Virtualisation
The laptop supports both container and full VM workloads.
Podman
nix
virtualisation.podman = {
enable = true;
autoPrune.enable = true;
};Podman is configured as a rootless container runtime with automatic pruning of unused images and containers. No Docker compatibility layer is enabled on the laptop (unlike the server).
libvirtd / KVM
Full virtualisation via QEMU/KVM with virt-manager as the GUI:
nix
virtualisation.libvirtd = {
enable = true;
onBoot = "ignore"; # Don't auto-start VMs on boot
onShutdown = "shutdown"; # Gracefully shut down VMs on host shutdown
qemu = {
runAsRoot = false; # Run QEMU as non-root
swtpm.enable = true; # Software TPM for Windows 11 VMs
package = pkgs.qemu_kvm;
};
};Key Decisions
| Setting | Value | Rationale |
|---|---|---|
onBoot | "ignore" | VMs should not start automatically -- this is a laptop |
runAsRoot | false | Improved security by running QEMU as the user |
swtpm | true | Software TPM 2.0 emulation for Windows 11 guests |
package | qemu_kvm | KVM-only build (no TCG emulation overhead) |
User Access
The user is added to the libvirtd group:
nix
users.users.${username}.extraGroups = [ "libvirtd" ];GUI Management
nix
programs.virt-manager.enable = true;This enables virt-manager, a GTK-based GUI for creating and managing virtual machines.
Kernel Support
The kvm-amd module is loaded via hardware-configuration.nix:
nix
boot.kernelModules = [ "kvm-amd" ];This provides hardware-assisted virtualisation on AMD processors.