Add tails VM

This commit is contained in:
Benjamin Bädorf 2022-10-17 15:58:03 +02:00
parent 87c3630dfb
commit eb287f9850
No known key found for this signature in database
GPG key ID: 4406E80E13CD656C
4 changed files with 210 additions and 3 deletions

View file

@ -15,7 +15,7 @@ in
script = script =
let let
networkXML = pkgs.writeText "network.xml" (import ./network-xml.nix { inherit config; inherit pkgs; inherit lib; }); networkXML = pkgs.writeText "network.xml" (import ./network-xml.nix { inherit config; inherit pkgs; inherit lib; });
machineXML = pkgs.writeText "${vm.name}.xml" (generateXML { inherit config; inherit pkgs; inherit lib; inherit vm; varsFile = varsFile; }); machineXML = pkgs.writeText "${vm.name}.xml" (vm.generateXML { inherit config; inherit pkgs; inherit lib; inherit vm; varsFile = varsFile; });
in in
'' ''
echo "Checking if ${vm.name} is already running" echo "Checking if ${vm.name} is already running"

View file

@ -4,8 +4,11 @@ let
psCfg = config.pub-solar; psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg; xdg = config.home-manager.users."${psCfg.user.name}".xdg;
createService = import ./create-service.nix; createService = import ./create-service.nix;
generateXML = import ./guest-xml.nix;
generateTailsXML = import ./tails-xml.nix;
isolateGPU = "rx550x"; isolateGPU = "rx550x";
memory = 48; # in GB
handOverUSBDevices = false; handOverUSBDevices = false;
isolateAnyGPU = isolateGPU != null; isolateAnyGPU = isolateGPU != null;
@ -31,8 +34,10 @@ in
id = "http://microsoft.com/win/10"; id = "http://microsoft.com/win/10";
gpu = true; gpu = true;
mountHome = false; mountHome = false;
memory = memory;
isolateGPU = isolateGPU; isolateGPU = isolateGPU;
handOverUSBDevices = handOverUSBDevices; handOverUSBDevices = handOverUSBDevices;
generateXML = generateXML;
}; };
}; };
vm-manjaro = createService { vm-manjaro = createService {
@ -45,8 +50,27 @@ in
id = "https://manjaro.org/download/#i3"; id = "https://manjaro.org/download/#i3";
gpu = true; gpu = true;
mountHome = true; mountHome = true;
memory = memory;
isolateGPU = isolateGPU; isolateGPU = isolateGPU;
handOverUSBDevices = handOverUSBDevices; handOverUSBDevices = handOverUSBDevices;
generateXML = generateXML;
};
};
vm-tails = createService {
inherit config;
inherit pkgs;
inherit lib;
vm = {
name = "tails";
disk = "/var/lib/vms/tails/tails-amd64-5.4.iso";
# disk = "/var/lib/vms/nixos/nixos-minimal.iso";
id = "https://tails.boum.org/install/index.en.html";
gpu = false;
mountHome = false;
memory = 16;
isolateGPU = isolateGPU;
handOverUSBDevices = false;
generateXML = generateTailsXML;
}; };
}; };
}; };

View file

@ -13,8 +13,8 @@ in
<libosinfo:os id="${vm.id}"/> <libosinfo:os id="${vm.id}"/>
</libosinfo:libosinfo> </libosinfo:libosinfo>
</metadata> </metadata>
<memory unit='KiB'>33554432</memory> <memory unit='GB'>${toString vm.memory}</memory>
<currentMemory unit='KiB'>33554432</currentMemory> <currentMemory unit='GB'>${toString vm.memory}</currentMemory>
<vcpu placement='static'>12</vcpu> <vcpu placement='static'>12</vcpu>
<cputune> <cputune>
<vcpupin vcpu='0' cpuset='6'/> <vcpupin vcpu='0' cpuset='6'/>

View file

@ -0,0 +1,183 @@
{ config, pkgs, lib, vm, varsFile, ... }:
let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
home = config.home-manager.users."${psCfg.user.name}".home;
in
''
<domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'>
<name>${vm.name}</name>
<uuid>UUID</uuid>
<metadata>
<libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
<libosinfo:os id="${vm.id}"/>
</libosinfo:libosinfo>
</metadata>
<memory unit='GB'>${toString vm.memory}</memory>
<currentMemory unit='GB'>${toString vm.memory}</currentMemory>
<vcpu placement="static">8</vcpu>
<os>
<type arch="x86_64" machine="pc-q35-7.0">hvm</type>
<boot dev="cdrom"/>
</os>
<features>
<acpi/>
<apic/>
<vmport state="off"/>
</features>
<cpu mode="host-passthrough" check="none" migratable="on"/>
<clock offset="utc">
<timer name="rtc" tickpolicy="catchup"/>
<timer name="pit" tickpolicy="delay"/>
<timer name="hpet" present="no"/>
</clock>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<pm>
<suspend-to-mem enabled="no"/>
<suspend-to-disk enabled="no"/>
</pm>
<devices>
<emulator>/run/libvirt/nix-emulators/qemu-system-x86_64</emulator>
<disk type="file" device="cdrom">
<driver name="qemu" type="raw"/>
<source file="${vm.disk}"/>
<target dev="sda" bus="sata"/>
<readonly/>
<address type="drive" controller="0" bus="0" target="0" unit="0"/>
</disk>
<controller type="usb" index="0" model="qemu-xhci" ports="15">
<address type="pci" domain="0x0000" bus="0x02" slot="0x00" function="0x0"/>
</controller>
<controller type="pci" index="0" model="pcie-root"/>
<controller type="pci" index="1" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="1" port="0x10"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x0" multifunction="on"/>
</controller>
<controller type="pci" index="2" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="2" port="0x11"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x1"/>
</controller>
<controller type="pci" index="3" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="3" port="0x12"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x2"/>
</controller>
<controller type="pci" index="4" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="4" port="0x13"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x3"/>
</controller>
<controller type="pci" index="5" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="5" port="0x14"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x4"/>
</controller>
<controller type="pci" index="6" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="6" port="0x15"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x5"/>
</controller>
<controller type="pci" index="7" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="7" port="0x16"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x6"/>
</controller>
<controller type="pci" index="8" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="8" port="0x17"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x7"/>
</controller>
<controller type="pci" index="9" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="9" port="0x18"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x0" multifunction="on"/>
</controller>
<controller type="pci" index="10" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="10" port="0x19"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x1"/>
</controller>
<controller type="pci" index="11" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="11" port="0x1a"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x2"/>
</controller>
<controller type="pci" index="12" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="12" port="0x1b"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x3"/>
</controller>
<controller type="pci" index="13" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="13" port="0x1c"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x4"/>
</controller>
<controller type="pci" index="14" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="14" port="0x1d"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x5"/>
</controller>
<controller type="sata" index="0">
<address type="pci" domain="0x0000" bus="0x00" slot="0x1f" function="0x2"/>
</controller>
<controller type="virtio-serial" index="0">
<address type="pci" domain="0x0000" bus="0x03" slot="0x00" function="0x0"/>
</controller>
<interface type="network">
<mac address="52:54:00:58:5e:36"/>
<source network="default"/>
<model type="virtio"/>
<address type="pci" domain="0x0000" bus="0x01" slot="0x00" function="0x0"/>
</interface>
<serial type="pty">
<target type="isa-serial" port="0">
<model name="isa-serial"/>
</target>
</serial>
<console type="pty">
<target type="serial" port="0"/>
</console>
<channel type="unix">
<target type="virtio" name="org.qemu.guest_agent.0"/>
<address type="virtio-serial" controller="0" bus="0" port="1"/>
</channel>
<channel type="spicevmc">
<target type="virtio" name="com.redhat.spice.0"/>
<address type="virtio-serial" controller="0" bus="0" port="2"/>
</channel>
<input type="tablet" bus="usb">
<address type="usb" bus="0" port="1"/>
</input>
<input type="mouse" bus="ps2"/>
<input type="keyboard" bus="ps2"/>
<graphics type="spice" autoport="yes">
<listen type="address"/>
<image compression="off"/>
</graphics>
<sound model="ich9">
<address type="pci" domain="0x0000" bus="0x00" slot="0x1b" function="0x0"/>
</sound>
<audio id="1" type="spice"/>
<video>
<model type="qxl" ram="65536" vram="65536" vgamem="16384" heads="1" primary="yes"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x0"/>
</video>
<redirdev bus="usb" type="spicevmc">
<address type="usb" bus="0" port="2"/>
</redirdev>
<redirdev bus="usb" type="spicevmc">
<address type="usb" bus="0" port="3"/>
</redirdev>
<memballoon model="virtio">
<address type="pci" domain="0x0000" bus="0x04" slot="0x00" function="0x0"/>
</memballoon>
<rng model="virtio">
<backend model="random">/dev/urandom</backend>
<address type="pci" domain="0x0000" bus="0x05" slot="0x00" function="0x0"/>
</rng>
</devices>
</domain>''