first attempt on gpu passthrough

flake.lock

@@ -203,11 +203,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1687969886,
+        "lastModified": 1688302761,
-        "narHash": "sha256-tC2qFLmuM0PFaw0tMHVcFmzsG/351q09qa1EpuL2n1U=",
+        "narHash": "sha256-YIYKeX3YfoAIg9DTe6cl1ga87rDCNDZugdGuqsvEN30=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "a7002d6bfca54742d5fc9b485a1879953b4585b9",
+        "rev": "c85d9137db45a1c9c161f4718b13cc3bd4cbd173",
         "type": "github"
       },
       "original": {
@@ -223,11 +223,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1687101087,
+        "lastModified": 1688282687,
-        "narHash": "sha256-7whjv4o+IsqyILNPGtNA3TdBOdGTNqi7gd3SYneQXEs=",
+        "narHash": "sha256-OS8ua5R5r3R7D6sGN3dQteELASn1ZN6E7xxkAY81J/0=",
         "owner": "therealr5",
         "repo": "TruckSimulatorBot-images",
-        "rev": "c2b85c3117b9ddbab6c93d6ea3e3fca452643b71",
+        "rev": "f27975d1d364cab329077e53a7021e99146cbc65",
         "type": "github"
       },
       "original": {
@@ -333,11 +333,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1688049487,
+        "lastModified": 1688231357,
-        "narHash": "sha256-100g4iaKC9MalDjUW9iN6Jl/OocTDtXdeAj7pEGIRh4=",
+        "narHash": "sha256-ZOn16X5jZ6X5ror58gOJAxPfFLAQhZJ6nOUeS4tfFwo=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "4bc72cae107788bf3f24f30db2e2f685c9298dc9",
+        "rev": "645ff62e09d294a30de823cb568e9c6d68e92606",
         "type": "github"
       },
       "original": {
@@ -409,11 +409,11 @@
     },
     "nixpkgs-stable_2": {
       "locked": {
-        "lastModified": 1687031877,
+        "lastModified": 1688256355,
-        "narHash": "sha256-yMFcVeI+kZ6KD2QBrFPNsvBrLq2Gt//D0baHByMrjFY=",
+        "narHash": "sha256-/E+OSabu4ii5+ccWff2k4vxDsXYhpc4hwnm0s6JOz7Y=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "e2e2059d19668dab1744301b8b0e821e3aae9c99",
+        "rev": "f553c016a31277246f8d3724d3b1eee5e8c0842c",
         "type": "github"
       },
       "original": {
@@ -461,11 +461,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1687686412,
+        "lastModified": 1688283850,
-        "narHash": "sha256-Wq9D5tBxKNJVpeUDW8ZJRm1PM+JLgr16tdvaULuPMbo=",
+        "narHash": "sha256-MYqRBDJL1DJHbwexYxDb/9R1qvuhYakh1E+SfzDadc8=",
         "owner": "therealr5",
         "repo": "purge",
-        "rev": "4fc0ee4454dc5afaa8b370f1f642e012a06fe42e",
+        "rev": "0a5ca0cc596afd360639bfd8ac6187245b3734ec",
         "type": "github"
       },
       "original": {
@@ -548,11 +548,11 @@
         "nixpkgs-stable": "nixpkgs-stable_2"
       },
       "locked": {
-        "lastModified": 1687398569,
+        "lastModified": 1688268466,
-        "narHash": "sha256-e/umuIKFcFtZtWeX369Hbdt9r+GQ48moDmlTcyHWL28=",
+        "narHash": "sha256-fArazqgYyEFiNcqa136zVYXihuqzRHNOOeVICayU2Yg=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "2ff6973350682f8d16371f8c071a304b8067f192",
+        "rev": "5ed3c22c1fa0515e037e36956a67fe7e32c92957",
         "type": "github"
       },
       "original": {
@@ -583,11 +583,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1687686435,
+        "lastModified": 1688282790,
-        "narHash": "sha256-G/GW1x4UEcj41ss6hjmtGim0tKzS/mFQ9lnE2b2hhig=",
+        "narHash": "sha256-7+/witOmi7o6oPp8ILjcY/2BBjQnTaeOkeJ+NND3ZjI=",
         "owner": "therealr5",
         "repo": "TruckSimulatorBot",
-        "rev": "17e3c09b0b29067614841d183800ac361773cd9a",
+        "rev": "f2b10439be8238ed2123851dd80f280b8ca2eddc",
         "type": "github"
       },
       "original": {

hosts/thinkpad/default.nix

@@ -6,6 +6,7 @@
       ./hardware-configuration.nix
       ./modules/networks
       ./modules/greetd
+      ./modules/virtualisation
       ./modules/snapper
     ];
 
@@ -156,7 +157,6 @@
     fwupd.enable = true; # firmware updates
   };
 
-  # fun fact: if I disable this, Hyprland breaks due to missing egl dependencies
   programs.steam.enable = true; # putting steam in here cause in home manager it doesn't work
 
   programs.ausweisapp = {
@@ -164,22 +164,6 @@
     openFirewall = true;
   };
 
-  virtualisation.libvirtd.enable = true;
-  virtualisation.spiceUSBRedirection.enable = true;
-
-  # fix to enable secure boot in vms
-  environment.etc = {
-    "ovmf/edk2-x86_64-secure-code.fd" = {
-      source = config.virtualisation.libvirtd.qemu.package + "/share/qemu/edk2-x86_64-secure-code.fd";
-    };
-
-    "ovmf/edk2-i386-vars.fd" = {
-      source = config.virtualisation.libvirtd.qemu.package + "/share/qemu/edk2-i386-vars.fd";
-      mode = "0644";
-      user = "libvirtd";
-    };
-  };
-
   systemd.sleep.extraConfig = ''
     HibernateDelaySec=2h
   '';
@@ -221,8 +205,8 @@
     killall
     zip
     unzip
+    pciutils
 
-    virt-viewer # multi monitor for vms
     sbctl
 
     deploy-rs

hosts/thinkpad/modules/virtualisation/default.nix

@@ -0,0 +1,88 @@
+{ config, lib, pkgs, ... }:
+# Virtualisation with gpu passthrough
+# Following https://astrid.tech/2022/09/22/0/nixos-gpu-vfio/
+let
+  gpuHook = pkgs.writeShellScript "gpuhook.sh" ''
+    export PATH=$PATH:${lib.makeBinPath [pkgs.pciutils pkgs.kmod pkgs.psmisc pkgs.systemd pkgs.coreutils]}
+    gpu_domains=(
+        win11
+    )
+    function gpu_begin {
+        set -x
+        device=$(lspci -nnD | grep "VGA compatible controller" | grep Intel)
+        # Stop display manager
+        systemctl stop greetd.service
+        # Unbind vtconsole
+        for i in /sys/class/vtconsole/*/bind; do
+            echo 0 > "$i"
+        done
+        # Kill pulseaudio
+        killall pipewire
+        killall pipewire-pulse
+        # Unbind GPU
+        echo "$device" | cut -d' ' -f1 > /sys/module/i915/drivers/pci:i915/unbind
+        # Unload modules
+        rmmod snd_hda_intel
+        rmmod i915
+        # Load vfio
+        modprobe vfio-pci ids="$(echo "$device" | grep -o 8086:....)"
+    }
+    function gpu_end {
+        set -x
+        # Unload vfio
+        rmmod vfio_pci
+        # Load modules
+        modprobe snd_hda_intel
+        modprobe i915
+        # Rebind vtconsole
+        for i in /sys/class/vtconsole/*/bind; do
+            echo 1 > "$i"
+        done
+        # Start display manager
+        systemctl start greetd.service
+    }
+    # Run only for gpu_domains
+    for d in "''${gpu_domains[@]}"; do
+        [ "$d" = "$1" ] && gpu_domain=true
+    done
+    if [ "$gpu_domain" = true ]; then
+        [ "$2" = prepare ] && [ "$3" = begin ] && gpu_begin
+        [ "$2" = release ] && [ "$3" = end ] && gpu_end
+    fi
+    true
+  '';
+in
+{
+
+  virtualisation.libvirtd.enable = true;
+  virtualisation.spiceUSBRedirection.enable = true;
+
+  # fix to enable secure boot in vms
+  environment.etc = {
+    "ovmf/edk2-x86_64-secure-code.fd" = {
+      source = config.virtualisation.libvirtd.qemu.package + "/share/qemu/edk2-x86_64-secure-code.fd";
+    };
+
+    "ovmf/edk2-i386-vars.fd" = {
+      source = config.virtualisation.libvirtd.qemu.package + "/share/qemu/edk2-i386-vars.fd";
+      mode = "0644";
+      user = "libvirtd";
+    };
+
+  };
+  environment.systemPackages = with pkgs; [
+    virt-viewer
+  ];
+  systemd.services.libvirtd.preStart =
+    ''
+      mkdir -p /var/lib/libvirt/hooks
+      chmod 755 /var/lib/libvirt/hooks
+
+      # Copy hook files
+      cp -f ${gpuHook} /var/lib/libvirt/hooks/qemu
+
+      # Make them executable
+      chmod +x /var/lib/libvirt/hooks/qemu
+    '';
+
+}

users/rouven/modules/packages.nix

@@ -12,6 +12,7 @@
     evince # pdf viewer
     gimp
     ffmpeg
+    drawio
 
     thunderbird
 

users/rouven/modules/wayland/river.nix

@@ -44,9 +44,9 @@
           riverctl map normal Super L focus-output next
           riverctl map normal Super H focus-output previous
           riverctl map normal Super O send-to-output next
-          # riverctl map-pointer normal Super BTN_LEFT move-view
+          riverctl map-pointer normal Super BTN_LEFT move-view
 
-          # riverctl map-pointer normal Super BTN_RIGHT resize-view
+          riverctl map-pointer normal Super BTN_RIGHT resize-view
 
           riverctl map normal Alt Space spawn ${lib.getExe pkgs.fuzzel}
           riverctl map normal Super Space toggle-float