Merge branch 'master' into auto-update/2026-02-13

flake.nix

@@ -67,7 +67,7 @@
     {
 
       # used with: `nix fmt`
-      formatter.${system} = pkgs.nixfmt-rfc-style;
+      formatter.${system} = pkgs.nixfmt-tree;
 
       nixosConfigurations = (import ./hosts inputs);
 

hosts/collabora/default.nix

@@ -27,4 +27,3 @@ in
 
   system.stateVersion = "25.11";
 }
-

hosts/colmena/default.nix

@@ -32,13 +32,20 @@ in
       lxc-standard.enable = true;
     };
 
-    virtualisation.proxmox.enable = true;
+    virtualisation = {
+      proxmox.enable = true;
+      podman.enable = true;
+    };
   };
 
   programs = {
     nix-ld.enable = true;
   };
 
+  environment.systemPackages = with pkgs; [
+    just-lsp
+  ];
+
   home-manager = {
     useGlobalPkgs = true;
     useUserPackages = true;

hosts/default.nix

@@ -74,7 +74,10 @@ let
       hostModule = cfg.module;
       unstable = cfg.unstable or false;
       extraModules = cfg.extraModules or [ ];
-      specialArgs = { inherit authentik-nix; } // (cfg.specialArgs or { });
+      specialArgs = {
+        inherit authentik-nix;
+      }
+      // (cfg.specialArgs or { });
     }
   ) hostDefs;
 

hosts/docker/default.nix

@@ -14,6 +14,7 @@
 
     virtualisation = {
       proxmox.enable = true;
+      docker.enable = true;
     };
   };
 

hosts/forgejo-runner/default.nix

@@ -61,4 +61,3 @@ in
 
   system.stateVersion = "25.11";
 }
-

hosts/librenms/default.nix

@@ -18,7 +18,10 @@ in
       enable = true;
       hostname = p.hosts.librenms;
       settings = {
-        "snmp.community" = [ "public" "homelab" ];
+        "snmp.community" = [
+          "public"
+          "homelab"
+        ];
 
       };
     };

modules/monitoring/prometheus.nix

@@ -74,7 +74,8 @@ in
               }
             ];
           }
-        ] ++ cfg.extraScrapeConfigs;
+        ]
+        ++ cfg.extraScrapeConfigs;
       };
 
       services.grafana = {

modules/services/collabora-online.nix

@@ -55,24 +55,21 @@ in
 
       services.collabora-online = {
         enable = true;
-        settings =
+        settings = {
-          {
+          net.listen = "0.0.0.0";
-            net.listen = "0.0.0.0";
 
-            # terminate TLS at Caddy, NOT in coolwsd
+          # terminate TLS at Caddy, NOT in coolwsd
-            ssl.enable = false;
+          ssl.enable = false;
-            ssl.termination = true;
+          ssl.termination = true;
 
-            # allow WOPI (Nextcloud etc.)
+          # allow WOPI (Nextcloud etc.)
-            storage.wopi."@allow" = true;
+          storage.wopi."@allow" = true;
-          }
+        }
-          // lib.optionalAttrs (cfg.trustedDomains != [ ]) {
+        // lib.optionalAttrs (cfg.trustedDomains != [ ]) {
-            # Restrict which hosts may use WOPI (e.g. only your Nextcloud).
+          # Restrict which hosts may use WOPI (e.g. only your Nextcloud).
-            # Collabora expects regexes here, so escape dots.
+          # Collabora expects regexes here, so escape dots.
-            storage.wopi.host = map
+          storage.wopi.host = map (d: builtins.replaceStrings [ "." ] [ "\\." ] d) cfg.trustedDomains;
-              (d: builtins.replaceStrings [ "." ] [ "\\." ] d)
+        };
-              cfg.trustedDomains;
-          };
       };
 
       networking.firewall.allowedTCPPorts = [

modules/services/forgejo-runner.nix

@@ -97,4 +97,3 @@ in
 
   };
 }
-

modules/services/ilpost-addict.nix

@@ -16,10 +16,14 @@ let
     sha256 = "sha256-kL7tVHXZunqGFztbVx850QQ1U5h5wY1ltIONWXwe7QQ=";
   };
 
-  phpPackage = pkgs.php.withExtensions ({ enabled, all }: enabled ++ [
+  phpPackage = pkgs.php.withExtensions (
-    all.curl
+    { enabled, all }:
-    all.dom
+    enabled
-  ]);
+    ++ [
+      all.curl
+      all.dom
+    ]
+  );
 
 in
 {
@@ -51,7 +55,13 @@ in
     };
 
     poolSettings = lib.mkOption {
-      type = with lib.types; attrsOf (oneOf [ str int bool ]);
+      type =
+        with lib.types;
+        attrsOf (oneOf [
+          str
+          int
+          bool
+        ]);
       default = {
         "pm" = "dynamic";
         "pm.max_children" = 8;
@@ -133,11 +143,13 @@ in
         user = cfg.user;
         group = cfg.group;
         phpPackage = phpPackage;
-        settings = lib.mapAttrs (name: lib.mkDefault) {
+        settings =
-          "listen.owner" = config.services.caddy.user;
+          lib.mapAttrs (name: lib.mkDefault) {
-          "listen.group" = config.services.caddy.group;
+            "listen.owner" = config.services.caddy.user;
-          "chdir" = cfg.dataDir;
+            "listen.group" = config.services.caddy.group;
-        } // cfg.poolSettings;
+            "chdir" = cfg.dataDir;
+          }
+          // cfg.poolSettings;
       };
 
       # Caddy configuration for serving PHP
@@ -169,4 +181,3 @@ in
     })
   ];
 }
-

modules/services/n8n.nix

@@ -67,7 +67,11 @@ in
       };
 
       # Add npm/nodejs to n8n's PATH
-      systemd.services.n8n.path = [ pkgs.nodejs pkgs.gnutar pkgs.gzip ];
+      systemd.services.n8n.path = [
+        pkgs.nodejs
+        pkgs.gnutar
+        pkgs.gzip
+      ];
 
     })
 

modules/services/nextcloud.nix

@@ -68,7 +68,7 @@ in
           package = pkgs.nextcloud32;
           hostName = "cloud.${cfg.proxy.domain}";
           https = true;
-          
+
           secretFile = cfg.secretFile;
 
           settings = {

modules/services/rutorrent.nix

@@ -263,9 +263,9 @@ in
                 cp -r ${rutorrentPkgs}/php ${cfg.dataDir}/
 
                 ${optionalString (cfg.plugins != [ ])
-                  ''cp -r ${
+                  "cp -r ${
                     concatMapStringsSep " " (p: "${rutorrentPkgs}/plugins/${p}") cfg.plugins
-                  } ${cfg.dataDir}/plugins/''
+                  } ${cfg.dataDir}/plugins/"
                 }
 
                 chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir}/{conf,share,logs,plugins}

modules/utils/server-node-users.nix

@@ -32,7 +32,7 @@ in
         isNormalUser = true;
         hashedPassword = "$y$j9T$oWLCV1hnGPyOGabMfAS3p1$/iwouRZGwQXcv6IHnLuT3I9.pmeXNpcHxq.b8xfitr1";
         shell = pkgs.bash;
-        extraGroups = [ "wheel" ];
+        extraGroups = [ "wheel" ] ++ lib.optionals config.virtualisation.docker.enable [ "docker" ];
         openssh.authorizedKeys.keys = sshKeys.infra-core;
       };
 

modules/virtualisation/docker.nix

@@ -14,13 +14,10 @@ in
 
   config = lib.mkIf cfg.enable {
     virtualisation = {
-      docker = {
+      docker.enable = true;
-        storageDriver = "overlay2";
-      };
-
       oci-containers.backend = "docker";
-
     };
+
   };
 
 }

modules/virtualisation/podman.nix

@@ -13,15 +13,28 @@ in
   };
 
   config = lib.mkIf cfg.enable {
+    # Enable common container config files in /etc/containers
+    virtualisation.containers.enable = true;
     virtualisation = {
-
       podman = {
         enable = true;
-      };
 
-      oci-containers.backend = "podman";
+        # Create a `docker` alias for podman, to use it as a drop-in replacement
+        dockerCompat = true;
+
+        # Required for containers under podman-compose to be able to talk to each other.
+        defaultNetwork.settings.dns_enabled = true;
+      };
     };
 
+    # Useful other development tools
+    environment.systemPackages = with pkgs; [
+      dive # look into docker image layers
+      podman-tui # status of containers in the terminal
+      docker-compose # start group of containers for dev
+      podman-compose # start group of containers for dev
+    ];
+
     # Depending on the host filesystem
     # virtualisation.containers.storage.settings = {
     #   storage = {