add VM config with TPM, update, add kleopatra, port forward, disable controller

configuration.nix

@@ -24,8 +24,8 @@
   
 
   hardware = {
-    xone.enable = true;
+    #xone.enable = true;
-    xpadneo.enable = true;
+    #xpadneo.enable = true;
     steam-hardware.enable = true;
     opengl.enable = true;
   };
@@ -40,7 +40,7 @@
   # Network security 
   # enable firewall and block all ports
   networking.firewall.enable = true;
-  networking.firewall.allowedTCPPorts = [];
+  networking.firewall.allowedTCPPorts = [7777];
   networking.firewall.allowedUDPPorts = [];
 
   # disable coredump that could be exploited later
@@ -150,6 +150,7 @@
     jdk
     cypress
     jq
+    swtpm
     # Controller
     linuxConsoleTools
     # Buildtools
@@ -174,6 +175,7 @@
     remmina
     krita
     darktable
+    kdePackages.kleopatra
   ];
 
   nixpkgs.config.permittedInsecurePackages = [
@@ -192,6 +194,22 @@
   # enable and configure Docker
   virtualisation.docker.enable = true;
 
+  # enable VMs
+  programs.virt-manager.enable = true;
+  users.groups.libvirtd.members = ["schulze"];
+  virtualisation = {
+    libvirtd = {
+      enable = true;
+      qemu = {
+        swtpm.enable = true;
+        ovmf.enable = true;
+        ovmf.packages = [ pkgs.OVMFFull.fd ];
+        # package = pkgs.qemu_kvm;
+      };
+    };
+    spiceUSBRedirection.enable = true;
+  };
+
   # SSH settings
   programs.ssh.extraConfig = "";
 

flake.lock

@@ -2,11 +2,11 @@
   "nodes": {
     "nixpkgs": {
       "locked": {
-        "lastModified": 1724531977,
+        "lastModified": 1735563628,
-        "narHash": "sha256-XROVLf9ti4rrNCFLr+DmXRZtPjCQTW4cYy59owTEmxk=",
+        "narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "2527da1ef492c495d5391f3bcf9c1dd9f4514e32",
+        "rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798",
         "type": "github"
       },
       "original": {