More NixOS fixes

- Override UEFI firmware path
- Provide python-libvirt to Ansible's main environment too

Author: nightkr

roles/create-vm/defaults/main.yaml

@@ -21,3 +21,13 @@ install_iso_virtio_win: "{{ lookup('first_found', 'target') }}/virtio-win.iso"
 install_exe_spice_guest_tools_url: https://www.spice-space.org/download/windows/spice-guest-tools/spice-guest-tools-0.141/spice-guest-tools-0.141.exe
 install_exe_spice_guest_tools_checksum: sha256:b5be0754802bcd7f7fe0ccdb877f8a6224ba13a2af7d84eb087a89b3b0237da2
 install_exe_spice_guest_tools: "{{ lookup('first_found', 'guest-files') }}/spice-guest-tools.exe"
+
+# Some distributions don't ship firmware selection manifests, so we need to
+# provide an override ourselves.
+# vm_firmware_override will be set to the first candidate that exists, if any.
+vm_firmware_override: null
+vm_firmware_override_candidates:
+  # NixOS:
+  # https://github.com/NixOS/nixpkgs/issues/115996, and
+  # https://github.com/NixOS/nixpkgs/issues/318079
+  - /run/libvirt/nix-ovmf/OVMF_CODE.fd

roles/create-vm/tasks/main.yaml

@@ -24,6 +24,13 @@
     url: "{{ install_exe_spice_guest_tools_url }}"
     checksum: "{{ install_exe_spice_guest_tools_checksum }}"
 
+- name: Find firmware path
+  set_fact:
+    vm_firmware_override: "{{ item }}"
+  with_first_found:
+    - files: "{{ vm_firmware_override_candidates }}"
+      skip: True
+
 - name: Create VM Network
   community.libvirt.virt_net:
     name: "{{ vm_network_hostnet_name }}"

roles/create-vm/templates/windows-vm.xml.j2

@@ -8,8 +8,14 @@
   <memory unit="MiB">{{ vm_memory_mib }}</memory>
   <currentMemory unit="MiB">{{ vm_memory_mib }}</currentMemory>
   <vcpu placement="static">{{ vm_vcpus }}</vcpu>
-  <os firmware="efi">
-    <type arch="x86_64" machine="pc-q35-9.0">hvm</type>
+  <os
+    {% if not vm_firmware_override %}
+      firmware="efi"
+    {% endif %}>
+    <type arch="x86_64" machine="pc-q35-8.0">hvm</type>
+    {% if vm_firmware_override %}
+      <loader type='pflash'>{{ vm_firmware_override }}</loader>
+    {% endif %}
   </os>
   <features>
     <acpi/>

shell.nix

@@ -1,15 +1,23 @@
 { sources ? import nix/sources.nix
 , pkgs ? import sources.nixpkgs {} }:
 
-with pkgs;
+let
+  python = pkgs.python3;
+  extraAnsibleDeps = pypkgs: [ pypkgs.libvirt pypkgs.lxml ];
+in
+pkgs.mkShell rec {
+  # buildInputs = [ pkgs.ansible ];
+  buildInputs = [ ansible ];
 
-mkShell {
-  buildInputs = [ pkgs.ansible ];
+  # Ansible runs plugins in its own interpreter, so we need to add plugin dependencies to
+  # its Python environment
+  ansible = python.pkgs.toPythonApplication
+    (python.pkgs.ansible-core.overridePythonAttrs (old: {
+      propagatedBuildInputs = old.propagatedBuildInputs ++ extraAnsibleDeps python.pkgs;
+    }));
 
   # Ansible runs modules in a separate interpreter, which bypasses Nix's added packages
   # Hence, override that interpreter with one that has the required dependencies installed
-  ANSIBLE_PYTHON_INTERPRETER = pkgs.python3.withPackages (pkgs: [
-    # community.libvirt
-    pkgs.libvirt pkgs.lxml
-  ]) + "/bin/python";
+  ansiblePython = pkgs.python3.withPackages extraAnsibleDeps;
+  ANSIBLE_PYTHON_INTERPRETER = ansiblePython + "/bin/python";
 }