From eb287f9850ee412b46ef223e09980e42f114442c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= <hello@benjaminbaedorf.eu>
Date: Mon, 17 Oct 2022 15:58:03 +0200
Subject: [PATCH] Add tails VM

---
 .../virtualisation/create-service.nix         |   2 +-
 hosts/chocolatebar/virtualisation/default.nix |  24 +++
 .../chocolatebar/virtualisation/guest-xml.nix |   4 +-
 .../chocolatebar/virtualisation/tails-xml.nix | 183 ++++++++++++++++++
 4 files changed, 210 insertions(+), 3 deletions(-)
 create mode 100644 hosts/chocolatebar/virtualisation/tails-xml.nix

diff --git a/hosts/chocolatebar/virtualisation/create-service.nix b/hosts/chocolatebar/virtualisation/create-service.nix
index 2f174e99..00fd21da 100644
--- a/hosts/chocolatebar/virtualisation/create-service.nix
+++ b/hosts/chocolatebar/virtualisation/create-service.nix
@@ -15,7 +15,7 @@ in
   script =
     let
       networkXML = pkgs.writeText "network.xml" (import ./network-xml.nix { inherit config; inherit pkgs; inherit lib; });
-      machineXML = pkgs.writeText "${vm.name}.xml" (generateXML { inherit config; inherit pkgs; inherit lib; inherit vm; varsFile = varsFile; });
+      machineXML = pkgs.writeText "${vm.name}.xml" (vm.generateXML { inherit config; inherit pkgs; inherit lib; inherit vm; varsFile = varsFile; });
     in
     ''
       echo "Checking if ${vm.name} is already running"
diff --git a/hosts/chocolatebar/virtualisation/default.nix b/hosts/chocolatebar/virtualisation/default.nix
index 730e5a99..24fa205c 100644
--- a/hosts/chocolatebar/virtualisation/default.nix
+++ b/hosts/chocolatebar/virtualisation/default.nix
@@ -4,8 +4,11 @@ let
   psCfg = config.pub-solar;
   xdg = config.home-manager.users."${psCfg.user.name}".xdg;
   createService = import ./create-service.nix;
+  generateXML = import ./guest-xml.nix;
+  generateTailsXML = import ./tails-xml.nix;
 
   isolateGPU = "rx550x";
+  memory = 48; # in GB
   handOverUSBDevices = false;
 
   isolateAnyGPU = isolateGPU != null;
@@ -31,8 +34,10 @@ in
           id = "http://microsoft.com/win/10";
           gpu = true;
           mountHome = false;
+          memory = memory;
           isolateGPU = isolateGPU;
           handOverUSBDevices = handOverUSBDevices;
+          generateXML = generateXML;
         };
       };
       vm-manjaro = createService {
@@ -45,8 +50,27 @@ in
           id = "https://manjaro.org/download/#i3";
           gpu = true;
           mountHome = true;
+          memory = memory;
           isolateGPU = isolateGPU;
           handOverUSBDevices = handOverUSBDevices;
+          generateXML = generateXML;
+        };
+      };
+      vm-tails = createService {
+        inherit config;
+        inherit pkgs;
+        inherit lib;
+        vm = {
+          name = "tails";
+          disk = "/var/lib/vms/tails/tails-amd64-5.4.iso";
+          # disk = "/var/lib/vms/nixos/nixos-minimal.iso";
+          id = "https://tails.boum.org/install/index.en.html";
+          gpu = false;
+          mountHome = false;
+          memory = 16;
+          isolateGPU = isolateGPU;
+          handOverUSBDevices = false;
+          generateXML = generateTailsXML;
         };
       };
     };
diff --git a/hosts/chocolatebar/virtualisation/guest-xml.nix b/hosts/chocolatebar/virtualisation/guest-xml.nix
index 801e0d77..117e4da5 100644
--- a/hosts/chocolatebar/virtualisation/guest-xml.nix
+++ b/hosts/chocolatebar/virtualisation/guest-xml.nix
@@ -13,8 +13,8 @@ in
         <libosinfo:os id="${vm.id}"/>
       </libosinfo:libosinfo>
     </metadata>
-    <memory unit='KiB'>33554432</memory>
-    <currentMemory unit='KiB'>33554432</currentMemory>
+    <memory unit='GB'>${toString vm.memory}</memory>
+    <currentMemory unit='GB'>${toString vm.memory}</currentMemory>
     <vcpu placement='static'>12</vcpu>
     <cputune>
       <vcpupin vcpu='0' cpuset='6'/>
diff --git a/hosts/chocolatebar/virtualisation/tails-xml.nix b/hosts/chocolatebar/virtualisation/tails-xml.nix
new file mode 100644
index 00000000..5efefb22
--- /dev/null
+++ b/hosts/chocolatebar/virtualisation/tails-xml.nix
@@ -0,0 +1,183 @@
+{ config, pkgs, lib, vm, varsFile, ... }:
+let
+  psCfg = config.pub-solar;
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+  home = config.home-manager.users."${psCfg.user.name}".home;
+in
+''
+    <domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'>
+      <name>${vm.name}</name>
+      <uuid>UUID</uuid>
+      <metadata>
+        <libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
+          <libosinfo:os id="${vm.id}"/>
+        </libosinfo:libosinfo>
+      </metadata>
+      <memory unit='GB'>${toString vm.memory}</memory>
+      <currentMemory unit='GB'>${toString vm.memory}</currentMemory>
+    <vcpu placement="static">8</vcpu>
+    <os>
+      <type arch="x86_64" machine="pc-q35-7.0">hvm</type>
+      <boot dev="cdrom"/>
+    </os>
+    <features>
+      <acpi/>
+      <apic/>
+      <vmport state="off"/>
+    </features>
+    <cpu mode="host-passthrough" check="none" migratable="on"/>
+    <clock offset="utc">
+      <timer name="rtc" tickpolicy="catchup"/>
+      <timer name="pit" tickpolicy="delay"/>
+      <timer name="hpet" present="no"/>
+    </clock>
+    <on_poweroff>destroy</on_poweroff>
+    <on_reboot>restart</on_reboot>
+    <on_crash>destroy</on_crash>
+    <pm>
+      <suspend-to-mem enabled="no"/>
+      <suspend-to-disk enabled="no"/>
+    </pm>
+    <devices>
+      <emulator>/run/libvirt/nix-emulators/qemu-system-x86_64</emulator>
+      <disk type="file" device="cdrom">
+        <driver name="qemu" type="raw"/>
+        <source file="${vm.disk}"/>
+        <target dev="sda" bus="sata"/>
+        <readonly/>
+        <address type="drive" controller="0" bus="0" target="0" unit="0"/>
+      </disk>
+      <controller type="usb" index="0" model="qemu-xhci" ports="15">
+        <address type="pci" domain="0x0000" bus="0x02" slot="0x00" function="0x0"/>
+      </controller>
+      <controller type="pci" index="0" model="pcie-root"/>
+      <controller type="pci" index="1" model="pcie-root-port">
+        <model name="pcie-root-port"/>
+        <target chassis="1" port="0x10"/>
+        <address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x0" multifunction="on"/>
+      </controller>
+      <controller type="pci" index="2" model="pcie-root-port">
+        <model name="pcie-root-port"/>
+        <target chassis="2" port="0x11"/>
+        <address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x1"/>
+      </controller>
+      <controller type="pci" index="3" model="pcie-root-port">
+        <model name="pcie-root-port"/>
+        <target chassis="3" port="0x12"/>
+        <address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x2"/>
+      </controller>
+      <controller type="pci" index="4" model="pcie-root-port">
+        <model name="pcie-root-port"/>
+        <target chassis="4" port="0x13"/>
+        <address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x3"/>
+      </controller>
+      <controller type="pci" index="5" model="pcie-root-port">
+        <model name="pcie-root-port"/>
+        <target chassis="5" port="0x14"/>
+        <address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x4"/>
+      </controller>
+      <controller type="pci" index="6" model="pcie-root-port">
+        <model name="pcie-root-port"/>
+        <target chassis="6" port="0x15"/>
+        <address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x5"/>
+      </controller>
+      <controller type="pci" index="7" model="pcie-root-port">
+        <model name="pcie-root-port"/>
+        <target chassis="7" port="0x16"/>
+        <address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x6"/>
+      </controller>
+      <controller type="pci" index="8" model="pcie-root-port">
+        <model name="pcie-root-port"/>
+        <target chassis="8" port="0x17"/>
+        <address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x7"/>
+      </controller>
+      <controller type="pci" index="9" model="pcie-root-port">
+        <model name="pcie-root-port"/>
+        <target chassis="9" port="0x18"/>
+        <address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x0" multifunction="on"/>
+      </controller>
+      <controller type="pci" index="10" model="pcie-root-port">
+        <model name="pcie-root-port"/>
+        <target chassis="10" port="0x19"/>
+        <address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x1"/>
+      </controller>
+      <controller type="pci" index="11" model="pcie-root-port">
+        <model name="pcie-root-port"/>
+        <target chassis="11" port="0x1a"/>
+        <address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x2"/>
+      </controller>
+      <controller type="pci" index="12" model="pcie-root-port">
+        <model name="pcie-root-port"/>
+        <target chassis="12" port="0x1b"/>
+        <address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x3"/>
+      </controller>
+      <controller type="pci" index="13" model="pcie-root-port">
+        <model name="pcie-root-port"/>
+        <target chassis="13" port="0x1c"/>
+        <address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x4"/>
+      </controller>
+      <controller type="pci" index="14" model="pcie-root-port">
+        <model name="pcie-root-port"/>
+        <target chassis="14" port="0x1d"/>
+        <address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x5"/>
+      </controller>
+      <controller type="sata" index="0">
+        <address type="pci" domain="0x0000" bus="0x00" slot="0x1f" function="0x2"/>
+      </controller>
+      <controller type="virtio-serial" index="0">
+        <address type="pci" domain="0x0000" bus="0x03" slot="0x00" function="0x0"/>
+      </controller>
+      <interface type="network">
+        <mac address="52:54:00:58:5e:36"/>
+        <source network="default"/>
+        <model type="virtio"/>
+        <address type="pci" domain="0x0000" bus="0x01" slot="0x00" function="0x0"/>
+      </interface>
+      <serial type="pty">
+        <target type="isa-serial" port="0">
+          <model name="isa-serial"/>
+        </target>
+      </serial>
+      <console type="pty">
+        <target type="serial" port="0"/>
+      </console>
+      <channel type="unix">
+        <target type="virtio" name="org.qemu.guest_agent.0"/>
+        <address type="virtio-serial" controller="0" bus="0" port="1"/>
+      </channel>
+      <channel type="spicevmc">
+        <target type="virtio" name="com.redhat.spice.0"/>
+        <address type="virtio-serial" controller="0" bus="0" port="2"/>
+      </channel>
+      <input type="tablet" bus="usb">
+        <address type="usb" bus="0" port="1"/>
+      </input>
+      <input type="mouse" bus="ps2"/>
+      <input type="keyboard" bus="ps2"/>
+      <graphics type="spice" autoport="yes">
+        <listen type="address"/>
+        <image compression="off"/>
+      </graphics>
+      <sound model="ich9">
+        <address type="pci" domain="0x0000" bus="0x00" slot="0x1b" function="0x0"/>
+      </sound>
+      <audio id="1" type="spice"/>
+      <video>
+        <model type="qxl" ram="65536" vram="65536" vgamem="16384" heads="1" primary="yes"/>
+        <address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x0"/>
+      </video>
+      <redirdev bus="usb" type="spicevmc">
+        <address type="usb" bus="0" port="2"/>
+      </redirdev>
+      <redirdev bus="usb" type="spicevmc">
+        <address type="usb" bus="0" port="3"/>
+      </redirdev>
+      <memballoon model="virtio">
+        <address type="pci" domain="0x0000" bus="0x04" slot="0x00" function="0x0"/>
+      </memballoon>
+      <rng model="virtio">
+        <backend model="random">/dev/urandom</backend>
+        <address type="pci" domain="0x0000" bus="0x05" slot="0x00" function="0x0"/>
+      </rng>
+    </devices>
+  </domain>''