2026-02-15 23:37:28 +01:00
17 changed files with 82 additions and 48 deletions
--- a/flake.nix
+++ b/flake.nix
@ -67,7 +67,7 @@
    {

      # used with: `nix fmt`
-      formatter.${system} = pkgs.nixfmt-rfc-style;
+      formatter.${system} = pkgs.nixfmt-tree;

      nixosConfigurations = (import ./hosts inputs);

--- a/hosts/collabora/default.nix
+++ b/hosts/collabora/default.nix
@ -27,4 +27,3 @@ in

  system.stateVersion = "25.11";
 }
-
--- a/hosts/colmena/default.nix
+++ b/hosts/colmena/default.nix
@ -32,13 +32,20 @@ in
      lxc-standard.enable = true;
    };

-    virtualisation.proxmox.enable = true;
+    virtualisation = {
+      proxmox.enable = true;
+      podman.enable = true;
+    };
  };

  programs = {
    nix-ld.enable = true;
  };

+  environment.systemPackages = with pkgs; [
+    just-lsp
+  ];
+
  home-manager = {
    useGlobalPkgs = true;
    useUserPackages = true;
--- a/hosts/default.nix
+++ b/hosts/default.nix
@ -74,7 +74,10 @@ let
      hostModule = cfg.module;
      unstable = cfg.unstable or false;
      extraModules = cfg.extraModules or [ ];
-      specialArgs = { inherit authentik-nix; } // (cfg.specialArgs or { });
+      specialArgs = {
+        inherit authentik-nix;
+      }
+      // (cfg.specialArgs or { });
    }
  ) hostDefs;

--- a/hosts/docker/default.nix
+++ b/hosts/docker/default.nix
@ -14,6 +14,7 @@

    virtualisation = {
      proxmox.enable = true;
+      docker.enable = true;
    };
  };

--- a/hosts/forgejo-runner/default.nix
+++ b/hosts/forgejo-runner/default.nix
@ -61,4 +61,3 @@ in

  system.stateVersion = "25.11";
 }
-
--- a/hosts/librenms/default.nix
+++ b/hosts/librenms/default.nix
@ -18,7 +18,10 @@ in
      enable = true;
      hostname = p.hosts.librenms;
      settings = {
-        "snmp.community" = [ "public" "homelab" ];
+        "snmp.community" = [
+          "public"
+          "homelab"
+        ];

      };
    };
--- a/modules/monitoring/prometheus.nix
+++ b/modules/monitoring/prometheus.nix
@ -74,7 +74,8 @@ in
              }
            ];
          }
-        ] ++ cfg.extraScrapeConfigs;
+        ]
+        ++ cfg.extraScrapeConfigs;
      };

      services.grafana = {
--- a/modules/services/collabora-online.nix
+++ b/modules/services/collabora-online.nix
@ -55,24 +55,21 @@ in

      services.collabora-online = {
        enable = true;
-        settings =
-          {
-            net.listen = "0.0.0.0";
+        settings = {
+          net.listen = "0.0.0.0";

-            # terminate TLS at Caddy, NOT in coolwsd
-            ssl.enable = false;
-            ssl.termination = true;
+          # terminate TLS at Caddy, NOT in coolwsd
+          ssl.enable = false;
+          ssl.termination = true;

-            # allow WOPI (Nextcloud etc.)
-            storage.wopi."@allow" = true;
-          }
-          // lib.optionalAttrs (cfg.trustedDomains != [ ]) {
-            # Restrict which hosts may use WOPI (e.g. only your Nextcloud).
-            # Collabora expects regexes here, so escape dots.
-            storage.wopi.host = map
-              (d: builtins.replaceStrings [ "." ] [ "\\." ] d)
-              cfg.trustedDomains;
-          };
+          # allow WOPI (Nextcloud etc.)
+          storage.wopi."@allow" = true;
+        }
+        // lib.optionalAttrs (cfg.trustedDomains != [ ]) {
+          # Restrict which hosts may use WOPI (e.g. only your Nextcloud).
+          # Collabora expects regexes here, so escape dots.
+          storage.wopi.host = map (d: builtins.replaceStrings [ "." ] [ "\\." ] d) cfg.trustedDomains;
+        };
      };

      networking.firewall.allowedTCPPorts = [
--- a/modules/services/forgejo-runner.nix
+++ b/modules/services/forgejo-runner.nix
@ -97,4 +97,3 @@ in

  };
 }
-
--- a/modules/services/ilpost-addict.nix
+++ b/modules/services/ilpost-addict.nix
@ -16,10 +16,14 @@ let
    sha256 = "sha256-kL7tVHXZunqGFztbVx850QQ1U5h5wY1ltIONWXwe7QQ=";
  };

-  phpPackage = pkgs.php.withExtensions ({ enabled, all }: enabled ++ [
-    all.curl
-    all.dom
-  ]);
+  phpPackage = pkgs.php.withExtensions (
+    { enabled, all }:
+    enabled
+    ++ [
+      all.curl
+      all.dom
+    ]
+  );

 in
 {
@ -51,7 +55,13 @@ in
    };

    poolSettings = lib.mkOption {
-      type = with lib.types; attrsOf (oneOf [ str int bool ]);
+      type =
+        with lib.types;
+        attrsOf (oneOf [
+          str
+          int
+          bool
+        ]);
      default = {
        "pm" = "dynamic";
        "pm.max_children" = 8;
@ -133,11 +143,13 @@ in
        user = cfg.user;
        group = cfg.group;
        phpPackage = phpPackage;
-        settings = lib.mapAttrs (name: lib.mkDefault) {
-          "listen.owner" = config.services.caddy.user;
-          "listen.group" = config.services.caddy.group;
-          "chdir" = cfg.dataDir;
-        } // cfg.poolSettings;
+        settings =
+          lib.mapAttrs (name: lib.mkDefault) {
+            "listen.owner" = config.services.caddy.user;
+            "listen.group" = config.services.caddy.group;
+            "chdir" = cfg.dataDir;
+          }
+          // cfg.poolSettings;
      };

      # Caddy configuration for serving PHP
@ -169,4 +181,3 @@ in
    })
  ];
 }
-
--- a/modules/services/n8n.nix
+++ b/modules/services/n8n.nix
@ -67,7 +67,11 @@ in
      };

      # Add npm/nodejs to n8n's PATH
-      systemd.services.n8n.path = [ pkgs.nodejs pkgs.gnutar pkgs.gzip ];
+      systemd.services.n8n.path = [
+        pkgs.nodejs
+        pkgs.gnutar
+        pkgs.gzip
+      ];

    })

--- a/modules/services/rutorrent.nix
+++ b/modules/services/rutorrent.nix
@ -263,9 +263,9 @@ in
                cp -r ${rutorrentPkgs}/php ${cfg.dataDir}/

                ${optionalString (cfg.plugins != [ ])
-                  ''cp -r ${
+                  "cp -r ${
                    concatMapStringsSep " " (p: "${rutorrentPkgs}/plugins/${p}") cfg.plugins
-                  } ${cfg.dataDir}/plugins/''
+                  } ${cfg.dataDir}/plugins/"
                }

                chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir}/{conf,share,logs,plugins}
--- a/modules/utils/server-node-users.nix
+++ b/modules/utils/server-node-users.nix
@ -32,7 +32,7 @@ in
        isNormalUser = true;
        hashedPassword = "$y$j9T$oWLCV1hnGPyOGabMfAS3p1$/iwouRZGwQXcv6IHnLuT3I9.pmeXNpcHxq.b8xfitr1";
        shell = pkgs.bash;
-        extraGroups = [ "wheel" ];
+        extraGroups = [ "wheel" ] ++ lib.optionals config.virtualisation.docker.enable [ "docker" ];
        openssh.authorizedKeys.keys = sshKeys.infra-core;
      };

--- a/modules/virtualisation/docker.nix
+++ b/modules/virtualisation/docker.nix
@ -14,13 +14,10 @@ in

  config = lib.mkIf cfg.enable {
    virtualisation = {
-      docker = {
-        storageDriver = "overlay2";
-      };
-
+      docker.enable = true;
      oci-containers.backend = "docker";
-
    };
+
  };

 }
--- a/modules/virtualisation/podman.nix
+++ b/modules/virtualisation/podman.nix
@ -13,15 +13,28 @@ in
  };

  config = lib.mkIf cfg.enable {
+    # Enable common container config files in /etc/containers
+    virtualisation.containers.enable = true;
    virtualisation = {
-
      podman = {
        enable = true;
-      };

-      oci-containers.backend = "podman";
+        # Create a `docker` alias for podman, to use it as a drop-in replacement
+        dockerCompat = true;
+
+        # Required for containers under podman-compose to be able to talk to each other.
+        defaultNetwork.settings.dns_enabled = true;
+      };
    };

+    # Useful other development tools
+    environment.systemPackages = with pkgs; [
+      dive # look into docker image layers
+      podman-tui # status of containers in the terminal
+      docker-compose # start group of containers for dev
+      podman-compose # start group of containers for dev
+    ];
+
    # Depending on the host filesystem
    # virtualisation.containers.storage.settings = {
    #   storage = {