{ config, lib, pkgs, ... }: let gpuIDs = [ # 2080 super "10de:1e81" # Graphics "10de:10f8" # Audio "10de:1ad8" # Usb ???? "10de:1ad9" # Usb ???? ]; in { ## ## Packages ## environment.systemPackages = with pkgs; [ # Looking glass, avoids the need for another monitor looking-glass-client # For samba cifs-utils ]; ## ## Kernel configuration ## boot = { kernelParams = [ # enable iommu "amd_iommu=on" # Isolate the nvidia gpu ("vfio-pci.ids=" + lib.concatStringsSep "," gpuIDs) ]; # Modules needed initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ]; }; ## ## Virtualization setup ## virtualisation.spiceUSBRedirection.enable = true; virtualisation.libvirtd = { qemu = { # Enable tpm for windows 11 swtpm.enable = true; ovmf = { enable = true; # Needed for secure boot packages = [ pkgs.OVMFFull.fd ]; }; }; }; # Looking glass shared memory systemd.tmpfiles.rules = [ "f /dev/shm/looking-glass 0660 nathan qemu-libvirtd -" ]; ## ## Networking ## # Setup bridge networking.bridges = { "qemu-br0" = { interfaces = [ "enp6s0" ]; }; }; networking.interfaces.qemu-br0 = { ipv4.addresses = [{ address = "10.0.0.247"; prefixLength = 21; }]; }; networking.defaultGateway = "10.0.4.1"; networking.nameservers = [ "10.0.0.10" ]; ## ## Samba share ## services.samba = { enable = true; openFirewall = true; extraConfig = '' browseable = yes smb encrypt = required ''; shares = { # You will still need to set up the user accounts to begin with: # $ sudo smbpasswd -a yourusername homes = { browseable = "no"; "read only" = "no"; "guest ok" = "no"; }; Shared = { path = "/home/nathan/Shared"; browesable = "yes"; "read only" = "no"; "guest ok" = "no"; "writable" = "yes"; }; Mount = { path = "/run/media/nathan"; browesable = "yes"; "read only" = "no"; "guest ok" = "no"; "writable" = "yes"; }; }; }; }