nixos-config/modules/nixos/virtualisation/virtualisation.nix

{
  config,
  lib,
  pkgs,
  useHomeManager,
  ...
}:
let
  inherit (lib) mkEnableOption mkIf optionals;
  cfg = config.ataraxia.virtualisation;

  defaultUser = config.ataraxia.defaults.users.defaultUser;
in
{
  options.ataraxia.virtualisation = {
    docker = mkEnableOption "Enable docker";
    libvirt = mkEnableOption "Enable libvirt";
    podman = mkEnableOption "Enable podman";
  };

  config = mkIf (cfg.docker || cfg.libvirt || cfg.podman) {
    virtualisation = {
      oci-containers.backend = if (!cfg.podman && cfg.docker) then "docker" else "podman";
      docker = {
        enable = cfg.docker;
        daemon.settings = {
          features = {
            buildkit = true;
          };
        };
        storageDriver = "overlay2";
      };
      podman = {
        enable = cfg.podman;
        defaultNetwork.settings.dns_enabled = true;
        dockerSocket.enable = !config.virtualisation.docker.enable;
      };
      containers.containersConf.settings = {
        network = {
          dns_servers = [
            "10.10.10.1"
            "host"
          ];
        };
      };
      containers.registries.search = [
        "docker.io"
        "ghcr.io"
        "quay.io"
      ];
      containers.storage.settings = {
        storage = {
          driver = "overlay";
          graphroot = "/var/lib/containers/storage";
          runroot = "/run/containers/storage";
        };
      };
      libvirtd = {
        enable = cfg.libvirt;
        qemu = {
          ovmf.enable = true;
          ovmf.packages = [
            (pkgs.OVMFFull.override {
              secureBoot = true;
              tpmSupport = true;
            }).fd
          ];
          runAsRoot = false;
          swtpm.enable = true;
        };
        onBoot = "ignore";
        onShutdown = "shutdown";
      };

      spiceUSBRedirection.enable = cfg.libvirt;

      quadlet = {
        enable = true;
        autoEscape = true;
        autoUpdate.enable = false;
        networks = {
          br-services.networkConfig = {
            # TODO: enable dns, fix dns resolution
            # dns = [ "10.10.10.1" ];
            disableDns = true;
            driver = "bridge";
            ipamDriver = "host-local";
            ipv6 = false;
            name = "br-services";
            podmanArgs = [ "--interface-name=br-services" ];
            subnets = [ "10.99.0.0/16" ];
          };
        };
      };
    };

    boot.enableContainers = true;

    environment.systemPackages =
      [ ]
      ++ optionals cfg.docker [ pkgs.docker-compose ]
      ++ optionals cfg.libvirt [ pkgs.virtiofsd ]
      ++ optionals cfg.podman [ pkgs.podman-compose ];

    users.users."qemu-libvirtd" = mkIf cfg.libvirt {
      extraGroups = lib.optionals (!config.virtualisation.libvirtd.qemu.runAsRoot) [
        "input"
        "kvm"
        "libvitrd"
      ];
    };

    security.unprivilegedUsernsClone = true;

    persist.state.directories = [
      "/var/lib/docker"
      "/var/lib/libvirt"
      "/var/lib/containers"
    ];

    home-manager = mkIf useHomeManager {
      users.${defaultUser} = {
        home.file.".config/containers/storage.conf".text = ''
          [storage]
          driver = "overlay"
        '';
        home.file.".config/libvirt/libvirt.conf".text = ''
          uri_default = "qemu:///system"
        '';
        persist.state.directories = [
          ".config/containers"
        ];
      };
    };
  };
}
feat: add and enable virtualisation module (podman and libvirt) 2025-07-04 15:06:12 +03:00			`{`
			`config,`
			`lib,`
			`pkgs,`
feat: fix home-manager detection in modules 2025-07-10 18:31:51 +03:00			`useHomeManager,`
feat: add and enable virtualisation module (podman and libvirt) 2025-07-04 15:06:12 +03:00			`...`
			`}:`
			`let`
feat: fix home-manager detection in modules 2025-07-10 18:31:51 +03:00			`inherit (lib) mkEnableOption mkIf optionals;`
feat: add and enable virtualisation module (podman and libvirt) 2025-07-04 15:06:12 +03:00			`cfg = config.ataraxia.virtualisation;`

			`defaultUser = config.ataraxia.defaults.users.defaultUser;`
			`in`
			`{`
			`options.ataraxia.virtualisation = {`
			`docker = mkEnableOption "Enable docker";`
			`libvirt = mkEnableOption "Enable libvirt";`
			`podman = mkEnableOption "Enable podman";`
			`};`

			`config = mkIf (cfg.docker \|\| cfg.libvirt \|\| cfg.podman) {`
			`virtualisation = {`
			`oci-containers.backend = if (!cfg.podman && cfg.docker) then "docker" else "podman";`
			`docker = {`
			`enable = cfg.docker;`
			`daemon.settings = {`
			`features = {`
			`buildkit = true;`
			`};`
			`};`
			`storageDriver = "overlay2";`
			`};`
			`podman = {`
			`enable = cfg.podman;`
			`defaultNetwork.settings.dns_enabled = true;`
			`dockerSocket.enable = !config.virtualisation.docker.enable;`
			`};`
fix: dns in podman containers 2025-07-10 18:38:18 +03:00			`containers.containersConf.settings = {`
			`network = {`
			`dns_servers = [`
			`"10.10.10.1"`
			`"host"`
			`];`
			`};`
			`};`
feat: add and enable virtualisation module (podman and libvirt) 2025-07-04 15:06:12 +03:00			`containers.registries.search = [`
			`"docker.io"`
			`"ghcr.io"`
			`"quay.io"`
			`];`
			`containers.storage.settings = {`
			`storage = {`
			`driver = "overlay";`
			`graphroot = "/var/lib/containers/storage";`
			`runroot = "/run/containers/storage";`
			`};`
			`};`
			`libvirtd = {`
			`enable = cfg.libvirt;`
			`qemu = {`
			`ovmf.enable = true;`
			`ovmf.packages = [`
			`(pkgs.OVMFFull.override {`
			`secureBoot = true;`
			`tpmSupport = true;`
			`}).fd`
			`];`
			`runAsRoot = false;`
			`swtpm.enable = true;`
			`};`
			`onBoot = "ignore";`
			`onShutdown = "shutdown";`
			`};`

			`spiceUSBRedirection.enable = cfg.libvirt;`
feat: add quadlet bridge network 2025-07-08 22:23:36 +03:00
			`quadlet = {`
			`enable = true;`
			`autoEscape = true;`
			`autoUpdate.enable = false;`
			`networks = {`
			`br-services.networkConfig = {`
fix: dns in podman containers 2025-07-10 18:38:18 +03:00			`# TODO: enable dns, fix dns resolution`
			`# dns = [ "10.10.10.1" ];`
			`disableDns = true;`
feat: add quadlet bridge network 2025-07-08 22:23:36 +03:00			`driver = "bridge";`
			`ipamDriver = "host-local";`
			`ipv6 = false;`
			`name = "br-services";`
			`podmanArgs = [ "--interface-name=br-services" ];`
			`subnets = [ "10.99.0.0/16" ];`
			`};`
			`};`
			`};`
feat: add and enable virtualisation module (podman and libvirt) 2025-07-04 15:06:12 +03:00			`};`

fix: dns in podman containers 2025-07-10 18:38:18 +03:00			`boot.enableContainers = true;`

feat: add and enable virtualisation module (podman and libvirt) 2025-07-04 15:06:12 +03:00			`environment.systemPackages =`
			`[ ]`
			`++ optionals cfg.docker [ pkgs.docker-compose ]`
			`++ optionals cfg.libvirt [ pkgs.virtiofsd ]`
			`++ optionals cfg.podman [ pkgs.podman-compose ];`

			`users.users."qemu-libvirtd" = mkIf cfg.libvirt {`
			`extraGroups = lib.optionals (!config.virtualisation.libvirtd.qemu.runAsRoot) [`
			`"input"`
fix: dns in podman containers 2025-07-10 18:38:18 +03:00			`"kvm"`
			`"libvitrd"`
feat: add and enable virtualisation module (podman and libvirt) 2025-07-04 15:06:12 +03:00			`];`
			`};`

			`security.unprivilegedUsernsClone = true;`

			`persist.state.directories = [`
			`"/var/lib/docker"`
			`"/var/lib/libvirt"`
			`"/var/lib/containers"`
			`];`

feat: fix home-manager detection in modules 2025-07-10 18:31:51 +03:00			`home-manager = mkIf useHomeManager {`
feat: add and enable virtualisation module (podman and libvirt) 2025-07-04 15:06:12 +03:00			`users.${defaultUser} = {`
			`home.file.".config/containers/storage.conf".text = ''`
			`[storage]`
			`driver = "overlay"`
			`'';`
			`home.file.".config/libvirt/libvirt.conf".text = ''`
			`uri_default = "qemu:///system"`
			`'';`
			`persist.state.directories = [`
			`".config/containers"`
			`];`
			`};`
			`};`
			`};`
			`}`