Start of GPU passthrough plan

This commit is contained in:
Nathan McCarty 2022-10-09 21:43:38 -04:00
parent bf3c4fca2d
commit f76c3e17a7
Signed by: thatonelutenist
GPG Key ID: D70DA3DD4D1E9F96
4 changed files with 85 additions and 51 deletions

View File

@ -33,6 +33,9 @@
sshKey = config.sops.secrets."borg-ssh-key".path; sshKey = config.sops.secrets."borg-ssh-key".path;
}; };
}; };
hardware = {
amdPassthrough = true;
};
config = { config = {
isDesktop = true; isDesktop = true;
setupGrub = true; setupGrub = true;

View File

@ -102,6 +102,8 @@ in
# Logitech hardware support # Logitech hardware support
# On by default if the system is a desktop # On by default if the system is a desktop
logitech = mkDefaultOption "logitech" config.nathan.config.isDesktop; logitech = mkDefaultOption "logitech" config.nathan.config.isDesktop;
# AMD Single gpu passthrough
amdPassthrough = mkEnableOption "logitech";
}; };
# Linux specific configuration # Linux specific configuration
config = { config = {

View File

@ -4,10 +4,34 @@ let
in in
with lib; with lib;
{ {
config = { config = mkMerge [
hardware.logitech.wireless = mkIf nw.logitech { {
enable = true; hardware.logitech.wireless = mkIf nw.logitech {
enableGraphical = true; enable = true;
}; enableGraphical = true;
}; };
}
(mkIf nw.amdPassthrough {
# Turn on IOMMU and the needed drivers
boot = {
kernelParams = [ "amd_iommu=on" ];
kernelModules = [ "kvm-amd" "vifo-pci" ];
};
# Enable libvirtd
virtualisation.libvirtd = {
enable = true;
onBoot = "ignore";
onShutdown = "shutdown";
qemu = {
ovmf = {
enable = true;
package = pkgs.OVMFFull;
runAsRoot = true;
};
swtpm.enable = true;
};
};
})
];
} }

View File

@ -3,50 +3,55 @@ let
nc = config.nathan.config; nc = config.nathan.config;
in in
with lib; { with lib; {
config = { config = mkMerge [
users = { {
# If we install the user and the system is hardended, then disable mutable users users = {
mutableUsers = !(nc.installUser && nc.harden); # If we install the user and the system is hardended, then disable mutable users
# Configure our user, if enabled mutableUsers = !(nc.installUser && nc.harden);
users."${nc.user}" = mkMerge [ # Configure our user, if enabled
(mkIf nc.installUser users."${nc.user}" = mkMerge [
{ (mkIf nc.installUser
# Darwin is special {
home = if pkgs.stdenv.isDarwin then "/Users/nathan" else "/home/nathan"; # Darwin is special
description = "Nathan McCarty"; home = if pkgs.stdenv.isDarwin then "/Users/nathan" else "/home/nathan";
shell = pkgs.fish; description = "Nathan McCarty";
# Linux specific configuration next shell = pkgs.fish;
# Linux specific configuration next
})
(mkIf (nc.installUser && pkgs.stdenv.isLinux) {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "audio" "docker" "libvirtd" "uinput" "adbusers" "plugdev" ];
hashedPassword = "$6$ShBAPGwzKZuB7eEv$cbb3erUqtVGFo/Vux9UwT2NkbVG9VGCxJxPiZFYL0DIc3t4GpYxjkM0M7fFnh.6V8MoSKLM/TvOtzdWbYwI58.";
openssh.authorizedKeys.keys = [
# yubikey ssh key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRs6zVljIlQEZ8F+aEBqqbpeFJwCw3JdveZ8TQWfkev cardno:000615938515"
# Macbook pro key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBfkO7kq37RQMT8UE8zQt/vP4Ub7kizLw6niToJwAIe nathan@Nathans-MacBook-Pro.local"
# Phone key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFR0zpmBCb0iEOeeI6SBwgucddNzccfQ5Zmdgib5iSmF nix-on-droid@localhost"
# Tablet key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKltqneJjfdLjOvnWQC2iP7hP7aTYkURPiR8LFjB7z87 nix-on-droid@localhost"
];
}) })
(mkIf (nc.installUser && pkgs.stdenv.isLinux) { ];
isNormalUser = true; };
extraGroups = [ "wheel" "networkmanager" "audio" "docker" "libvirtd" "uinput" "adbusers" "plugdev" ]; # If we install the user, enable sudo
hashedPassword = "$6$ShBAPGwzKZuB7eEv$cbb3erUqtVGFo/Vux9UwT2NkbVG9VGCxJxPiZFYL0DIc3t4GpYxjkM0M7fFnh.6V8MoSKLM/TvOtzdWbYwI58."; security.sudo.enable = mkDefault nc.installUser;
openssh.authorizedKeys.keys = [ # If we isntall the user, make them trusted
# yubikey ssh key nix.settings.trusted-users =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRs6zVljIlQEZ8F+aEBqqbpeFJwCw3JdveZ8TQWfkev cardno:000615938515" if nc.installUser then [
# Macbook pro key "nathan"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBfkO7kq37RQMT8UE8zQt/vP4Ub7kizLw6niToJwAIe nathan@Nathans-MacBook-Pro.local" ] else [ ];
# Phone key # If we setup the user, install the shell as well
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFR0zpmBCb0iEOeeI6SBwgucddNzccfQ5Zmdgib5iSmF nix-on-droid@localhost" environment.systemPackages =
# Tablet key if nc.installUser then [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKltqneJjfdLjOvnWQC2iP7hP7aTYkURPiR8LFjB7z87 nix-on-droid@localhost" pkgs.fish
]; ] else [ ];
}) # Configure the timezone
]; time.timeZone = "America/New_York";
}; }
# If we install the user, enable sudo (mkIf config.nathan.config.hardware.amdPassthrough {
security.sudo.enable = mkDefault nc.installUser; users.users."${nc.user}".extraGroups = [ "libvirtd" ];
# If we isntall the user, make them trusted })
nix.settings.trusted-users = ];
if nc.installUser then [
"nathan"
] else [ ];
# If we setup the user, install the shell as well
environment.systemPackages =
if nc.installUser then [
pkgs.fish
] else [ ];
# Configure the timezone
time.timeZone = "America/New_York";
};
} }