Add tails VM
This commit is contained in:
parent
87c3630dfb
commit
eb287f9850
|
@ -15,7 +15,7 @@ in
|
||||||
script =
|
script =
|
||||||
let
|
let
|
||||||
networkXML = pkgs.writeText "network.xml" (import ./network-xml.nix { inherit config; inherit pkgs; inherit lib; });
|
networkXML = pkgs.writeText "network.xml" (import ./network-xml.nix { inherit config; inherit pkgs; inherit lib; });
|
||||||
machineXML = pkgs.writeText "${vm.name}.xml" (generateXML { inherit config; inherit pkgs; inherit lib; inherit vm; varsFile = varsFile; });
|
machineXML = pkgs.writeText "${vm.name}.xml" (vm.generateXML { inherit config; inherit pkgs; inherit lib; inherit vm; varsFile = varsFile; });
|
||||||
in
|
in
|
||||||
''
|
''
|
||||||
echo "Checking if ${vm.name} is already running"
|
echo "Checking if ${vm.name} is already running"
|
||||||
|
|
|
@ -4,8 +4,11 @@ let
|
||||||
psCfg = config.pub-solar;
|
psCfg = config.pub-solar;
|
||||||
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||||
createService = import ./create-service.nix;
|
createService = import ./create-service.nix;
|
||||||
|
generateXML = import ./guest-xml.nix;
|
||||||
|
generateTailsXML = import ./tails-xml.nix;
|
||||||
|
|
||||||
isolateGPU = "rx550x";
|
isolateGPU = "rx550x";
|
||||||
|
memory = 48; # in GB
|
||||||
handOverUSBDevices = false;
|
handOverUSBDevices = false;
|
||||||
|
|
||||||
isolateAnyGPU = isolateGPU != null;
|
isolateAnyGPU = isolateGPU != null;
|
||||||
|
@ -31,8 +34,10 @@ in
|
||||||
id = "http://microsoft.com/win/10";
|
id = "http://microsoft.com/win/10";
|
||||||
gpu = true;
|
gpu = true;
|
||||||
mountHome = false;
|
mountHome = false;
|
||||||
|
memory = memory;
|
||||||
isolateGPU = isolateGPU;
|
isolateGPU = isolateGPU;
|
||||||
handOverUSBDevices = handOverUSBDevices;
|
handOverUSBDevices = handOverUSBDevices;
|
||||||
|
generateXML = generateXML;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
vm-manjaro = createService {
|
vm-manjaro = createService {
|
||||||
|
@ -45,8 +50,27 @@ in
|
||||||
id = "https://manjaro.org/download/#i3";
|
id = "https://manjaro.org/download/#i3";
|
||||||
gpu = true;
|
gpu = true;
|
||||||
mountHome = true;
|
mountHome = true;
|
||||||
|
memory = memory;
|
||||||
isolateGPU = isolateGPU;
|
isolateGPU = isolateGPU;
|
||||||
handOverUSBDevices = handOverUSBDevices;
|
handOverUSBDevices = handOverUSBDevices;
|
||||||
|
generateXML = generateXML;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
vm-tails = createService {
|
||||||
|
inherit config;
|
||||||
|
inherit pkgs;
|
||||||
|
inherit lib;
|
||||||
|
vm = {
|
||||||
|
name = "tails";
|
||||||
|
disk = "/var/lib/vms/tails/tails-amd64-5.4.iso";
|
||||||
|
# disk = "/var/lib/vms/nixos/nixos-minimal.iso";
|
||||||
|
id = "https://tails.boum.org/install/index.en.html";
|
||||||
|
gpu = false;
|
||||||
|
mountHome = false;
|
||||||
|
memory = 16;
|
||||||
|
isolateGPU = isolateGPU;
|
||||||
|
handOverUSBDevices = false;
|
||||||
|
generateXML = generateTailsXML;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -13,8 +13,8 @@ in
|
||||||
<libosinfo:os id="${vm.id}"/>
|
<libosinfo:os id="${vm.id}"/>
|
||||||
</libosinfo:libosinfo>
|
</libosinfo:libosinfo>
|
||||||
</metadata>
|
</metadata>
|
||||||
<memory unit='KiB'>33554432</memory>
|
<memory unit='GB'>${toString vm.memory}</memory>
|
||||||
<currentMemory unit='KiB'>33554432</currentMemory>
|
<currentMemory unit='GB'>${toString vm.memory}</currentMemory>
|
||||||
<vcpu placement='static'>12</vcpu>
|
<vcpu placement='static'>12</vcpu>
|
||||||
<cputune>
|
<cputune>
|
||||||
<vcpupin vcpu='0' cpuset='6'/>
|
<vcpupin vcpu='0' cpuset='6'/>
|
||||||
|
|
183
hosts/chocolatebar/virtualisation/tails-xml.nix
Normal file
183
hosts/chocolatebar/virtualisation/tails-xml.nix
Normal file
|
@ -0,0 +1,183 @@
|
||||||
|
{ config, pkgs, lib, vm, varsFile, ... }:
|
||||||
|
let
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||||
|
home = config.home-manager.users."${psCfg.user.name}".home;
|
||||||
|
in
|
||||||
|
''
|
||||||
|
<domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'>
|
||||||
|
<name>${vm.name}</name>
|
||||||
|
<uuid>UUID</uuid>
|
||||||
|
<metadata>
|
||||||
|
<libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
|
||||||
|
<libosinfo:os id="${vm.id}"/>
|
||||||
|
</libosinfo:libosinfo>
|
||||||
|
</metadata>
|
||||||
|
<memory unit='GB'>${toString vm.memory}</memory>
|
||||||
|
<currentMemory unit='GB'>${toString vm.memory}</currentMemory>
|
||||||
|
<vcpu placement="static">8</vcpu>
|
||||||
|
<os>
|
||||||
|
<type arch="x86_64" machine="pc-q35-7.0">hvm</type>
|
||||||
|
<boot dev="cdrom"/>
|
||||||
|
</os>
|
||||||
|
<features>
|
||||||
|
<acpi/>
|
||||||
|
<apic/>
|
||||||
|
<vmport state="off"/>
|
||||||
|
</features>
|
||||||
|
<cpu mode="host-passthrough" check="none" migratable="on"/>
|
||||||
|
<clock offset="utc">
|
||||||
|
<timer name="rtc" tickpolicy="catchup"/>
|
||||||
|
<timer name="pit" tickpolicy="delay"/>
|
||||||
|
<timer name="hpet" present="no"/>
|
||||||
|
</clock>
|
||||||
|
<on_poweroff>destroy</on_poweroff>
|
||||||
|
<on_reboot>restart</on_reboot>
|
||||||
|
<on_crash>destroy</on_crash>
|
||||||
|
<pm>
|
||||||
|
<suspend-to-mem enabled="no"/>
|
||||||
|
<suspend-to-disk enabled="no"/>
|
||||||
|
</pm>
|
||||||
|
<devices>
|
||||||
|
<emulator>/run/libvirt/nix-emulators/qemu-system-x86_64</emulator>
|
||||||
|
<disk type="file" device="cdrom">
|
||||||
|
<driver name="qemu" type="raw"/>
|
||||||
|
<source file="${vm.disk}"/>
|
||||||
|
<target dev="sda" bus="sata"/>
|
||||||
|
<readonly/>
|
||||||
|
<address type="drive" controller="0" bus="0" target="0" unit="0"/>
|
||||||
|
</disk>
|
||||||
|
<controller type="usb" index="0" model="qemu-xhci" ports="15">
|
||||||
|
<address type="pci" domain="0x0000" bus="0x02" slot="0x00" function="0x0"/>
|
||||||
|
</controller>
|
||||||
|
<controller type="pci" index="0" model="pcie-root"/>
|
||||||
|
<controller type="pci" index="1" model="pcie-root-port">
|
||||||
|
<model name="pcie-root-port"/>
|
||||||
|
<target chassis="1" port="0x10"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x0" multifunction="on"/>
|
||||||
|
</controller>
|
||||||
|
<controller type="pci" index="2" model="pcie-root-port">
|
||||||
|
<model name="pcie-root-port"/>
|
||||||
|
<target chassis="2" port="0x11"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x1"/>
|
||||||
|
</controller>
|
||||||
|
<controller type="pci" index="3" model="pcie-root-port">
|
||||||
|
<model name="pcie-root-port"/>
|
||||||
|
<target chassis="3" port="0x12"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x2"/>
|
||||||
|
</controller>
|
||||||
|
<controller type="pci" index="4" model="pcie-root-port">
|
||||||
|
<model name="pcie-root-port"/>
|
||||||
|
<target chassis="4" port="0x13"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x3"/>
|
||||||
|
</controller>
|
||||||
|
<controller type="pci" index="5" model="pcie-root-port">
|
||||||
|
<model name="pcie-root-port"/>
|
||||||
|
<target chassis="5" port="0x14"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x4"/>
|
||||||
|
</controller>
|
||||||
|
<controller type="pci" index="6" model="pcie-root-port">
|
||||||
|
<model name="pcie-root-port"/>
|
||||||
|
<target chassis="6" port="0x15"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x5"/>
|
||||||
|
</controller>
|
||||||
|
<controller type="pci" index="7" model="pcie-root-port">
|
||||||
|
<model name="pcie-root-port"/>
|
||||||
|
<target chassis="7" port="0x16"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x6"/>
|
||||||
|
</controller>
|
||||||
|
<controller type="pci" index="8" model="pcie-root-port">
|
||||||
|
<model name="pcie-root-port"/>
|
||||||
|
<target chassis="8" port="0x17"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x7"/>
|
||||||
|
</controller>
|
||||||
|
<controller type="pci" index="9" model="pcie-root-port">
|
||||||
|
<model name="pcie-root-port"/>
|
||||||
|
<target chassis="9" port="0x18"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x0" multifunction="on"/>
|
||||||
|
</controller>
|
||||||
|
<controller type="pci" index="10" model="pcie-root-port">
|
||||||
|
<model name="pcie-root-port"/>
|
||||||
|
<target chassis="10" port="0x19"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x1"/>
|
||||||
|
</controller>
|
||||||
|
<controller type="pci" index="11" model="pcie-root-port">
|
||||||
|
<model name="pcie-root-port"/>
|
||||||
|
<target chassis="11" port="0x1a"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x2"/>
|
||||||
|
</controller>
|
||||||
|
<controller type="pci" index="12" model="pcie-root-port">
|
||||||
|
<model name="pcie-root-port"/>
|
||||||
|
<target chassis="12" port="0x1b"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x3"/>
|
||||||
|
</controller>
|
||||||
|
<controller type="pci" index="13" model="pcie-root-port">
|
||||||
|
<model name="pcie-root-port"/>
|
||||||
|
<target chassis="13" port="0x1c"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x4"/>
|
||||||
|
</controller>
|
||||||
|
<controller type="pci" index="14" model="pcie-root-port">
|
||||||
|
<model name="pcie-root-port"/>
|
||||||
|
<target chassis="14" port="0x1d"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x5"/>
|
||||||
|
</controller>
|
||||||
|
<controller type="sata" index="0">
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x1f" function="0x2"/>
|
||||||
|
</controller>
|
||||||
|
<controller type="virtio-serial" index="0">
|
||||||
|
<address type="pci" domain="0x0000" bus="0x03" slot="0x00" function="0x0"/>
|
||||||
|
</controller>
|
||||||
|
<interface type="network">
|
||||||
|
<mac address="52:54:00:58:5e:36"/>
|
||||||
|
<source network="default"/>
|
||||||
|
<model type="virtio"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x01" slot="0x00" function="0x0"/>
|
||||||
|
</interface>
|
||||||
|
<serial type="pty">
|
||||||
|
<target type="isa-serial" port="0">
|
||||||
|
<model name="isa-serial"/>
|
||||||
|
</target>
|
||||||
|
</serial>
|
||||||
|
<console type="pty">
|
||||||
|
<target type="serial" port="0"/>
|
||||||
|
</console>
|
||||||
|
<channel type="unix">
|
||||||
|
<target type="virtio" name="org.qemu.guest_agent.0"/>
|
||||||
|
<address type="virtio-serial" controller="0" bus="0" port="1"/>
|
||||||
|
</channel>
|
||||||
|
<channel type="spicevmc">
|
||||||
|
<target type="virtio" name="com.redhat.spice.0"/>
|
||||||
|
<address type="virtio-serial" controller="0" bus="0" port="2"/>
|
||||||
|
</channel>
|
||||||
|
<input type="tablet" bus="usb">
|
||||||
|
<address type="usb" bus="0" port="1"/>
|
||||||
|
</input>
|
||||||
|
<input type="mouse" bus="ps2"/>
|
||||||
|
<input type="keyboard" bus="ps2"/>
|
||||||
|
<graphics type="spice" autoport="yes">
|
||||||
|
<listen type="address"/>
|
||||||
|
<image compression="off"/>
|
||||||
|
</graphics>
|
||||||
|
<sound model="ich9">
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x1b" function="0x0"/>
|
||||||
|
</sound>
|
||||||
|
<audio id="1" type="spice"/>
|
||||||
|
<video>
|
||||||
|
<model type="qxl" ram="65536" vram="65536" vgamem="16384" heads="1" primary="yes"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x0"/>
|
||||||
|
</video>
|
||||||
|
<redirdev bus="usb" type="spicevmc">
|
||||||
|
<address type="usb" bus="0" port="2"/>
|
||||||
|
</redirdev>
|
||||||
|
<redirdev bus="usb" type="spicevmc">
|
||||||
|
<address type="usb" bus="0" port="3"/>
|
||||||
|
</redirdev>
|
||||||
|
<memballoon model="virtio">
|
||||||
|
<address type="pci" domain="0x0000" bus="0x04" slot="0x00" function="0x0"/>
|
||||||
|
</memballoon>
|
||||||
|
<rng model="virtio">
|
||||||
|
<backend model="random">/dev/urandom</backend>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x05" slot="0x00" function="0x0"/>
|
||||||
|
</rng>
|
||||||
|
</devices>
|
||||||
|
</domain>''
|
Loading…
Reference in a new issue