.qemu_kvm.overrideAttrs (old: {
          patches = old.patches ++ [
            # amd?
            # (pkgs.fetchpatch {
            #   url = "https://github.com/Scrut1ny/Hypervisor-Phantom/raw/d09d66813570704e2b05440f290d6f9bdf2d26c7/Hypervisor-Phantom/patches/QEMU/amd-qemu-9.2.0.patch";
            #   sha256 = "BbzgjRa3qaYH1yXXqU6M/S68SxXWpAc9ObTG5qXu6YA=";
            # })

            # or intel!
            (pkgs.fetchpatch {
              url = "https://github.com/Scrut1ny/Hypervisor-Phantom/raw/d09d66813570704e2b05440f290d6f9bdf2d26c7/Hypervisor-Phantom/patches/QEMU/intel-qemu-9.2.0.patch";
              sha256 = "kXY6R/0Tsotf0mGUIevDLlLWHEznnF1dt0K2ayX7XAg=";
            })
          ];
        })
      );

      ovmf.packages = lib.mkForce [
        (pkgs.OVMF.overrideAttrs (old: {
          secureBoot = true;
          tpmSupport = true;
          # TODO! add patches from: https://github.com/Scrut1ny/Hypervisor-Phantom/tree/main/Hypervisor-Phantom/patches/EDK2
        })).fd
      ];
    };
  };

  virtualisation.spiceUSBRedirection.enable = true;

  users.users."${username}".extraGroups = [ "libvirtd" ];

  # boot.kernelPatches = [
  #   {
  #     name = "undetected-kvm";
  #     patch = pkgs.fetchurl {
  #       url = "https://raw.githubusercontent.com/Scrut1ny/Hypervisor-Phantom/d09d66813570704e2b05440f290d6f9bdf2d26c7/Hypervisor-Phantom/patches/Kernel/linux-6.13-svm.patch";
  #       sha256 = "zz18xerutulLGzlHhnu26WCY8rVQXApyeoDtCjbejIk=";
  #     };
  #   }
  # ];

}