AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix passthroug module

Browse Source
This commit is contained in:
Dmitriy Kholkin 2023-04-08 17:57:42 +03:00
parent dacb7b977d
commit e648013fb8
3 changed files with 60 additions and 109 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
modules/passthrough/default.nix
View File

@ -1,8 +1,3 @@
{ {
# Add your NixOS modules here imports = [ ./virtualisation.nix ./vfio.nix ];
#
# libvirt = ./libvirt.nix;
# vfio = ./vfio.nix;
# virtualisation.nix = ./virtualisation.nix;
imports = [ ./virtualisation.nix ./vfio.nix ./libvirt.nix ];
} }

37
modules/passthrough/libvirt.nix
View File

@ -1,37 +0,0 @@
{ lib, pkgs, config, ... }:
with lib;
let
cfg = config.virtualisation.libvirtd;
boolToZeroOne = x: if x then "1" else "0";
aclString = with lib.strings;
concatMapStringsSep ''
,
'' escapeNixString cfg.deviceACL;
in {
options.virtualisation.libvirtd = {
deviceACL = mkOption {
type = types.listOf types.str;
default = [ ];
};
clearEmulationCapabilities = mkOption {
type = types.bool;
default = true;
};
};
config.users.users."qemu-libvirtd" = {
extraGroups = optionals (!cfg.qemu.runAsRoot) [ "kvm" "input" ];
isSystemUser = true;
};
config.virtualisation.libvirtd.qemu.verbatimConfig = ''
clear_emulation_capabilities = ${
boolToZeroOne cfg.clearEmulationCapabilities
}
cgroup_device_acl = [
${aclString}
]
'';
}

67
modules/passthrough/vfio.nix
View File

@ -2,9 +2,15 @@
with lib; with lib;
let let
cfg = config.virtualisation.vfio; cfg = config.virtualisation.vfio;
acscommit = "1ec4cb0753488353e111496a90bdfbe2a074827e"; cfg-libvirtd = config.virtualisation.libvirtd;
boolToZeroOne = x: if x then "1" else "0";
aclString = with lib.strings;
concatMapStringsSep ''
,
'' escapeNixString cfg.deviceACL;
in { in {
options.virtualisation.vfio = { options.virtualisation = {
vfio = {
enable = mkEnableOption "VFIO Configuration"; enable = mkEnableOption "VFIO Configuration";
IOMMUType = mkOption { IOMMUType = mkOption {
type = types.enum [ "intel" "amd" ]; type = types.enum [ "intel" "amd" ];
@ -35,15 +41,16 @@ in {
description = description =
"Enables or disables kvm guest access to model-specific registers"; "Enables or disables kvm guest access to model-specific registers";
}; };
applyACSpatch = mkOption { };
libvirtd = {
deviceACL = mkOption {
type = types.listOf types.str;
default = [ ];
};
clearEmulationCapabilities = mkOption {
type = types.bool; type = types.bool;
default = false; default = true;
description = '' };
If set, the following things will happen:
- The ACS override patch is applied
- Applies the i915-vga-arbiter patch
- Adds pcie_acs_override=downstream to the command line
'';
}; };
}; };
@ -55,8 +62,8 @@ in {
boot.kernelParams = (if cfg.IOMMUType == "intel" then [ boot.kernelParams = (if cfg.IOMMUType == "intel" then [
"intel_iommu=on" "intel_iommu=on"
"intel_iommu=igfx_off" "intel_iommu=igfx_off"
] else ] else [ "amd_iommu=on" ])
[ "amd_iommu=on" ]) ++ (optional (builtins.length cfg.devices > 0) ++ (optional (builtins.length cfg.devices > 0)
("vfio-pci.ids=" + builtins.concatStringsSep "," cfg.devices)) ("vfio-pci.ids=" + builtins.concatStringsSep "," cfg.devices))
++ (optionals cfg.applyACSpatch [ ++ (optionals cfg.applyACSpatch [
"pcie_acs_override=downstream,multifunction" "pcie_acs_override=downstream,multifunction"
@ -68,35 +75,21 @@ in {
]); ]);
boot.kernelModules = [ "vfio_virqfd" "vfio_pci" "vfio_iommu_type1" "vfio" ]; boot.kernelModules = [ "vfio_virqfd" "vfio_pci" "vfio_iommu_type1" "vfio" ];
boot.initrd.kernelModules = boot.initrd.kernelModules =
[ "vfio_virqfd" "vfio_pci" "vfio_iommu_type1" "vfio" ]; [ "vfio_virqfd" "vfio_pci" "vfio_iommu_type1" "vfio" ];
boot.blacklistedKernelModules = boot.blacklistedKernelModules =
optionals cfg.blacklistNvidia [ "nvidia" "nouveau" ]; optionals cfg.blacklistNvidia [ "nvidia" "nouveau" ];
boot.kernelPatches = optionals cfg.applyACSpatch [ users.users."qemu-libvirtd" = {
{ extraGroups = optionals (!cfg-libvirtd.qemu.runAsRoot) [ "kvm" "input" ];
name = "add-acs-overrides"; };
patch = pkgs.fetchurl { virtualisation.libvirtd.qemu.verbatimConfig = ''
name = "add-acs-overrides.patch"; clear_emulation_capabilities = ${
url = boolToZeroOne cfg-libvirtd.clearEmulationCapabilities
"https://raw.githubusercontent.com/slowbro/linux-vfio/v5.5.4-arch1/add-acs-overrides.patch"; }
#url = cgroup_device_acl = [
# "https://aur.archlinux.org/cgit/aur.git/plain/add-acs-overrides.patch?h=linux-vfio&id=${acscommit}"; ${aclString}
sha256 = "0nbmc5bwv7pl84l1mfhacvyp8vnzwhar0ahqgckvmzlhgf1n1bii"; ]
}; '';
}
{
name = "i915-vga-arbiter";
patch = pkgs.fetchurl {
name = "i915-vga-arbiter.patch";
url =
"https://raw.githubusercontent.com/slowbro/linux-vfio/v5.5.4-arch1/i915-vga-arbiter.patch";
#url =
# "https://aur.archlinux.org/cgit/aur.git/plain/i915-vga-arbiter.patch?h=linux-vfio&id=${acscommit}";
sha256 = "1m5nn9pfkf685g31y31ip70jv61sblvxgskqn8a0ca60mmr38krk";
};
}
];
}; };
} }