From 8541ec6d85c40dad2841642aa16ab8b3a2f97d53 Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Tue, 23 Apr 2024 11:55:16 +0200
Subject: [PATCH] nixos/incus: add support for software TPMs

Was previously broken due to a missing runtime dependency.

> Error: Failed to start device "vtpm": Failed to validate environment: Required tool 'swtpm' is missing
---
 nixos/modules/virtualisation/incus.nix |  1 +
 nixos/tests/incus/virtual-machine.nix  | 11 ++++++++++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/virtualisation/incus.nix b/nixos/modules/virtualisation/incus.nix
index 08e8288fb203..5d0225a6a51d 100644
--- a/nixos/modules/virtualisation/incus.nix
+++ b/nixos/modules/virtualisation/incus.nix
@@ -41,6 +41,7 @@ let
         qemu-utils
         rsync
         squashfsTools
+        swtpm
         systemd
         thin-provisioning-tools
         util-linux
diff --git a/nixos/tests/incus/virtual-machine.nix b/nixos/tests/incus/virtual-machine.nix
index 48178aaed32c..eebbbd113ed1 100644
--- a/nixos/tests/incus/virtual-machine.nix
+++ b/nixos/tests/incus/virtual-machine.nix
@@ -30,6 +30,9 @@ in
       memorySize = 1024;
       diskSize = 4096;
 
+      # Provide a TPM to test vTPM support for guests
+      tpm.enable = true;
+
       incus.enable = true;
     };
     networking.nftables.enable = true;
@@ -47,8 +50,14 @@ in
     with subtest("virtual-machine image can be imported"):
         machine.succeed("incus image import ${vm-image-metadata}/*/*.tar.xz ${vm-image-disk}/nixos.qcow2 --alias nixos")
 
+    with subtest("virtual-machine can be created"):
+        machine.succeed("incus create nixos ${instance-name} --vm --config limits.memory=512MB --config security.secureboot=false")
+
+    with subtest("virtual tpm can be configured"):
+        machine.succeed("incus config device add ${instance-name} vtpm tpm path=/dev/tpm0")
+
     with subtest("virtual-machine can be launched and become available"):
-        machine.succeed("incus launch nixos ${instance-name} --vm --config limits.memory=512MB --config security.secureboot=false")
+        machine.succeed("incus start ${instance-name}")
         with machine.nested("Waiting for instance to start and be usable"):
           retry(instance_is_up)