KVM Setup¶
Install Virtualization Packages¶
sudo apt install -y \
qemu-kvm \
libvirt-daemon-system \
libvirt-clients \
bridge-utils \
virtinst \
ovmf \
swtpm \
swtpm-tools
swtpm provides the emulated TPM 2.0 that Windows 11 requires for installation. ovmf ships both the standard and Secure-Boot variants of the UEFI firmware (OVMF_CODE.fd and OVMF_CODE.secboot.fd).
Verify KVM Support¶
Configure libvirt¶
Add User to Groups¶
Log out and back in for group changes.
Enable libvirt¶
Verify¶
Storage Pool¶
Create a ZFS-backed storage pool:
virsh pool-define-as vm-pool dir - - - - /mnt/tank/vm
virsh pool-start vm-pool
virsh pool-autostart vm-pool
Network Configuration¶
Default NAT Network¶
libvirt creates a default NAT network. Verify:
Bridge Network (Optional)¶
For VMs on the same network as the host:
# /etc/netplan/00-installer-config.yaml
network:
version: 2
renderer: networkd
ethernets:
enp5s0:
dhcp4: no
bridges:
br0:
interfaces: [enp5s0]
dhcp4: true
Remote Management¶
virt-manager over SSH (recommended)¶
Install virt-manager on your workstation/Mac and point it at the headless server:
virt-manager runs locally as a Python/GTK app and talks to libvirtd on the server over SSH — no X11 forwarding required.
X11 forwarding is not needed
Earlier drafts of this doc recommended enabling X11Forwarding yes in sshd. That's only relevant if you intended to run virt-manager on the server and tunnel its GUI back, which contradicts the headless model. Leave X11Forwarding no on the server.
VM Best Practices¶
| Setting | Value | Reason |
|---|---|---|
| Chipset | Q35 | Modern, PCIe support |
| Firmware | UEFI (OVMF) | Required for GPU passthrough |
| CPU | host-passthrough | Full CPU features |
| Disk | virtio | Best performance |
| Network | virtio | Best performance |