From 25bd2b71a21c7dff2e7e144ce428aedada2824e8 Mon Sep 17 00:00:00 2001
From: Abiola Ibrahim <git@abiosoft.com>
Date: Mon, 5 Aug 2024 15:04:21 +0100
Subject: [PATCH] vz: add support for nested virtualization

Signed-off-by: Abiola Ibrahim <git@abiosoft.com>
---
 pkg/limayaml/defaults.go      | 10 ++++++++++
 pkg/limayaml/defaults_test.go |  9 ++++++++-
 pkg/limayaml/limayaml.go      | 11 ++++++-----
 pkg/vz/vm_darwin.go           | 17 +++++++++++++++++
 pkg/vz/vz_driver_darwin.go    |  1 +
 5 files changed, 42 insertions(+), 6 deletions(-)

diff --git a/pkg/limayaml/defaults.go b/pkg/limayaml/defaults.go
index d3cc7ef8e3c..59184299ae6 100644
--- a/pkg/limayaml/defaults.go
+++ b/pkg/limayaml/defaults.go
@@ -735,6 +735,16 @@ func FillDefault(y, d, o *LimaYAML, filePath string) {
 		y.Rosetta.BinFmt = ptr.Of(false)
 	}
 
+	if y.NestedVirtualization == nil {
+		y.NestedVirtualization = d.NestedVirtualization
+	}
+	if o.NestedVirtualization != nil {
+		y.NestedVirtualization = o.NestedVirtualization
+	}
+	if y.NestedVirtualization == nil {
+		y.NestedVirtualization = ptr.Of(false)
+	}
+
 	if y.Plain == nil {
 		y.Plain = d.Plain
 	}
diff --git a/pkg/limayaml/defaults_test.go b/pkg/limayaml/defaults_test.go
index 16fff19415d..f3e3c2bb78e 100644
--- a/pkg/limayaml/defaults_test.go
+++ b/pkg/limayaml/defaults_test.go
@@ -106,7 +106,8 @@ func TestFillDefault(t *testing.T) {
 		CACertificates: CACertificates{
 			RemoveDefaults: ptr.Of(false),
 		},
-		Plain: ptr.Of(false),
+		NestedVirtualization: ptr.Of(false),
+		Plain:                ptr.Of(false),
 	}
 
 	defaultPortForward := PortForward{
@@ -293,6 +294,8 @@ func TestFillDefault(t *testing.T) {
 		BinFmt:  ptr.Of(false),
 	}
 
+	expect.NestedVirtualization = ptr.Of(false)
+
 	FillDefault(&y, &LimaYAML{}, &LimaYAML{}, filePath)
 	assert.DeepEqual(t, &y, &expect, opts...)
 
@@ -420,6 +423,7 @@ func TestFillDefault(t *testing.T) {
 			Enabled: ptr.Of(true),
 			BinFmt:  ptr.Of(true),
 		},
+		NestedVirtualization: ptr.Of(true),
 	}
 
 	expect = d
@@ -634,6 +638,7 @@ func TestFillDefault(t *testing.T) {
 			Enabled: ptr.Of(false),
 			BinFmt:  ptr.Of(false),
 		},
+		NestedVirtualization: ptr.Of(false),
 	}
 
 	y = filledDefaults
@@ -690,6 +695,8 @@ func TestFillDefault(t *testing.T) {
 	}
 	expect.Plain = ptr.Of(false)
 
+	expect.NestedVirtualization = ptr.Of(false)
+
 	FillDefault(&y, &d, &o, filePath)
 	assert.DeepEqual(t, &y, &expect, opts...)
 }
diff --git a/pkg/limayaml/limayaml.go b/pkg/limayaml/limayaml.go
index 4b3bc1cdd7c..9bad57e4c73 100644
--- a/pkg/limayaml/limayaml.go
+++ b/pkg/limayaml/limayaml.go
@@ -38,11 +38,12 @@ type LimaYAML struct {
 	DNS          []net.IP          `yaml:"dns,omitempty" json:"dns,omitempty"`
 	HostResolver HostResolver      `yaml:"hostResolver,omitempty" json:"hostResolver,omitempty"`
 	// `useHostResolver` was deprecated in Lima v0.8.1, removed in Lima v0.14.0. Use `hostResolver.enabled` instead.
-	PropagateProxyEnv *bool          `yaml:"propagateProxyEnv,omitempty" json:"propagateProxyEnv,omitempty"`
-	CACertificates    CACertificates `yaml:"caCerts,omitempty" json:"caCerts,omitempty"`
-	Rosetta           Rosetta        `yaml:"rosetta,omitempty" json:"rosetta,omitempty"`
-	Plain             *bool          `yaml:"plain,omitempty" json:"plain,omitempty"`
-	TimeZone          *string        `yaml:"timezone,omitempty" json:"timezone,omitempty"`
+	PropagateProxyEnv    *bool          `yaml:"propagateProxyEnv,omitempty" json:"propagateProxyEnv,omitempty"`
+	CACertificates       CACertificates `yaml:"caCerts,omitempty" json:"caCerts,omitempty"`
+	Rosetta              Rosetta        `yaml:"rosetta,omitempty" json:"rosetta,omitempty"`
+	Plain                *bool          `yaml:"plain,omitempty" json:"plain,omitempty"`
+	TimeZone             *string        `yaml:"timezone,omitempty" json:"timezone,omitempty"`
+	NestedVirtualization *bool          `yaml:"nestedVirtualization,omitempty" json:"nestedVirtualization,omitempty"`
 }
 
 type (
diff --git a/pkg/vz/vm_darwin.go b/pkg/vz/vm_darwin.go
index 74151f36711..dba92a47a8f 100644
--- a/pkg/vz/vm_darwin.go
+++ b/pkg/vz/vm_darwin.go
@@ -15,6 +15,7 @@ import (
 	"syscall"
 
 	"github.com/Code-Hex/vz/v3"
+	"github.com/coreos/go-semver/semver"
 	"github.com/docker/go-units"
 	"github.com/lima-vm/go-qcow2reader"
 	"github.com/lima-vm/go-qcow2reader/image/raw"
@@ -25,6 +26,7 @@ import (
 	"github.com/lima-vm/lima/pkg/nativeimgutil"
 	"github.com/lima-vm/lima/pkg/networks"
 	"github.com/lima-vm/lima/pkg/networks/usernet"
+	"github.com/lima-vm/lima/pkg/osutil"
 	"github.com/lima-vm/lima/pkg/store"
 	"github.com/lima-vm/lima/pkg/store/filenames"
 	"github.com/sirupsen/logrus"
@@ -239,6 +241,21 @@ func attachPlatformConfig(driver *driver.BaseDriver, vmConfig *vz.VirtualMachine
 	if err != nil {
 		return err
 	}
+
+	// nested virt
+	if *driver.Yaml.NestedVirtualization {
+		macOSProductVersion, err := osutil.ProductVersion()
+		if err != nil {
+			return fmt.Errorf("failed to get macOS product version: %w", err)
+		}
+
+		if macOSProductVersion.LessThan(*semver.New("15.0.0")) {
+			return fmt.Errorf("nested virtualization requires macOS 15 or newer")
+		}
+
+		platformConfig.SetNestedVirtualizationEnabled(true)
+	}
+
 	vmConfig.SetPlatformVirtualMachineConfiguration(platformConfig)
 	return nil
 }
diff --git a/pkg/vz/vz_driver_darwin.go b/pkg/vz/vz_driver_darwin.go
index e308ce169b0..e6ef3007681 100644
--- a/pkg/vz/vz_driver_darwin.go
+++ b/pkg/vz/vz_driver_darwin.go
@@ -40,6 +40,7 @@ var knownYamlProperties = []string{
 	"Mounts",
 	"MountType",
 	"MountInotify",
+	"NestedVirtualization",
 	"Networks",
 	"OS",
 	"Param",