- name: install required packages pacman: name: - qemu - libvirt - ovmf - virt-manager notify: - restart libvirtd.socket - restart virtlogd.socket - name: create hooks directory file: path: /etc/libvirt/hooks state: directory - name: configure kernel modules lineinfile: path: /etc/mkinitcpio.conf regexp: '^MODULES=' line: 'MODULES=(vfio_pci vfio vfio_iommu_type1 vfio_virqfd i915)' notify: regenerate linux initramfs - name: configure vfio-pci device ids template: src: vfio.conf.j2 dest: /etc/modprobe.d/vfio.conf notify: regenerate linux initramfs - name: install boot entry copy: src: archlinux_iommu.conf dest: /boot/loader/entries/archlinux_iommu.conf - name: configure qemu user lineinfile: path: /etc/libvirt/qemu.conf regexp: '^#?user' line: 'user = "1000"' - name: configure qemu group lineinfile: path: /etc/libvirt/qemu.conf regexp: '^#?group' line: 'group = "kvm"' - name: setup headless audio lineinfile: path: /etc/libvirt/qemu.conf regexp: '^#?nographics_allow_host_audio =' line: 'nographics_allow_host_audio = 1' - name: setup ovmf firmware image blockinfile: path: /etc/libvirt/qemu.conf insertbefore: '^#nvram' marker: '# {mark} NVRAM CONFIGURATION' block: | nvram = [ "/usr/share/ovmf/x64/OVMF_CODE.fd:/usr/share/ovmf/x64/OVMF_VARS.fd" ] notify: restart libvirtd.service - name: setup cgroup device acl blockinfile: path: /etc/libvirt/qemu.conf insertbefore: '^#cgroup_device_acl' marker: '# {mark} DEVICE ACL CONFIGURATION' block: | cgroup_device_acl = [ "/dev/kvm", "/dev/null", "/dev/full", "/dev/zero", "/dev/random", "/dev/urandom", "/dev/ptmx", "/dev/kvm", "/dev/kqemu", "/dev/rtc","/dev/hpet", "/dev/sev", "/dev/input/by-path/platform-i8042-serio-0-event-kbd" ] - name: install domain configuration copy: src: win10.xml dest: /etc/libvirt/qemu/win10.xml validate: /usr/bin/virt-xml-validate %s notify: restart libvirtd.service - name: install qemu hook copy: src: hooks/qemu dest: /etc/libvirt/hooks/qemu mode: '755' # - name: configure systemd CPUAffinity # lineinfile: # path: /etc/systemd/system.conf # regexp: '^#?CPUAffinity' # line: 'CPUAffinity=0 4' - name: configure pulseaudio tcp socket lineinfile: path: /etc/pulse/default.pa regexp: '^#?load-module module-native-protocol-tcp' line: 'load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1 auth-anonymous=1' - name: enable libvirtd.socket systemd: name: libvirtd.socket enabled: yes