gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

hosts/samhain: Moved VM entirely to private

Browse source
This commit is contained in:
kat witch 2021-04-28 04:38:25 +01:00
parent 2ff702aab3
commit 7577c0ebc8
No known key found for this signature in database
GPG key ID: 1B477797DCA5EC72
5 changed files with 0 additions and 484 deletions
Download patch file Download diff file Expand all files Collapse all files

1
hosts/samhain/nixos/default.nix
View file

@ -16,7 +16,6 @@ in {
../../../services/restic.nix
../../../services/nginx.nix
./thermal
./vm
./transmission.nix
./jellyfin.nix
./virtualhosts.nix

130
hosts/samhain/nixos/vm/default.nix
View file

@ -1,130 +0,0 @@
{ config, pkgs, lib, ... }:
{
/* # libvirtd is used for our virtual machine
virtualisation.libvirtd = {
enable = true;
qemuOvmf = true;
qemuRunAsRoot = false;
onBoot = "ignore";
onShutdown = "shutdown";
};
*/
# required for guest reboots with the 580
boot.extraModulePackages = [
(pkgs.linuxPackagesFor config.boot.kernelPackages.kernel).vendor-reset
]; # required groups for various intentions
users.users.kat.extraGroups = [ "libvirtd" "input" "qemu-libvirtd" ];
# video=efifb:off allows the 580 to be passed through regardless of being the boot display and allows the 560 to act as a console device
# pci=noats means that it doesn't kernel panic on my specific configuration
boot.kernelParams = [
"amd_iommu=on"
"pci=noats"
"video=efifb:off"
]; # eventually switch to vfio-pci.ids to replace the boot.initrd.preDeviceCommands block
boot.initrd.availableKernelModules =
[ "amdgpu" "vfio-pci" ]; # vfio-pci is required for pci passthrough
boot.kernelModules =
[ "i2c-dev" "kvm-amd" ]; # i2c-dev is required for DDC/CI for screenstub
# this section makes vfio-pci be injected as the driver for the 580 and its audio thingy
# it should be replaced as mentioned with vfio-pci.ids
# the script provided: https://alexbakker.me/post/nixos-pci-passthrough-qemu-vfio.html can be used to find iommu groups
boot.initrd.preDeviceCommands = ''
DEVS="0000:26:00.0 0000:26:00.1"
for DEV in $DEVS; do
echo "vfio-pci" > /sys/bus/pci/devices/$DEV/driver_override
done
modprobe -i vfio-pci
'';
# rules are for:
# * monitor ddc/ci
# * input for qemu
# * rule for event-mouse (i hope?)
# * uinput rule
services.udev.extraRules = ''
SUBSYSTEM=="i2c-dev", GROUP="users", MODE="0660"
SUBSYSTEM=="usb", ATTRS{idVendor}=="05ac", ATTRS{idProduct}=="12a8", GROUP="users"
SUBSYSTEM=="usb", ATTRS{idVendor}=="04d9", ATTRS{idProduct}=="fa58", GROUP="users"
SUBSYSTEM=="usb", ACTION=="add", ATTRS{idVendor}=="fa58", ATTRS{idProduct}=="04d9", GROUP="users"
SUBSYSTEM=="misc", KERNEL=="uinput", OPTIONS+="static_node=uinput", MODE="0660", GROUP="uinput"
SUBSYSTEM=="vfio", OWNER="kat", GROUP="users"
SUBSYSTEM=="block", ACTION=="add", ATTRS{model}=="HFS256G32TNF-N3A", ATTRS{wwid}=="t10.ATA HFS256G32TNF-N3A0A MJ8BN15091150BM1Z ", OWNER="kat"
SUBSYSTEM=="block", ACTION=="add", ATTR{partition}=="2", ATTR{size}=="1953503232", ATTRS{wwid}=="naa.5000039fe6e8614e", OWNER="kat"
'';
environment.systemPackages = [
# pkgs.nur.repos.arc.packages.screenstub # for DDC/CI and input forwarding (currently disabled due to using changed source)
pkgs.arc.pkgs.scream-arc # for audio forwarding
pkgs.screenstub # for input handling
pkgs.ddcutil # for diagnostics on DDC/CI
pkgs.kat-vm
];
security.pam.loginLimits = [{
domain = "@users";
type = "-";
item = "memlock";
value = "unlimited";
}];
systemd.extraConfig = "DefaultLimitMEMLOCK=infinity";
/* systemd.services.libvirtd-guest-win10 = {
enable = true;
after = [ "libvirtd.service" ];
requires = [ "libvirtd.service" ];
serviceConfig = {
type = "oneshot";
RemainAfterExit = "yes";
};
script = let
xml =
pkgs.writeText "libvirt-guest-win10.xml" (import ./win10.xml.nix { });
in ''
uuid="$(${pkgs.libvirt}/bin/virsh domuuid 'win10' || true)"
${pkgs.libvirt}/bin/virsh define <(sed "s/UUID/$uuid/" '${xml}')
${pkgs.libvirt}/bin/virsh start 'win10';
'';
preStop = ''
${pkgs.libvirt}/bin/virsh shutdown 'win10'
let "timeout = $(date +%s) + 120"
while [ "$(${pkgs.libvirt}/bin/virsh list --name | grep --count '^win10$')" -gt 0 ]; do
if [ "$(date +%s)" -ge "$timeout" ]; then
# meh, we warned it...
${pkgs.libvirt}/bin/virsh destroy 'win10'
else
# the machine is still running, let's give it some time to shut down
sleep 0.5
fi
done
'';
};
*/
katnet.public.tcp.ports = [ 4010 ];
home-manager.users.kat = {
# audio for vm on startup
systemd.user.services = {
scream = {
Unit = { Description = "Scream - Audio forwarding from the VM."; };
Service = {
ExecStart = "${pkgs.scream-arc}/bin/scream -i virbr0 -o pulse";
Restart = "always";
};
Install = { WantedBy = [ "default.target" ]; };
};
};
};
# BusId is used to specify the graphics card used for X / lightdm / wayland
# BusId must be decimal conversion of the equivalent but matching the format, this was 0000:25:00.0
services.xserver.deviceSection = lib.mkDefault ''
Option "TearFree" "true"
BusID "PCI:37:0:0"
'';
}

85
hosts/samhain/nixos/vm/screenstub.yml
View file

@ -1,85 +0,0 @@
screens:
- monitor: # fill in with info from `screenstub detect`
manufacturer: BNQ
model: BenQ GW2270
#serial: "..."
guest_source: # Could be automatically detected, but best to fill in if monitor has more than two inputs
name: HDMI-1
#value: 0x0f # can also specify raw VCP value
host_source: # Usually automatically detected
name: HDMI-2
#value: 0x11
ddc:
#minimal_delay: 100ms # minimum time to wait between switching inputs again
#guest: [] # disable input switching
#host: [] # disable input switching
guest: # configure how to switch to the guest
#- guest_wait # wait until guest agent responds, otherwise might get stranded on other input
- ddc # (default) Use ddc-rs
#exec: ["ddcutil", "-g", "BNQ", "setvcp", "0x60", "{}"]
#- exec: [ddccontrol, -r, "0x60", -w, "{}", /dev/i2c-5]
host: # configure how to switch back from the guest
- ddc # (default) Controls DDC from the host GPU - requires no guest agent but many monitors won't support this
#- exec: ["ddcutil", "-g", "BNQ", "setvcp", "0x60", "{}"]
#- guest_exec: ["C:/ddcset.exe", "setvcp", "60", "{:x}"] # or "0x{:x}" for hex input value
#- guest_exec: ["C:/ScreenBright.exe", "-set", "0x60", "{}"] # "{}" is for decimal input value
#- exec: ["ssh", "user@vm", "ddcutil", "setvcp", "0x60", "{}"] # system commands can also be used
qemu:
#routing: qmp # (default) does not require extra configuration or dependencies
#routing: spice # no external requirements # CURRENTLY UNIMPLEMENTED
#routing: input-linux # requires uinput
routing: virtio-host # requires uinput, recommended for performance, requires vioinput drivers in guest
#driver: ps2 # use PS/2 in the guest for all input devices (absolute mouse mode unsupported)
#driver: usb # use USB keyboard/mouse/tablet in the guest
#driver: virtio # Recommended but vioinput drivers must be installed in guest
#keyboard_driver: ps2 # (default) can also be set separately per input type, this should rarely be necessary
#relative_driver: usb # (default)
#absolute_driver: usb # (default)
#driver: virtio
#relative_driver: virtio
qmp_socket: /tmp/vfio-qmp # path to QMP socket
ga_socket: /tmp/vfio-qga # path to Guest Agent socket
key_remap: # Arbitrary keys can be remapped in the guest
# See https://docs.rs/input-linux/*/input_linux/enum.Key.html for a list of key names available (mouse buttons can also be used)
LeftMeta: Reserved # disable the windows key
RightAlt: LeftMeta # remap right alt to trigger the windows key
hotkeys: # Trigger various events on key combinations
#- toggle_grab:y
# xdevice: # CURRENTLY UNIMPLEMENTED
# devices: # Only grab specific devices from Xorg
# - "..."
#- exec: [echo, hi] # Execute an arbitrary system command
#- show_host # switch to the host display
#- show_guest # switch to the guest display
#- toggle_show # switch the current display
#- unstick_guest # causes all held keys to be released in the guest
#- shutdown # safely shuts the guest system down
#- reboot # reboots the guest
#- exit # quits screenstub
- triggers: [G]
modifiers: [LeftMeta]
events:
- toggle_grab:
x:
mouse: false # Confine input/mouse to window
- toggle_grab:
evdev: # evdev grab is useful for playing games that don't work with absolute mouse events
exclusive: false # grab exclusive access from the device(s)
#new_device_name: "unique-grab-name" # create a new uinput device for this grab
xcore_ignore: [absolute] # which events to ignore from the window (key, button, absolute)
evdev_ignore: [button] # which events to ignore from the evdev device
devices: # List of devices to forward to guest
- /dev/input/by-id/usb-04d9_USB_Laser_Game_Mouse-event-mouse
- unstick_host # force-depress all Xorg keys (prevents keys getting stuck)
- triggers: [T]
modifiers: [LeftMeta]
on_release: false
events:
- toggle_show
exit_events: # Events to trigger on window close / exit
- show_host
#- shutdown

268
hosts/samhain/nixos/vm/win10.xml.nix
View file

@ -1,268 +0,0 @@
{ ... }:
''
<domain xmlns:qemu="http://libvirt.org/schemas/domain/qemu/1.0" type="kvm">
<name>win10</name>
<uuid>UUID</uuid>
<metadata>
<libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
<libosinfo:os id="http://microsoft.com/win/10"/>
</libosinfo:libosinfo>
</metadata>
<memory unit="KiB">12582912</memory>
<currentMemory unit="KiB">12582912</currentMemory>
<vcpu placement="static">6</vcpu>
<iothreads>1</iothreads>
<cputune>
<vcpupin vcpu="0" cpuset="0"/>
<vcpupin vcpu="1" cpuset="1"/>
<vcpupin vcpu="2" cpuset="2"/>
<vcpupin vcpu="3" cpuset="6"/>
<vcpupin vcpu="4" cpuset="7"/>
<vcpupin vcpu="5" cpuset="8"/>
<emulatorpin cpuset="3,9"/>
<iothreadpin iothread="1" cpuset="3,9"/>
</cputune>
<os>
<type arch="x86_64" machine="pc-q35-5.1">hvm</type>
<loader readonly="yes" type="pflash">/run/libvirt/nix-ovmf/OVMF_CODE.fd</loader>
<nvram>/var/lib/libvirt/qemu/nvram/win10_VARS.fd</nvram>
</os>
<features>
<acpi/>
<apic/>
<hyperv>
<relaxed state="on"/>
<vapic state="on"/>
<spinlocks state="on" retries="8191"/>
</hyperv>
<vmport state="off"/>
</features>
<cpu mode="host-passthrough" check="partial">
<topology sockets="1" dies="1" cores="3" threads="2"/>
<cache mode="passthrough"/>
<feature policy="require" name="topoext"/>
</cpu>
<clock offset="localtime">
<timer name="rtc" tickpolicy="catchup"/>
<timer name="pit" tickpolicy="delay"/>
<timer name="hpet" present="no"/>
<timer name="hypervclock" present="yes"/>
</clock>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<pm>
<suspend-to-mem enabled="no"/>
<suspend-to-disk enabled="no"/>
</pm>
<devices>
<emulator>/run/libvirt/nix-emulators/qemu-system-x86_64</emulator>
<disk type="file" device="disk">
<driver name="qemu" type="raw" discard="unmap"/>
<source file="/dev/disk/by-id/ata-HFS256G32TNF-N3A0A_MJ8BN15091150BM1Z"/>
<target dev="sda" bus="scsi"/>
<boot order="2"/>
<address type="drive" controller="0" bus="0" target="0" unit="0"/>
</disk>
<disk type="block" device="disk">
<driver name="qemu" type="raw" cache="none" io="native"/>
<source dev="/dev/disk/by-id/ata-TOSHIBA_HDWD130_787VUS4AS-part2" index="2"/>
<backingStore/>
<target dev="sdb" bus="scsi"/>
<alias name="scsi0-0-0-1"/>
<address type="drive" controller="0" bus="0" target="0" unit="1"/>
</disk>
<controller type="usb" index="0" model="qemu-xhci" ports="15">
<address type="pci" domain="0x0000" bus="0x02" slot="0x00" function="0x0"/>
</controller>
<controller type="pci" index="0" model="pcie-root"/>
<controller type="pci" index="1" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="1" port="0x10"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x0" multifunction="on"/>
</controller>
<controller type="pci" index="2" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="2" port="0x11"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x1"/>
</controller>
<controller type="pci" index="3" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="3" port="0x12"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x2"/>
</controller>
<controller type="pci" index="4" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="4" port="0x13"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x3"/>
</controller>
<controller type="pci" index="5" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="5" port="0x14"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x4"/>
</controller>
<controller type="pci" index="6" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="6" port="0x15"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x5"/>
</controller>
<controller type="pci" index="7" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="7" port="0x16"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x6"/>
</controller>
<controller type="pci" index="8" model="pcie-to-pci-bridge">
<model name="pcie-pci-bridge"/>
<address type="pci" domain="0x0000" bus="0x04" slot="0x00" function="0x0"/>
</controller>
<controller type="pci" index="9" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="9" port="0x17"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x7"/>
</controller>
<controller type="pci" index="10" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="10" port="0x8"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x0" multifunction="on"/>
</controller>
<controller type="pci" index="11" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="11" port="0x9"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x1"/>
</controller>
<controller type="pci" index="12" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="12" port="0xa"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x2"/>
</controller>
<controller type="pci" index="13" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="13" port="0xb"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x3"/>
</controller>
<controller type="pci" index="14" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="14" port="0xc"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x4"/>
</controller>
<controller type="pci" index="15" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="15" port="0xd"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x5"/>
</controller>
<controller type="pci" index="16" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="16" port="0xe"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x6"/>
</controller>
<controller type="pci" index="17" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="17" port="0xf"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x7"/>
</controller>
<controller type="pci" index="18" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="18" port="0x18"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x0" multifunction="on"/>
</controller>
<controller type="pci" index="19" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="19" port="0x19"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x1"/>
</controller>
<controller type="pci" index="20" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="20" port="0x1a"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x2"/>
</controller>
<controller type="pci" index="21" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="21" port="0x1b"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x3"/>
</controller>
<controller type="pci" index="22" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="22" port="0x1c"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x4"/>
</controller>
<controller type="pci" index="23" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="23" port="0x1d"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x5" multifunction="on"/>
</controller>
<controller type="pci" index="24" model="pcie-to-pci-bridge">
<model name="pcie-pci-bridge"/>
<address type="pci" domain="0x0000" bus="0x0a" slot="0x00" function="0x0"/>
</controller>
<controller type="virtio-serial" index="0">
<address type="pci" domain="0x0000" bus="0x03" slot="0x00" function="0x0"/>
</controller>
<controller type="scsi" index="0" model="virtio-scsi">
<address type="pci" domain="0x0000" bus="0x06" slot="0x00" function="0x0"/>
</controller>
<controller type="sata" index="0">
<address type="pci" domain="0x0000" bus="0x00" slot="0x1f" function="0x2"/>
</controller>
<interface type="network">
<mac address="52:54:00:61:87:37"/>
<source network="default"/>
<model type="virtio"/>
<address type="pci" domain="0x0000" bus="0x01" slot="0x00" function="0x0"/>
</interface>
<serial type="pty">
<target type="isa-serial" port="0">
<model name="isa-serial"/>
</target>
</serial>
<console type="pty">
<target type="serial" port="0"/>
</console>
<channel type="spicevmc">
<target type="virtio" name="com.redhat.spice.0"/>
<address type="virtio-serial" controller="0" bus="0" port="1"/>
</channel>
<input type="tablet" bus="usb">
<address type="usb" bus="0" port="1"/>
</input>
<input type="mouse" bus="ps2"/>
<input type="keyboard" bus="ps2"/>
<hostdev mode="subsystem" type="pci" managed="yes">
<source>
<address domain="0x0000" bus="0x26" slot="0x00" function="0x0"/>
</source>
<rom file="${./vbios.rom}"/>
<address type="pci" domain="0x0000" bus="0x07" slot="0x00" function="0x0"/>
</hostdev>
<hostdev mode="subsystem" type="pci" managed="yes">
<source>
<address domain="0x0000" bus="0x26" slot="0x00" function="0x1"/>
</source>
<address type="pci" domain="0x0000" bus="0x09" slot="0x00" function="0x0"/>
</hostdev>
<redirdev bus="usb" type="spicevmc">
<address type="usb" bus="0" port="2"/>
</redirdev>
<redirdev bus="usb" type="spicevmc">
<address type="usb" bus="0" port="3"/>
</redirdev>
<memballoon model="virtio">
<address type="pci" domain="0x0000" bus="0x05" slot="0x00" function="0x0"/>
</memballoon>
</devices>
<qemu:commandline>
<qemu:arg value="-chardev"/>
<qemu:arg value="socket,path=/tmp/vfio-qmp,server,nowait,id=qmp0"/>
<qemu:arg value="-mon"/>
<qemu:arg value="chardev=qmp0,id=qmp,mode=control"/>
<qemu:arg value="-chardev"/>
<qemu:arg value="socket,path=/tmp/vfio-qga,server,nowait,id=qga0"/>
<qemu:arg value="-device"/>
<qemu:arg value="virtserialport,chardev=qga0,name=org.qemu.guest_agent.0"/>
<qemu:arg value="-set"/>
<qemu:arg value="device.scsi0-0-0-0.rotation_rate=1"/>
<qemu:arg value="-cpu"/>
<qemu:arg value="host,hv_time,kvm=off,hv_vendor_id=null,-hypervisor"/>
</qemu:commandline>
</domain>
''

BIN
pkgs/kat-vm/vbios.rom
View file

Binary file not shown.