i am an idiot, i forgot to remove the xdg portal config in configuration.nix on apollo, this broke screensharing

base/virtualisation/kvmfr-git-package.nix

@@ -0,0 +1,40 @@
+# https://gist.github.com/j-brn/716a03822d256bc5bf5d77b951c7915c
+{ stdenv, lib, fetchFromGitHub, kernel, kmod, looking-glass-client, ... }:
+
+stdenv.mkDerivation rec {
+  pname = "kvmfr-${version}-${kernel.version}";
+  version = "e25492a";
+
+  # src = looking-glass-client.src;
+  src = fetchFromGitHub {
+    owner = "gnif";
+    repo = "LookingGlass";
+    rev = version;
+    sha256 = "sha256-efAO7KLdm7G4myUv6cS1gUSI85LtTwmIm+HGZ52arj8=";
+  };
+  sourceRoot = "source/module";
+  hardeningDisable = [ "pic" "format" ];
+  nativeBuildInputs = kernel.moduleBuildDependencies;
+
+  patchPhase = ''
+    substituteInPlace kvmfr.c \
+      --replace 'MODULE_IMPORT_NS(DMA_BUF);' 'MODULE_IMPORT_NS("DMA_BUF");'
+  '';
+
+  makeFlags = [
+    "KVER=${kernel.modDirVersion}"
+    "KDIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
+  ];
+
+  installPhase = ''
+    install -D kvmfr.ko -t "$out/lib/modules/${kernel.modDirVersion}/kernel/drivers/misc/"
+  '';
+
+  meta = with lib; {
+    description = "This kernel module implements a basic interface to the IVSHMEM device for LookingGlass";
+    homepage = "https://github.com/gnif/LookingGlass";
+    license = licenses.gpl2Only;
+    maintainers = with maintainers; [ j-brn ];
+    platforms = [ "x86_64-linux" ];
+  };
+}

base/virtualisation/kvmfr-options.nix

@@ -0,0 +1,52 @@
+# https://gist.github.com/j-brn/716a03822d256bc5bf5d77b951c7915c
+{ lib, pkgs, config, ... }:
+
+with lib;
+let
+  cfg = config.virtualisation.kvmfr;
+in
+{
+  options.virtualisation.kvmfr = {
+    enable = mkEnableOption "Kvmfr";
+
+    shm = {
+      enable = mkEnableOption "shm";
+
+      size = mkOption {
+        type = types.int;
+        default = "128";
+        description = "Size of the shared memory device in megabytes.";
+      };
+      user = mkOption {
+        type = types.str;
+        default = "root";
+        description = "Owner of the shared memory device.";
+      };
+      group = mkOption {
+        type = types.str;
+        default = "root";
+        description = "Group of the shared memory device.";
+      };
+      mode = mkOption {
+        type = types.str;
+        default = "0600";
+        description = "Mode of the shared memory device.";
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    boot.extraModulePackages = with config.boot.kernelPackages; [
+      (pkgs.callPackage ./kvmfr-git-package.nix { inherit kernel;})
+    ];
+    boot.initrd.kernelModules = [ "kvmfr" ];
+
+    boot.kernelParams = optionals cfg.shm.enable [
+      "kvmfr.static_size_mb=${toString cfg.shm.size}"
+    ];
+
+    services.udev.extraRules = optionals cfg.shm.enable ''
+      SUBSYSTEM=="kvmfr", OWNER="${cfg.shm.user}", GROUP="${cfg.shm.group}", MODE="${cfg.shm.mode}"
+    '';
+  };
+}

base/virtualisation/libvirt.nix

@@ -0,0 +1,39 @@
+# https://gist.github.com/CRTified/43b7ce84cd238673f7f24652c85980b3?permalink_comment_id=3793931
+{ lib, pkgs, config, ... }:
+with lib;
+let
+  cfg = config.virtualisation.libvirtd;
+
+  boolToZeroOne = x: if x then "1" else "0";
+
+  aclString = with lib.strings;
+    concatMapStringsSep ''
+      ,
+        '' escapeNixString cfg.deviceACL;
+in {
+  options.virtualisation.libvirtd = {
+    deviceACL = mkOption {
+      type = types.listOf types.str;
+      default = [ ];
+    };
+    clearEmulationCapabilities = mkOption {
+      type = types.bool;
+      default = true;
+    };
+  };
+
+  # Add qemu-libvirtd to the input group if required
+  config.users.users."qemu-libvirtd" = {
+    extraGroups = optionals (!cfg.qemu.runAsRoot) [ "kvm" "input" ];
+    isSystemUser = true;
+  };
+
+  config.virtualisation.libvirtd.qemu.verbatimConfig = ''
+    clear_emulation_capabilities = ${
+      boolToZeroOne cfg.clearEmulationCapabilities
+    }
+    cgroup_device_acl = [
+      ${aclString}
+    ]
+  '';
+}

base/virtualisation/vfio.nix

@@ -0,0 +1,73 @@
+# https://gist.github.com/CRTified/43b7ce84cd238673f7f24652c85980b3?permalink_comment_id=3793931
+{ lib, pkgs, config, ... }:
+with lib;
+let
+  cfg = config.virtualisation.vfio;
+in {
+  options.virtualisation.vfio = {
+    enable = mkEnableOption "VFIO Configuration";
+    IOMMUType = mkOption {
+      type = types.enum [ "intel" "amd" ];
+      example = "intel";
+      description = "Type of the IOMMU used";
+    };
+    devices = mkOption {
+      type = types.listOf (types.strMatching "[0-9a-f]{4}:[0-9a-f]{4}");
+      default = [ ];
+      example = [ "10de:1b80" "10de:10f0" ];
+      description = "PCI IDs of devices to bind to vfio-pci";
+    };
+    disableEFIfb = mkOption {
+      type = types.bool;
+      default = false;
+      example = true;
+      description = "Disables the usage of the EFI framebuffer on boot.";
+    };
+    blacklistNvidia = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Add Nvidia GPU modules to blacklist";
+    };
+    ignoreMSRs = mkOption {
+      type = types.bool;
+      default = false;
+      example = true;
+      description =
+        "When true, disable kvm guest access to model-specific registers";
+    };
+    disablePCIeASPM = mkOption {
+      type = types.bool;
+      default = false;
+      example = true;
+      description =
+        "When true, disable PCIe Active-State Power Management";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.udev.extraRules = ''
+      SUBSYSTEM=="vfio", OWNER="root", GROUP="kvm"
+    '';
+
+    boot.kernelParams = (if cfg.IOMMUType == "intel" then [
+      "intel_iommu=on"
+      "intel_iommu=igfx_off"
+    ] else
+      [ "amd_iommu=on" ]) ++ (optional (builtins.length cfg.devices > 0)
+        ("vfio-pci.ids=" + builtins.concatStringsSep "," cfg.devices))
+      ++ (optional cfg.disableEFIfb "video=efifb:off")
+      ++ (optionals cfg.ignoreMSRs [
+        "kvm.ignore_msrs=1"
+        "kvm.report_ignored_msrs=0" ])
+      ++ (optionals cfg.disablePCIeASPM [
+        "pcie_aspm=off"
+      ]);
+
+    boot.kernelModules = [ "vfio_pci" "vfio_iommu_type1" "vfio" ];
+
+    boot.initrd.kernelModules =
+      [ "vfio_pci" "vfio_iommu_type1" "vfio" ];
+    boot.blacklistedKernelModules =
+      optionals cfg.blacklistNvidia [ "nvidia" "nouveau" ];
+  };
+}

base/virtualisation/virtualisation.nix

@@ -0,0 +1,63 @@
+{ pkgs, config, ... }: {
+
+   imports = [
+     ./kvmfr-options.nix
+     ./libvirt.nix
+     ./virtualisationmod.nix
+     ./vfio.nix
+   ];
+
+  virtualisation = {
+    libvirtd = {
+      enable = true;
+      onBoot = "ignore";
+      onShutdown = "shutdown";
+      qemu = {
+        package = pkgs.qemu_kvm;
+        ovmf = {
+          enable = true;
+          packages = [ pkgs.OVMFFull.fd ];
+        };
+        vhostUserPackages = [ pkgs.virtiofsd ];
+        swtpm.enable = true;
+        runAsRoot = true;
+      };
+      clearEmulationCapabilities = false;
+      deviceACL = [
+        "/dev/ptmx"
+        "/dev/kvm"
+        "/dev/kvmfr0"
+        "/dev/vfio/vfio"
+        "/dev/vfio/30"
+      ];
+    };
+
+    kvmfr = {
+      enable = true;
+      shm = {
+        enable = true;
+        size = 512;
+        user = "alyx";
+        group = "qemu-libvirtd";
+        mode = "0666";
+      };
+    };
+    spiceUSBRedirection.enable = true;
+  };
+
+  virtualisation.vfio = {
+    enable = true;
+    IOMMUType = "intel";
+    devices = [
+      "1002:67df"
+      "1002:aaf0"
+      "1b21:2142"
+    ];
+    ignoreMSRs = true;
+    disablePCIeASPM = true;
+    disableEFIfb = false;
+  };
+
+  boot.kernelModules = [ "kvm-intel" "vhost_vsock" "vfio_virqfd" "vhost-net" ];
+
+}

base/virtualisation/virtualisationmod.nix

@@ -0,0 +1,67 @@
+# https://gist.github.com/CRTified/43b7ce84cd238673f7f24652c85980b3?permalink_comment_id=3793931
+{ lib, pkgs, config, ... }:
+with lib;
+let
+  cfg = config.virtualisation;
+  tmpfileEntry = name: f: "f /dev/shm/${name} ${f.mode} ${f.user} ${f.group} -";
+in {
+  options.virtualisation = {
+    sharedMemoryFiles = mkOption {
+      type = types.attrsOf (types.submodule ({ name, ... }: {
+        options = {
+          name = mkOption {
+            visible = false;
+            default = name;
+            type = types.str;
+          };
+          user = mkOption {
+            type = types.str;
+            default = "root";
+            description = "Owner of the memory file";
+          };
+          group = mkOption {
+            type = types.str;
+            default = "root";
+            description = "Group of the memory file";
+          };
+          mode = mkOption {
+            type = types.str;
+            default = "0600";
+            description = "Group of the memory file";
+          };
+        };
+      }));
+      default = { };
+    };
+    hugepages = {
+      enable = mkEnableOption "Hugepages";
+
+      defaultPageSize = mkOption {
+        type = types.strMatching "[0-9]*[kKmMgG]";
+        default = "1M";
+        description =
+          "Default size of huge pages. You can use suffixes K, M, and G to specify KB, MB, and GB.";
+      };
+      pageSize = mkOption {
+        type = types.strMatching "[0-9]*[kKmMgG]";
+        default = "1M";
+        description =
+          "Size of huge pages that are allocated at boot. You can use suffixes K, M, and G to specify KB, MB, and GB.";
+      };
+      numPages = mkOption {
+        type = types.ints.positive;
+        default = 1;
+        description = "Number of huge pages to allocate at boot.";
+      };
+    };
+  };
+
+  config.systemd.tmpfiles.rules =
+    mapAttrsToList (tmpfileEntry) cfg.sharedMemoryFiles;
+
+  config.boot.kernelParams = optionals cfg.hugepages.enable [
+    "default_hugepagesz=${cfg.hugepages.defaultPageSize}"
+    "hugepagesz=${cfg.hugepages.pageSize}"
+    "hugepages=${toString cfg.hugepages.numPages}"
+  ];
+}