gpu-passthrough

This commit is contained in:
m3tam3re 2023-06-27 12:35:30 +02:00
parent 7f1fbff43f
commit fc681daa8f
12 changed files with 99 additions and 19 deletions

View File

@ -0,0 +1,11 @@
{ pkgs, ... }:
{
home.packages = with pkgs; [
appimage-run
deploy-rs
nil
nix-prefetch-git
nixfmt
rnix-lsp
];
}

View File

@ -6,5 +6,6 @@
nil nil
nix-prefetch-git nix-prefetch-git
nixfmt nixfmt
rnix-lsp
]; ];
} }

View File

@ -11,7 +11,7 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.packages = with pkgs; [ home.packages = with pkgs; [
ffmpeg ffmpeg_6-full
fractal fractal
frei0r frei0r
gphoto2 gphoto2

View File

@ -14,6 +14,7 @@ in {
nextcloud-client nextcloud-client
libreoffice libreoffice
neomutt neomutt
pdftk
tutanota-desktop tutanota-desktop
okular okular
zathura zathura

View File

@ -6,7 +6,7 @@ in
{ {
home.packages = [ home.packages = [
pkgs.wofi pkgs.wofi
bemoji kgs.be
wofi-pass m wofi-pass
]; ];
} }

View File

@ -7,5 +7,5 @@
users.defaultUserShell = pkgs.fish; users.defaultUserShell = pkgs.fish;
environment.systemPackages = environment.systemPackages =
[ inputs.agenix.packages.x86_64-linux.default pkgs.busybox ]; [ inputs.agenix.packages.x86_64-linux.default pkgs.coreutils ];
} }

View File

@ -4,12 +4,23 @@
"$y$j9T$wOKc3kLsQVtmmyLIN7ljV.$NvdWzwn6p8JNByHoXQqf6/GF3C0JOPHW/D0HgFLQXy4"; "$y$j9T$wOKc3kLsQVtmmyLIN7ljV.$NvdWzwn6p8JNByHoXQqf6/GF3C0JOPHW/D0HgFLQXy4";
isNormalUser = true; isNormalUser = true;
description = "m3tam3re"; description = "m3tam3re";
extraGroups = [ "wheel" "networkmanager" "libvirtd" "flatpak" "audio" "video" "input"]; extraGroups = [
"wheel"
"networkmanager"
"libvirtd"
"flatpak"
"audio"
"video"
"input"
"kvm"
"qemu-libvirtd"
];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YEmpYbM+cpmyD10tzNRHEn526Z3LJOzYpWEKdJg8DaYyPbDn9iyVX30Nja2SrW4Wadws0Y8DW+Urs25/wVB6mKl7jgPJVkMi5hfobu3XAz8gwSdjDzRSWJrhjynuaXiTtRYED2INbvjLuxx3X8coNwMw58OuUuw5kNJp5aS2qFmHEYQErQsGT4MNqESe3jvTP27Z5pSneBj45LmGK+RcaSnJe7hG+KRtjuhjI7RdzMeDCX73SfUsal+rHeuEw/mmjYmiIItXhFTDn8ZvVwpBKv7xsJG90DkaX2vaTk0wgJdMnpVIuIRBa4EkmMWOQ3bMLGkLQeK/4FUkNcvQ/4+zcZsg4cY9Q7Fj55DD41hAUdF6SYODtn5qMPsTCnJz44glHt/oseKXMSd556NIw2HOvihbJW7Rwl4OEjGaO/dF4nUw4c9tHWmMn9dLslAVpUuZOb7ykgP0jk79ldT3Dv+2Hj0CdAWT2cJAdFX58KQ9jUPT3tBnObSF1lGMI7t77VU= m3tam3re@m3-nix" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YEmpYbM+cpmyD10tzNRHEn526Z3LJOzYpWEKdJg8DaYyPbDn9iyVX30Nja2SrW4Wadws0Y8DW+Urs25/wVB6mKl7jgPJVkMi5hfobu3XAz8gwSdjDzRSWJrhjynuaXiTtRYED2INbvjLuxx3X8coNwMw58OuUuw5kNJp5aS2qFmHEYQErQsGT4MNqESe3jvTP27Z5pSneBj45LmGK+RcaSnJe7hG+KRtjuhjI7RdzMeDCX73SfUsal+rHeuEw/mmjYmiIItXhFTDn8ZvVwpBKv7xsJG90DkaX2vaTk0wgJdMnpVIuIRBa4EkmMWOQ3bMLGkLQeK/4FUkNcvQ/4+zcZsg4cY9Q7Fj55DD41hAUdF6SYODtn5qMPsTCnJz44glHt/oseKXMSd556NIw2HOvihbJW7Rwl4OEjGaO/dF4nUw4c9tHWmMn9dLslAVpUuZOb7ykgP0jk79ldT3Dv+2Hj0CdAWT2cJAdFX58KQ9jUPT3tBnObSF1lGMI7t77VU= m3tam3re@m3-nix"
]; ];
packages = [ pkgs.home-manager ]; packages = [ pkgs.home-manager ];
}; };
home-manager.users.m3tam3re = import m3tam3re/${config.networking.hostName}.nix; home-manager.users.m3tam3re =
import m3tam3re/${config.networking.hostName}.nix;
} }

View File

@ -145,6 +145,15 @@
service = "matomo"; service = "matomo";
entrypoints = "websecure"; entrypoints = "websecure";
}; };
matomo-m3tam3re = {
rule = "Host(`stats.m3tam3re.com`)";
tls = {
certResolver = "lets-encrypt";
domains = "stats.m3tam3re.com";
};
service = "matomo";
entrypoints = "websecure";
};
minio = { minio = {
rule = "Host(`s3.lanakk.com`)"; rule = "Host(`s3.lanakk.com`)";
tls = { tls = {
@ -270,6 +279,6 @@
}; };
systemd.services.traefik.serviceConfig = { systemd.services.traefik.serviceConfig = {
EnvironmentFile = "${config.age.secrets.traefik-env.path}"; EnvironmentFile = [ "${config.age.secrets.traefik-env.path}" ];
}; };
} }

View File

@ -16,12 +16,14 @@ in {
imports = [ imports = [
./hardware.nix ./hardware.nix
./hardware-configuration.nix # Include the results of the hardware scan. ./hardware-configuration.nix # Include the results of the hardware scan.
./vfio.nix
../common/users/m3tam3re ../common/users/m3tam3re
../common/base ../common/base
./services ./services
]; ];
specialisation = { specialisation = {
external-display.configuration = { "EX-Display".configuration = {
system.nixos.tags = [ "Externer-Monitor" ]; system.nixos.tags = [ "Externer-Monitor" ];
services.xserver.videoDrivers = [ "nvidia" ]; services.xserver.videoDrivers = [ "nvidia" ];
hardware.nvidia.prime.offload.enable = lib.mkForce false; hardware.nvidia.prime.offload.enable = lib.mkForce false;
@ -29,7 +31,7 @@ in {
}; };
}; };
specialisation = { specialisation = {
dual-display.configuration = { "DUAL-Display".configuration = {
system.nixos.tags = [ "Dual-Monitor" ]; system.nixos.tags = [ "Dual-Monitor" ];
services.xserver.videoDrivers = [ "nvidia" ]; services.xserver.videoDrivers = [ "nvidia" ];
hardware.nvidia.prime.offload.enable = lib.mkForce false; hardware.nvidia.prime.offload.enable = lib.mkForce false;
@ -37,7 +39,12 @@ in {
hardware.nvidia.powerManagement.finegrained = lib.mkForce false; hardware.nvidia.powerManagement.finegrained = lib.mkForce false;
}; };
}; };
specialisation = {
"VFIO".configuration = {
system.nixos.tags = [ "GPU-passthrough" ];
vfio.enable = true;
};
};
# Bootloader. # Bootloader.
# boot.loader.systemd-boot.enable = true; # boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;

View File

@ -1,10 +1,19 @@
{ { pkgs, ... }: {
virtualisation.libvirtd.enable = true; virtualisation = {
virtualisation.libvirtd.qemu.swtpm.enable = true; libvirtd = {
virtualisation.libvirtd.qemu.ovmf.enable = true; enable = true;
virtualisation.podman = { qemu = {
enable = true; swtpm.enable = true;
enableNvidia = true; ovmf = {
defaultNetwork.settings.dns_enabled = true; enable = true;
packages = [ pkgs.OVMFFull ];
};
};
};
podman = {
enable = true;
enableNvidia = true;
defaultNetwork.settings.dns_enabled = true;
};
}; };
} }

31
hosts/m3-nix/vfio.nix Normal file
View File

@ -0,0 +1,31 @@
let
gpuIDs = [
"10de:249d" # Graphics
"10de:228b" # Audio
];
in { pkgs, lib, config, ... }: {
options.vfio.enable = with lib;
mkEnableOption "Configure the machine for VFIO";
config = let cfg = config.vfio;
in {
boot = {
initrd.kernelModules = [
"vfio_pci"
"vfio"
"vfio_iommu_type1"
"vfio_virqfd"
];
kernelParams = [
# enable IOMMU
"intel_iommu=on"
] ++ lib.optional cfg.enable
# isolate the GPU
("vfio-pci.ids=" + lib.concatStringsSep "," gpuIDs);
};
hardware.opengl.enable = true;
virtualisation.spiceUSBRedirection.enable = true;
};
}

View File