41 lines
1.3 KiB
Nix
Executable File
41 lines
1.3 KiB
Nix
Executable File
{
|
||
lib,
|
||
config,
|
||
pkgs,
|
||
...
|
||
}: let
|
||
isEnabled =
|
||
config.azos.virtualization.enable;
|
||
in {
|
||
options.azos.virtualization.enable = lib.mkOption {
|
||
default = true;
|
||
example = true;
|
||
type = lib.types.bool;
|
||
};
|
||
|
||
config = lib.mkIf isEnabled {
|
||
virtualisation.libvirtd = {
|
||
enable = true; # start / run libvirtd as a system service
|
||
# optional: expose the default NAT network (virbr0) – libvirtd creates it
|
||
# automatically when the daemon is on, but we make sure the bridge is
|
||
# allowed through the firewall.
|
||
qemu = {
|
||
swtpm.enable = true; # (optional) enable software TPM for guests
|
||
};
|
||
};
|
||
environment.systemPackages = with pkgs; [
|
||
# QEMU (KVM‑accelerated)
|
||
qemu_kvm # same as pkgs.qemu (but with KVM support explicitly enabled)
|
||
# CLI utilities
|
||
libvirt # provides virsh, virt-install, virt-manager (cli bits)
|
||
# GUI front‑end
|
||
virt-manager # graphical manager (uses libvirt + spice)
|
||
virt-viewer # Spice/VNC client that virt‑manager calls under the hood
|
||
];
|
||
|
||
services.spice-vdagentd.enable = true; # makes copy‑paste & auto‑resize work in Spice windows
|
||
networking.firewall.allowedTCPPorts = [5900 5901]; # Spice ports (adjust if you expose elsewhere)
|
||
networking.firewall.allowedUDPPorts = [5900 5901];
|
||
};
|
||
}
|