gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

wow the virtual machine is declared now

Browse source
This commit is contained in:
kat witch 2021-03-17 03:47:34 +00:00
parent d36a9f4869
commit 194595cc1c
No known key found for this signature in database
GPG key ID: 1B477797DCA5EC72
17 changed files with 289 additions and 588 deletions
Download patch file Download diff file Expand all files Collapse all files

201
config/hosts/athame/asterisk.nix
View file

@ -1,201 +0,0 @@
{ config, pkgs, witch, ... }:
{
services.asterisk = {
enable = true;
confFiles = {
"rtp.conf" = ''
[general]
rtpstart=10000
rtpend=20000
'';
"extensions.conf" = ''
[from-twilio]
exten => _.,1,Dial(SIP/1337,20)
[from-signalwire]
exten => s,1,Set(numb=''${CUT(CUT(PJSIP_HEADER(read,To),@,1),:,2)})
same => n,Dial(SIP/1337,20)
[from-internal]
exten => _1X.,1,Set(CALLERID(all)="kat" <+${witch.secrets.hosts.athame.phone.number.us}>)
same => n,Dial(PJSIP/''${EXTEN:1}@signalwire)
same => n(end),Hangup()
exten => _2X.,1,Set(CALLERID(all)="kat" <+${witch.secrets.hosts.athame.phone.number.canada}>)
same => n,Dial(PJSIP/''${EXTEN:1}@signalwire)
same => n(end),Hangup()
exten => _3X.,1,Set(CALLERID(all)="kat" <+${witch.secrets.hosts.athame.phone.number.uk}>)
same => n,Dial(PJSIP/+''${EXTEN:1}@twilio-ie)
same => n(end),Hangup()
'';
"pjproject.conf" = ''
; Common pjproject options
;
;========================LOG_MAPPINGS SECTION OPTIONS===============================
;[log_mappings]
; SYNOPSIS: Provides pjproject to Asterisk log level mappings.
; NOTES: The name of this section in the pjproject.conf configuration file must
; remain log_mappings or the configuration will not be applied.
; The defaults mentioned below only apply if this file or the 'log_mappings'
; object can'tbe found. If the object is found, there are no defaults. If
; you don't specify an entry, nothing will be logged for that level.
;
;asterisk_error = ; A comma separated list of pjproject log levels to map to
; Asterisk errors.
; (default: "0,1")
;asterisk_warning = ; A comma separated list of pjproject log levels to map to
; Asterisk warnings.
; (default: "2")
;asterisk_notice = ; A comma separated list of pjproject log levels to map to
; Asterisk notices.
; (default: "")
;asterisk_verbose = ; A comma separated list of pjproject log levels to map to
; Asterisk verbose.
; (default: "")
;asterisk_debug = ; A comma separated list of pjproject log levels to map to
; Asterisk debug
; (default: "3,4,5")
;type= ; Must be of type log_mappings (default: "")
'';
"sip.conf" = ''
[general]
;; Only uncomment this if you want to connect to a different SIP server and receive calls from it
context=public
allowguest=no
udpbindaddr=0.0.0.0:5160
tcpbindaddr=0.0.0.0:5160
tcpenable=yes
transport=udp,tcp
disallow=all
allow=speex32
allow=g722
allow=ulaw
allow=alaw
allow=gsm
allow=g726
[1337]
type=friend
context=from-internal
host=dynamic
secret=${witch.secrets.hosts.athame.phone.password}
nat=force_rport,comedia
'';
"pjsip_wizard.conf" = ''
[user_defaults](!)
type = wizard
accepts_registrations = yes
sends_registrations = no
accepts_auth = yes
sends_auth = no
endpoint/context = from-internal
endpoint/tos_audio=ef
endpoint/tos_video=af41
endpoint/cos_audio=5
endpoint/cos_video=4
endpoint/allow = !all,ulaw
endpoint/dtmf_mode= rfc4733
endpoint/aggregate_mwi = yes
endpoint/use_avpf = no
endpoint/rtcp_mux = no
endpoint/bundle = no
endpoint/ice_support = no
endpoint/media_use_received_transport = no
endpoint/trust_id_inbound = yes
endpoint/media_encryption = no
endpoint/timers = yes
endpoint/media_encryption_optimistic = no
endpoint/send_pai = yes
endpoint/rtp_symmetric = yes
endpoint/rewrite_contact = yes
endpoint/force_rport = yes
endpoint/language = en
[trunk_defaults](!)
type = wizard
endpoint/transport=0.0.0.0-udp
endpoint/allow = !all,ulaw
endpoint/t38_udptl=no
endpoint/t38_udptl_ec=none
endpoint/fax_detect=no
endpoint/trust_id_inbound=no
endpoint/t38_udptl_nat=no
endpoint/direct_media=no
endpoint/rewrite_contact=yes
endpoint/rtp_symmetric=yes
endpoint/dtmf_mode=rfc4733
endpoint/allow_subscribe = no
aor/qualify_frequency = 60
[twilio-ie](trunk_defaults)
sends_auth = yes
sends_registrations = no
remote_hosts = kat-asterisk.pstn.dublin.twilio.com
outbound_auth/username = asterisk
outbound_auth/password = ${witch.secrets.hosts.athame.phone.endpoint.password.twilio}
endpoint/context = from-twilio
aor/qualify_frequency = 60
'';
"pjsip.conf" = ''
[global]
type=global
[0.0.0.0-udp]
type=transport
protocol=udp
bind=0.0.0.0:5060
allow_reload=no
tos=cs3
cos=3
[signalwire]
type=auth
auth_type=userpass
username=asterisk ; Your username
password=${witch.secrets.hosts.athame.phone.endpoint.password.signalwire}
[signalwire]
type=aor
contact=sip:${witch.secrets.hosts.athame.phone.endpoint.url}
[signalwire]
type=endpoint
transport=transport-udp
outbound_auth=signalwire ; Note that there is only an outbound_auth, as we do not challenge when a call arrives inbound
aors=signalwire
disallow=all
allow=speex32
allow=g722
allow=ulaw
allow=alaw
allow=gsm
allow=g726
from_user=asterisk
from_domain=${witch.secrets.hosts.athame.phone.endpoint.url}
media_encryption=sdes ; Note that we are using encryption
context=from-signalwire
[signalwire]
type=registration
server_uri=sip:${witch.secrets.hosts.athame.phone.endpoint.url}
client_uri=sip:asterisk@${witch.secrets.hosts.athame.phone.endpoint.url}; Your full SIP URI
outbound_auth=signalwire
[signalwire]
type=identify
endpoint=signalwire
match=${witch.secrets.hosts.athame.phone.endpoint.url}
'';
"logger.conf" = ''
[general]
dateformat=%F %T
[logfiles]
; Add debug output to log
messages => security, notice,warning,error
syslog.local0 => notice,warning,error,debug
'';
};
};
}

24
config/hosts/athame/bitwarden.nix
View file

@ -1,24 +0,0 @@
{ config, pkgs, witch, ... }:
{
services.bitwarden_rs = {
enable = true;
config = {
rocketPort = 4000;
websocketEnabled = true;
signupsAllowed = false;
adminToken = witch.secrets.hosts.athame.bitwarden_secret;
domain = "https://vault.kittywit.ch";
};
};
services.nginx.virtualHosts."vault.kittywit.ch" = {
enableACME = true;
forceSSL = true;
locations = {
"/".proxyPass = "http://127.0.0.1:4000";
"/notifications/hub".proxyPass = "http://127.0.0.1:3012";
"/notifications/hub/negotiate".proxyPass = "http://127.0.0.1:80";
};
};
}

17
config/hosts/athame/gitea.nix
View file

@ -1,17 +0,0 @@
{ config, pkgs, ... }:
{
services.gitea = {
enable = true;
disableRegistration = true;
domain = "git.kittywit.ch";
rootUrl = "https://git.kittywit.ch";
httpAddress = "127.0.0.1";
};
services.nginx.virtualHosts."git.kittywit.ch" = {
enableACME = true;
forceSSL = true;
locations = { "/".proxyPass = "http://127.0.0.1:3000"; };
};
}

49
config/hosts/athame/mail.nix
View file

@ -1,49 +0,0 @@
{ config, pkgs, witch, sources, ... }:
{
imports = [ sources.nixos-mailserver.outPath ];
mailserver = {
enable = true;
fqdn = "kittywit.ch";
domains = [ "kittywit.ch" ];
# A list of all login accounts. To create the password hashes, use
# nix run nixpkgs.apacheHttpd -c htpasswd -nbB "" "super secret password" | cut -d: -f2
loginAccounts = {
"kat@kittywit.ch" = {
hashedPassword = witch.secrets.hosts.athame.mail.kat.password;
aliases = [ "postmaster@kittywit.ch" ];
# Make this user the catchAll address for domains kittywit.ch and
# example2.com
catchAll = [ "kittywit.ch" ];
};
};
# Extra virtual aliases. These are email addresses that are forwarded to
# loginAccounts addresses.
extraVirtualAliases = {
# address = forward address;
"abuse@kittywit.ch" = "kat@kittywit.ch";
};
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
# down nginx and opens port 80.
certificateScheme = 3;
# Enable IMAP and POP3
enableImap = true;
enablePop3 = true;
enableImapSsl = true;
enablePop3Ssl = true;
# Enable the ManageSieve protocol
enableManageSieve = true;
# whether to scan inbound emails for viruses (note that this requires at least
# 1 Gb RAM for the server. Without virus scanning 256 MB RAM should be plenty)
virusScanning = false;
};
}

119
config/hosts/athame/matrix.nix
View file

@ -1,119 +0,0 @@
{ config, pkgs, witch, ... }:
{
environment.systemPackages =
[ pkgs.arc.pkgs.mx-puppet-discord pkgs.mautrix-whatsapp ];
services.matrix-synapse = {
enable = true;
registration_shared_secret = witch.secrets.hosts.athame.matrix_secret;
max_upload_size = "512M";
server_name = "kittywit.ch";
app_service_config_files = [
"/var/lib/matrix-synapse/telegram-registration.yaml"
"/var/lib/matrix-synapse/discord-registration.yaml"
"/var/lib/matrix-synapse/whatsapp-registration.yaml"
];
listeners = [{
port = 8008;
bind_address = "::1";
type = "http";
tls = false;
x_forwarded = true;
resources = [{
names = [ "client" "federation" ];
compress = false;
}];
}];
};
services.mautrix-telegram = {
enable = true;
settings = {
homeserver = {
address = "http://localhost:8008";
domain = "kittywit.ch";
};
appservice = {
provisioning.enabled = false;
id = "telegram";
public = {
enabled = false;
prefix = "/public";
external = "https://kittywit.ch/public";
};
};
bridge = {
relaybot.authless_portals = false;
permissions = { "@kat:kittywit.ch" = "admin"; };
};
};
environmentFile = "/etc/secrets/mautrix-telegram.env";
};
systemd.services.mx-puppet-discord = {
serviceConfig = {
Type = "simple";
Restart = "always";
ExecStart =
"${pkgs.arc.pkgs.mx-puppet-discord}/bin/mx-puppet-discord -c /var/lib/mx-puppet-discord/config.yaml -f /var/lib/mx-puppet-discord/discord-registration.yaml";
WorkingDirectory = "/var/lib/mx-puppet-discord";
DynamicUser = true;
StateDirectory = "mx-puppet-discord";
UMask = 27;
PrivateTmp = true;
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
};
requisite = [ "matrix-synapse.service" ];
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
};
systemd.services.mautrix-whatsapp = {
serviceConfig = {
Type = "simple";
Restart = "always";
ExecStart =
"${pkgs.mautrix-whatsapp}/bin/mautrix-whatsapp -c /var/lib/mautrix-whatsapp/config.yaml -r /var/lib/mautrix-whatsapp/registration.yaml";
WorkingDirectory = "/var/lib/mautrix-whatsapp";
DynamicUser = true;
StateDirectory = "mautrix-whatsapp";
UMask = 27;
PrivateTmp = true;
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
};
requisite = [ "matrix-synapse.service" ];
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
};
services.nginx.virtualHosts."kittywit.ch" = {
locations = {
"/_matrix" = { proxyPass = "http://[::1]:8008"; };
"= /.well-known/matrix/server".extraConfig =
let server = { "m.server" = "kittywit.ch:443"; };
in ''
add_header Content-Type application/json;
return 200 '${builtins.toJSON server}';
'';
"= /.well-known/matrix/client".extraConfig = let
client = {
"m.homeserver" = { "base_url" = "https://kittywit.ch"; };
"m.identity_server" = { "base_url" = "https://vector.im"; };
};
in ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON client}';
'';
};
};
}

18
config/hosts/athame/murmur.nix
View file

@ -1,18 +0,0 @@
{ config, pkgs, ... }:
{
security.acme = { certs."kittywit.ch" = { group = "kittywit-ch"; }; };
users.groups."kittywit-ch".members = [ "murmur" "nginx" "syncplay" ];
services.murmur = {
enable = true;
hostName = "kittywit.ch";
extraConfig = ''
sslCert=/var/lib/acme/kittywit.ch/fullchain.pem
sslKey=/var/lib/acme/kittywit.ch/key.pem
'';
};
}

29
config/hosts/athame/nextcloud.nix
View file

@ -1,29 +0,0 @@
{ config, pkgs, ... }:
{
systemd.services."nextcloud-setup" = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
};
services.nextcloud = {
enable = true;
hostName = "files.kittywit.ch";
package = pkgs.nextcloud21;
https = true;
config = {
dbtype = "pgsql";
dbuser = "nextcloud";
dbhost = "/run/postgresql";
dbname = "nextcloud";
adminpassFile =
config.secrets.files.nextcloud.path; # TODO replace this with proper secrets management
adminuser = "root";
};
};
services.nginx.virtualHosts."files.kittywit.ch" = {
forceSSL = true;
enableACME = true;
};
}

12
config/hosts/athame/syncplay.nix
View file

@ -1,12 +0,0 @@
{ config, pkgs, ... }:
{
users.users.syncplay = { isSystemUser = true; };
services.syncplay = {
enable = true;
user = "syncplay";
group = "kittywit-ch";
certDir = "/var/lib/acme/kittywit.ch/";
};
}

16
config/hosts/athame/syncserver.nix
View file

@ -1,16 +0,0 @@
{ config, pkgs, ... }:
{
services.firefox.syncserver = {
enable = true;
listen.port = 5001;
allowNewUsers = false;
publicUrl = "https://sync.kittywit.ch";
};
services.nginx.virtualHosts."sync.kittywit.ch" = {
enableACME = true;
forceSSL = true;
locations = { "/".proxyPass = "http://127.0.0.1:5001"; };
};
}

8
config/hosts/athame/taskserver.nix
View file

@ -1,8 +0,0 @@
{ config, lib, ... }:
{
services.taskserver.enable = true;
services.taskserver.fqdn = "kittywit.ch";
services.taskserver.listenHost = "::";
services.taskserver.organisations.kittywitch.users = [ "kat" ];
}

39
config/hosts/athame/weechat.nix
View file

@ -1,39 +0,0 @@
{ config, pkgs, ... }:
let
sources = import ../../../../nix/sources.nix;
unstable = import sources.nixpkgs-unstable { inherit (pkgs) config; };
in {
services.weechat = {
binary = let
new-weechat = pkgs.arc.pkgs.wrapWeechat pkgs.arc.pkgs.weechat-unwrapped {
configure = { availablePlugins, ... }: {
scripts = [ pkgs.arc.pkgs.weechatScripts.weechat-matrix ];
plugins = [
availablePlugins.perl
(availablePlugins.python.withPackages
(ps: [ ps.potr ps.weechat-matrix ]))
];
};
};
in "${new-weechat}/bin/weechat";
enable = true;
};
programs.screen.screenrc = ''
multiuser on
acladd kat
'';
services.nginx.virtualHosts."irc.kittywit.ch" = {
enableACME = true;
forceSSL = true;
locations = {
"/" = { root = pkgs.glowing-bear; };
"^~ /weechat" = {
proxyPass = "http://127.0.0.1:9000";
proxyWebsockets = true;
};
};
};
}

25
config/hosts/athame/znc.nix
View file

@ -1,25 +0,0 @@
{ config, pkgs, witch, ... }:
{
services.znc = {
enable = true;
mutable = false;
useLegacyConfig = false;
openFirewall = false;
config = {
Listener.l = {
Port = 5000;
SSL = false;
AllowWeb = true;
};
modules = [ "webadmin" "adminlog" ];
User = witch.secrets.hosts.athame.znc;
};
};
services.nginx.virtualHosts."znc.kittywit.ch" = {
enableACME = true;
forceSSL = true;
locations = { "/".proxyPass = "http://127.0.0.1:5000"; };
};
}

31
config/hosts/boline/wireguard.nix
View file

@ -1,31 +0,0 @@
{ config, pkgs, ... }:
{
networking.nat.enable = true;
networking.nat.externalInterface = "ens3";
networking.nat.internalInterfaces = [ "wg0" ];
networking.firewall = { allowedUDPPorts = [ 51820 ]; };
networking.wireguard.interfaces = {
wg0 = {
ips = [ "10.100.0.1/24" ];
listenPort = 51820;
postSetup = ''
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
'';
postShutdown = ''
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
'';
privateKeyFile = "/var/secrets/wireguard-private";
peers = [{
publicKey = "{client public key}";
allowedIPs = [ "10.100.0.2/32" ];
}];
};
};
}

BIN
config/hosts/samhain/580-vbios.rom
View file

Binary file not shown.

29
config/hosts/samhain/vm/default.nix
View file

@ -62,6 +62,35 @@
pkgs.virt-manager # obvious reasons
];
systemd.services.libvirtd-guest-win10 = {
after = [ "libvirtd.service" ];
requires = [ "libvirtd.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
type = "oneshot";
RemainAfterExit = "yes";
};
script = let xml = pkgs.writeText "libvirt-guest-win10.xml" (import ./win10.xml.nix {}); in ''
uuid="$(${pkgs.libvirt}/bin/virsh domuuid 'win10' || true)"
${pkgs.libvirt}/bin/virsh define <(sed "s/UUID/$uuid/" '${xml}')
${pkgs.libvirt}/bin/virsh start 'win10';
'';
preStop =
''
${pkgs.libvirt}/bin/virsh shutdown 'win10'
let "timeout = $(date +%s) + 120"
while [ "$(${pkgs.libvirt}/bin/virsh list --name | grep --count '^win10$')" -gt 0 ]; do
if [ "$(date +%s)" -ge "$timeout" ]; then
# meh, we warned it...
${pkgs.libvirt}/bin/virsh destroy 'win10'
else
# the machine is still running, let's give it some time to shut down
sleep 0.5
fi
done
'';
};
home-manager.users.kat = {
# audio for vm on startup
systemd.user.services = {

0
config/hosts/samhain/screenstub.yml → config/hosts/samhain/vm/screenstub.yml
View file

260
config/hosts/samhain/vm/win10.xml.nix Normal file
View file

@ -0,0 +1,260 @@
{ ... }:
''
<domain xmlns:qemu="http://libvirt.org/schemas/domain/qemu/1.0" type="kvm">
<name>win10</name>
<uuid>UUID</uuid>
<metadata>
<libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
<libosinfo:os id="http://microsoft.com/win/10"/>
</libosinfo:libosinfo>
</metadata>
<memory unit="KiB">12582912</memory>
<currentMemory unit="KiB">12582912</currentMemory>
<vcpu placement="static">6</vcpu>
<iothreads>1</iothreads>
<cputune>
<vcpupin vcpu="0" cpuset="0"/>
<vcpupin vcpu="1" cpuset="1"/>
<vcpupin vcpu="2" cpuset="2"/>
<vcpupin vcpu="3" cpuset="6"/>
<vcpupin vcpu="4" cpuset="7"/>
<vcpupin vcpu="5" cpuset="8"/>
<emulatorpin cpuset="3,9"/>
<iothreadpin iothread="1" cpuset="3,9"/>
</cputune>
<os>
<type arch="x86_64" machine="pc-q35-5.1">hvm</type>
<loader readonly="yes" type="pflash">/run/libvirt/nix-ovmf/OVMF_CODE.fd</loader>
<nvram>/var/lib/libvirt/qemu/nvram/win10-3_VARS.fd</nvram>
</os>
<features>
<acpi/>
<apic/>
<hyperv>
<relaxed state="on"/>
<vapic state="on"/>
<spinlocks state="on" retries="8191"/>
</hyperv>
<vmport state="off"/>
</features>
<cpu mode="host-passthrough" check="partial">
<topology sockets="1" dies="1" cores="3" threads="2"/>
<cache mode="passthrough"/>
<feature policy="require" name="topoext"/>
</cpu>
<clock offset="localtime">
<timer name="rtc" tickpolicy="catchup"/>
<timer name="pit" tickpolicy="delay"/>
<timer name="hpet" present="no"/>
<timer name="hypervclock" present="yes"/>
</clock>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<pm>
<suspend-to-mem enabled="no"/>
<suspend-to-disk enabled="no"/>
</pm>
<devices>
<emulator>/run/libvirt/nix-emulators/qemu-system-x86_64</emulator>
<disk type="file" device="disk">
<driver name="qemu" type="raw" discard="unmap"/>
<source file="/dev/disk/by-id/ata-HFS256G32TNF-N3A0A_MJ8BN15091150BM1Z"/>
<target dev="sda" bus="scsi"/>
<boot order="2"/>
<address type="drive" controller="0" bus="0" target="0" unit="0"/>
</disk>
<controller type="usb" index="0" model="qemu-xhci" ports="15">
<address type="pci" domain="0x0000" bus="0x02" slot="0x00" function="0x0"/>
</controller>
<controller type="pci" index="0" model="pcie-root"/>
<controller type="pci" index="1" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="1" port="0x10"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x0" multifunction="on"/>
</controller>
<controller type="pci" index="2" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="2" port="0x11"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x1"/>
</controller>
<controller type="pci" index="3" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="3" port="0x12"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x2"/>
</controller>
<controller type="pci" index="4" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="4" port="0x13"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x3"/>
</controller>
<controller type="pci" index="5" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="5" port="0x14"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x4"/>
</controller>
<controller type="pci" index="6" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="6" port="0x15"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x5"/>
</controller>
<controller type="pci" index="7" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="7" port="0x16"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x6"/>
</controller>
<controller type="pci" index="8" model="pcie-to-pci-bridge">
<model name="pcie-pci-bridge"/>
<address type="pci" domain="0x0000" bus="0x04" slot="0x00" function="0x0"/>
</controller>
<controller type="pci" index="9" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="9" port="0x17"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x7"/>
</controller>
<controller type="pci" index="10" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="10" port="0x8"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x0" multifunction="on"/>
</controller>
<controller type="pci" index="11" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="11" port="0x9"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x1"/>
</controller>
<controller type="pci" index="12" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="12" port="0xa"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x2"/>
</controller>
<controller type="pci" index="13" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="13" port="0xb"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x3"/>
</controller>
<controller type="pci" index="14" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="14" port="0xc"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x4"/>
</controller>
<controller type="pci" index="15" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="15" port="0xd"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x5"/>
</controller>
<controller type="pci" index="16" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="16" port="0xe"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x6"/>
</controller>
<controller type="pci" index="17" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="17" port="0xf"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x7"/>
</controller>
<controller type="pci" index="18" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="18" port="0x18"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x0" multifunction="on"/>
</controller>
<controller type="pci" index="19" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="19" port="0x19"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x1"/>
</controller>
<controller type="pci" index="20" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="20" port="0x1a"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x2"/>
</controller>
<controller type="pci" index="21" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="21" port="0x1b"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x3"/>
</controller>
<controller type="pci" index="22" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="22" port="0x1c"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x4"/>
</controller>
<controller type="pci" index="23" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="23" port="0x1d"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x5" multifunction="on"/>
</controller>
<controller type="pci" index="24" model="pcie-to-pci-bridge">
<model name="pcie-pci-bridge"/>
<address type="pci" domain="0x0000" bus="0x0a" slot="0x00" function="0x0"/>
</controller>
<controller type="virtio-serial" index="0">
<address type="pci" domain="0x0000" bus="0x03" slot="0x00" function="0x0"/>
</controller>
<controller type="scsi" index="0" model="virtio-scsi">
<address type="pci" domain="0x0000" bus="0x06" slot="0x00" function="0x0"/>
</controller>
<controller type="sata" index="0">
<address type="pci" domain="0x0000" bus="0x00" slot="0x1f" function="0x2"/>
</controller>
<interface type="network">
<mac address="52:54:00:61:87:37"/>
<source network="default"/>
<model type="virtio"/>
<address type="pci" domain="0x0000" bus="0x01" slot="0x00" function="0x0"/>
</interface>
<serial type="pty">
<target type="isa-serial" port="0">
<model name="isa-serial"/>
</target>
</serial>
<console type="pty">
<target type="serial" port="0"/>
</console>
<channel type="spicevmc">
<target type="virtio" name="com.redhat.spice.0"/>
<address type="virtio-serial" controller="0" bus="0" port="1"/>
</channel>
<input type="tablet" bus="usb">
<address type="usb" bus="0" port="1"/>
</input>
<input type="mouse" bus="ps2"/>
<input type="keyboard" bus="ps2"/>
<hostdev mode="subsystem" type="pci" managed="yes">
<source>
<address domain="0x0000" bus="0x26" slot="0x00" function="0x0"/>
</source>
<rom file="${./vbios.rom}"/>
<address type="pci" domain="0x0000" bus="0x07" slot="0x00" function="0x0"/>
</hostdev>
<hostdev mode="subsystem" type="pci" managed="yes">
<source>
<address domain="0x0000" bus="0x26" slot="0x00" function="0x1"/>
</source>
<address type="pci" domain="0x0000" bus="0x09" slot="0x00" function="0x0"/>
</hostdev>
<redirdev bus="usb" type="spicevmc">
<address type="usb" bus="0" port="2"/>
</redirdev>
<redirdev bus="usb" type="spicevmc">
<address type="usb" bus="0" port="3"/>
</redirdev>
<memballoon model="virtio">
<address type="pci" domain="0x0000" bus="0x05" slot="0x00" function="0x0"/>
</memballoon>
</devices>
<qemu:commandline>
<qemu:arg value="-chardev"/>
<qemu:arg value="socket,path=/tmp/vfio-qmp,server,nowait,id=qmp0"/>
<qemu:arg value="-mon"/>
<qemu:arg value="chardev=qmp0,id=qmp,mode=control"/>
<qemu:arg value="-chardev"/>
<qemu:arg value="socket,path=/tmp/vfio-qga,server,nowait,id=qga0"/>
<qemu:arg value="-device"/>
<qemu:arg value="virtserialport,chardev=qga0,name=org.qemu.guest_agent.0"/>
<qemu:arg value="-set"/>
<qemu:arg value="device.scsi0-0-0-0.rotation_rate=1"/>
<qemu:arg value="-cpu"/>
<qemu:arg value="host,hv_time,kvm=off,hv_vendor_id=null,-hypervisor"/>
</qemu:commandline>
</domain>
''