gpu-passthrough

home/features/coding/#nix.nix#

@@ -0,0 +1,11 @@
+{ pkgs, ... }:
+{
+  home.packages = with pkgs; [
+    appimage-run
+    deploy-rs
+    nil
+    nix-prefetch-git
+    nixfmt
+    rnix-lsp
+  ];
+} 

home/features/coding/nix.nix

@@ -6,5 +6,6 @@
     nil
     nix-prefetch-git
     nixfmt
+    rnix-lsp
   ];
 } 

home/features/desktop/media.nix

@@ -11,7 +11,7 @@ in {
 
   config = mkIf cfg.enable {
     home.packages = with pkgs; [
-      ffmpeg
+      ffmpeg_6-full
       fractal
       frei0r
       gphoto2

home/features/desktop/office.nix

@@ -14,6 +14,7 @@ in {
       nextcloud-client
       libreoffice
       neomutt
+      pdftk
       tutanota-desktop
       okular
       zathura

home/features/desktop/wofi.nix

@@ -6,7 +6,7 @@ in
 {
   home.packages = [
     pkgs.wofi
-    bemoji
+    kgs.be
-    wofi-pass
+m    wofi-pass
-  ];
+ ];
 }

hosts/common/base/default.nix

@@ -7,5 +7,5 @@
   users.defaultUserShell = pkgs.fish;
 
   environment.systemPackages =
-    [ inputs.agenix.packages.x86_64-linux.default pkgs.busybox ];
+    [ inputs.agenix.packages.x86_64-linux.default pkgs.coreutils ];
 }

hosts/common/users/m3tam3re/default.nix

@@ -4,12 +4,23 @@
       "$y$j9T$wOKc3kLsQVtmmyLIN7ljV.$NvdWzwn6p8JNByHoXQqf6/GF3C0JOPHW/D0HgFLQXy4";
     isNormalUser = true;
     description = "m3tam3re";
-    extraGroups = [ "wheel" "networkmanager" "libvirtd" "flatpak" "audio" "video" "input"];
+    extraGroups = [
+      "wheel"
+      "networkmanager"
+      "libvirtd"
+      "flatpak"
+      "audio"
+      "video"
+      "input"
+      "kvm"
+      "qemu-libvirtd"
+    ];
     openssh.authorizedKeys.keys = [
       "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YEmpYbM+cpmyD10tzNRHEn526Z3LJOzYpWEKdJg8DaYyPbDn9iyVX30Nja2SrW4Wadws0Y8DW+Urs25/wVB6mKl7jgPJVkMi5hfobu3XAz8gwSdjDzRSWJrhjynuaXiTtRYED2INbvjLuxx3X8coNwMw58OuUuw5kNJp5aS2qFmHEYQErQsGT4MNqESe3jvTP27Z5pSneBj45LmGK+RcaSnJe7hG+KRtjuhjI7RdzMeDCX73SfUsal+rHeuEw/mmjYmiIItXhFTDn8ZvVwpBKv7xsJG90DkaX2vaTk0wgJdMnpVIuIRBa4EkmMWOQ3bMLGkLQeK/4FUkNcvQ/4+zcZsg4cY9Q7Fj55DD41hAUdF6SYODtn5qMPsTCnJz44glHt/oseKXMSd556NIw2HOvihbJW7Rwl4OEjGaO/dF4nUw4c9tHWmMn9dLslAVpUuZOb7ykgP0jk79ldT3Dv+2Hj0CdAWT2cJAdFX58KQ9jUPT3tBnObSF1lGMI7t77VU= m3tam3re@m3-nix"
     ];
     packages = [ pkgs.home-manager ];
   };
-  home-manager.users.m3tam3re = import m3tam3re/${config.networking.hostName}.nix;
+  home-manager.users.m3tam3re =
+    import m3tam3re/${config.networking.hostName}.nix;
 }
 

hosts/lkk-nix-1/services/traefik.nix

@@ -145,6 +145,15 @@
             service = "matomo";
             entrypoints = "websecure";
           };
+          matomo-m3tam3re = {
+            rule = "Host(`stats.m3tam3re.com`)";
+            tls = {
+              certResolver = "lets-encrypt";
+              domains = "stats.m3tam3re.com";
+            };
+            service = "matomo";
+            entrypoints = "websecure";
+          };
           minio = {
             rule = "Host(`s3.lanakk.com`)";
             tls = {
@@ -270,6 +279,6 @@
   };
 
   systemd.services.traefik.serviceConfig = {
-    EnvironmentFile = "${config.age.secrets.traefik-env.path}";
+    EnvironmentFile = [ "${config.age.secrets.traefik-env.path}" ];
   };
 }

hosts/m3-nix/default.nix

@@ -16,12 +16,14 @@ in {
   imports = [
     ./hardware.nix
     ./hardware-configuration.nix # Include the results of the hardware scan.
+    ./vfio.nix
     ../common/users/m3tam3re
     ../common/base
     ./services
   ];
+  
   specialisation = {
-    external-display.configuration = {
+    "EX-Display".configuration = {
       system.nixos.tags = [ "Externer-Monitor" ];
       services.xserver.videoDrivers = [ "nvidia" ];
       hardware.nvidia.prime.offload.enable = lib.mkForce false;
@@ -29,7 +31,7 @@ in {
     };
   };
   specialisation = {
-    dual-display.configuration = {
+    "DUAL-Display".configuration = {
       system.nixos.tags = [ "Dual-Monitor" ];
       services.xserver.videoDrivers = [ "nvidia" ];
       hardware.nvidia.prime.offload.enable = lib.mkForce false;
@@ -37,7 +39,12 @@ in {
       hardware.nvidia.powerManagement.finegrained = lib.mkForce false;
     };
   };
-
+  specialisation = {
+    "VFIO".configuration = {
+      system.nixos.tags = [ "GPU-passthrough" ];
+      vfio.enable = true;
+    };
+  };
   # Bootloader.
   # boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;

hosts/m3-nix/services/virtualization.nix

@@ -1,10 +1,19 @@
-{
+{ pkgs, ... }: {
-  virtualisation.libvirtd.enable = true;
+  virtualisation = {
-  virtualisation.libvirtd.qemu.swtpm.enable = true;
+    libvirtd = {
-  virtualisation.libvirtd.qemu.ovmf.enable = true;
+      enable = true;
-  virtualisation.podman = {
+      qemu = {
-    enable = true;
+        swtpm.enable = true;
-    enableNvidia = true;
+        ovmf = {
-    defaultNetwork.settings.dns_enabled = true;
+          enable = true;
+          packages = [ pkgs.OVMFFull ];
+        };
+      };
+    };
+    podman = {
+      enable = true;
+      enableNvidia = true;
+      defaultNetwork.settings.dns_enabled = true;
+    };
   };
 }

hosts/m3-nix/vfio.nix

@@ -0,0 +1,31 @@
+let
+  gpuIDs = [
+    "10de:249d" # Graphics
+    "10de:228b" # Audio
+  ];
+in { pkgs, lib, config, ... }: {
+  options.vfio.enable = with lib;
+    mkEnableOption "Configure the machine for VFIO";
+
+  config = let cfg = config.vfio;
+  in {
+    boot = {
+      initrd.kernelModules = [
+        "vfio_pci"
+        "vfio"
+        "vfio_iommu_type1"
+        "vfio_virqfd"
+      ];
+
+      kernelParams = [
+        # enable IOMMU
+        "intel_iommu=on"
+      ] ++ lib.optional cfg.enable
+        # isolate the GPU
+        ("vfio-pci.ids=" + lib.concatStringsSep "," gpuIDs);
+    };
+
+    hardware.opengl.enable = true;
+    virtualisation.spiceUSBRedirection.enable = true;
+  };
+}