diff --git a/.gitignore b/.gitignore old mode 100644 new mode 100755 diff --git a/README.md b/README.md old mode 100644 new mode 100755 diff --git a/appflakes/immich/README.md b/appflakes/immich/README.md old mode 100644 new mode 100755 diff --git a/appflakes/immich/flake.lock b/appflakes/immich/flake.lock old mode 100644 new mode 100755 diff --git a/appflakes/immich/flake.nix b/appflakes/immich/flake.nix old mode 100644 new mode 100755 diff --git a/appflakes/octofriend/README.md b/appflakes/octofriend/README.md old mode 100644 new mode 100755 diff --git a/appflakes/octofriend/flake.lock b/appflakes/octofriend/flake.lock old mode 100644 new mode 100755 diff --git a/appflakes/octofriend/flake.nix b/appflakes/octofriend/flake.nix old mode 100644 new mode 100755 diff --git a/appflakes/octofriend/result b/appflakes/octofriend/result deleted file mode 120000 index ee7aad2..0000000 --- a/appflakes/octofriend/result +++ /dev/null @@ -1 +0,0 @@ -/nix/store/cmq4skpafnf055fyjmk8qxjhvbxl0xws-octofriend-git-6d9c260 \ No newline at end of file diff --git a/desktop/3dprinting.nix b/desktop/3dprinting.nix old mode 100644 new mode 100755 diff --git a/desktop/daw.nix b/desktop/daw.nix old mode 100644 new mode 100755 diff --git a/desktop/dev.nix b/desktop/dev.nix old mode 100644 new mode 100755 diff --git a/desktop/dnm.nix b/desktop/dnm.nix old mode 100644 new mode 100755 diff --git a/desktop/gaming.nix b/desktop/gaming.nix old mode 100644 new mode 100755 diff --git a/desktop/media.nix b/desktop/media.nix old mode 100644 new mode 100755 diff --git a/desktop/office.nix b/desktop/office.nix old mode 100644 new mode 100755 diff --git a/desktop/plasma.nix b/desktop/plasma.nix old mode 100644 new mode 100755 diff --git a/desktop/stp-elc-udmshare.nix b/desktop/stp-elc-udmshare.nix old mode 100644 new mode 100755 diff --git a/desktop/tailscale.nix b/desktop/tailscale.nix old mode 100644 new mode 100755 diff --git a/desktop/virtualization.nix b/desktop/virtualization.nix old mode 100644 new mode 100755 diff --git a/docs/README-unstable and stable packages.md b/docs/README-unstable and stable packages.md old mode 100644 new mode 100755 diff --git a/docs/agents.md b/docs/agents.md old mode 100644 new mode 100755 diff --git a/flake.lock b/flake.lock old mode 100644 new mode 100755 index 3994520..9f1b917 --- a/flake.lock +++ b/flake.lock @@ -1,23 +1,5 @@ { "nodes": { - "flake-utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -85,54 +67,6 @@ "type": "indirect" } }, - "nixpkgs_2": { - "locked": { - "lastModified": 1765779637, - "narHash": "sha256-KJ2wa/BLSrTqDjbfyNx70ov/HdgNBCBBSQP3BIzKnv4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "1306659b587dc277866c7b69eb97e5f07864d8c4", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "octofriend": { - "inputs": { - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_2", - "octofriend": "octofriend_2" - }, - "locked": { - "path": "./appflakes/octofriend", - "type": "path" - }, - "original": { - "path": "./appflakes/octofriend", - "type": "path" - }, - "parent": [] - }, - "octofriend_2": { - "flake": false, - "locked": { - "lastModified": 1766013652, - "narHash": "sha256-X7t2CGNZP+OS2pbMtRAg3XIGq3HA3N3rPk5ELV1FNRQ=", - "owner": "synthetic-lab", - "repo": "octofriend", - "rev": "6d9c260743e4b645fd4b216ce1cd979d5c0dd473", - "type": "github" - }, - "original": { - "owner": "synthetic-lab", - "repo": "octofriend", - "type": "github" - } - }, "plasma-manager": { "inputs": { "home-manager": [ @@ -162,24 +96,8 @@ "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "nixpkgs-unstable": "nixpkgs-unstable", - "octofriend": "octofriend", "plasma-manager": "plasma-manager" } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix old mode 100644 new mode 100755 index d6049fc..280dde0 --- a/flake.nix +++ b/flake.nix @@ -17,10 +17,9 @@ inputs.home-manager.follows = "home-manager"; }; - octofriend = { url = "path:./appflakes/octofriend"; }; }; - outputs = { self, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, plasma-manager, octofriend }: + outputs = { self, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, plasma-manager }: let localSystem = { system = "x86_64-linux"; @@ -32,7 +31,6 @@ config.allowUnfree = true; }; - inherit octofriend; }; mkSystem = { modules, hardware ? [] }: nixpkgs.lib.nixosSystem { @@ -45,6 +43,7 @@ # Common desktop modules commonDesktopModules = [ ./systems/common.nix + ./systems/desktop.nix ./users/jsutter.nix ./desktop/plasma.nix ./desktop/dev.nix @@ -78,7 +77,7 @@ modules = commonDesktopModules ++ [ ./systems/labrizor.nix ./users/jsutter.nix - ./desktop/3dprinting.nix + ./desktop/3dprinting.nix ]; }; warp = mkSystem { @@ -86,6 +85,7 @@ ./systems/common.nix ./users/jsutter.nix ./systems/warp.nix + ./servers/forgejo.nix ]; }; }; diff --git a/servers/README.md b/servers/README.md old mode 100644 new mode 100755 diff --git a/servers/common.nix b/servers/common.nix old mode 100644 new mode 100755 diff --git a/servers/forgejo.nix b/servers/forgejo.nix old mode 100644 new mode 100755 index 223e615..e8bd8f5 --- a/servers/forgejo.nix +++ b/servers/forgejo.nix @@ -1,314 +1,92 @@ -{ config, pkgs, lib, ... }: - -with lib; - +{ lib, pkgs, config, ... }: let cfg = config.services.forgejo; -in { - options.services.forgejo = { - enable = mkEnableOption "Forgejo Git server"; + srv = cfg.settings.server; - domain = mkOption { - type = types.str; - example = "git.example.com"; - description = "The domain name for Forgejo"; - }; + fqdn = "git.symbiotrip.com"; - stateDir = mkOption { - type = types.str; - default = "/var/lib/forgejo"; - description = "Directory for Forgejo data"; - }; + smtpPassword = "Monaco55"; + runnerToken = "PUT_RUNNER_REGISTRATION_TOKEN_HERE"; + adminPassword = "2wiggyWah!"; - database = { - createLocally = mkOption { - type = types.bool; - default = true; - description = "Whether to create a local PostgreSQL database"; + adminUser = "jsutter"; + adminEmail = "jsutter@symbiotrip.com"; + + +in + +{ + security.acme.certs.${fqdn}.group = config.services.nginx.group; + services.nginx.virtualHosts.${fqdn} = { + forceSSL = true; + enableACME = true; + useACMEHost = fqdn; + acmeRoot = null; + extraConfig = '' + client_max_body_size 512M; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + ''; + locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}"; + }; + + services.forgejo = { + enable = true; + database.type = "postgres"; + lfs.enable = true; + + settings = { + server = { + DOMAIN = fqdn; + ROOT_URL = "https://${fqdn}/"; + HTTP_PORT = 3000; }; - passwordFile = mkOption { - type = types.nullOr types.path; - default = null; - example = "/run/keys/forgejo-db"; - description = "Path to file containing database password"; - }; - }; + service.DISABLE_REGISTRATION = true; - mailer = { - enable = mkOption { - type = types.bool; - default = false; - description = "Enable email notifications"; + actions = { + ENABLED = true; + DEFAULT_ACTIONS_URL = "github"; }; - host = mkOption { - type = types.str; - example = "smtp.gmail.com"; - description = "SMTP server hostname"; - }; - - port = mkOption { - type = types.port; - default = 587; - description = "SMTP server port"; - }; - - from = mkOption { - type = types.str; - example = "git@example.com"; - description = "Email sender address"; - }; - - userFile = mkOption { - type = types.path; - example = "/run/keys/forgejo-smtp-user"; - description = "Path to file containing SMTP username"; - }; - - passwordFile = mkOption { - type = types.path; - example = "/run/keys/forgejo-smtp-pass"; - description = "Path to file containing SMTP password"; - }; - }; - - oauth2 = { - enable = mkOption { - type = types.bool; - default = false; - description = "Enable OAuth2 authentication"; - }; - - github = { - enable = mkOption { - type = types.bool; - default = false; - description = "Enable GitHub OAuth2 provider"; - }; - - clientId = mkOption { - type = types.str; - description = "GitHub OAuth client ID"; - }; - - clientSecret = mkOption { - type = types.path; - description = "Path to GitHub OAuth client secret"; - }; - }; - }; - - lfs = { - enable = mkOption { - type = types.bool; - default = true; - description = "Enable Git LFS support"; - }; - - storage = mkOption { - type = types.str; - default = "/var/lib/forgejo/lfs"; - description = "Path to LFS storage"; - }; - }; - - backup = { - enable = mkOption { - type = types.bool; - default = true; - description = "Enable automated backups"; - }; - - interval = mkOption { - type = types.str; - default = "daily"; - description = "Backup interval (systemd timer format)"; - }; - - retentionDays = mkOption { - type = types.int; - default = 7; - description = "Number of backups to keep"; - }; - - backupDir = mkOption { - type = types.str; - default = "/var/backups/forgejo"; - description = "Directory to store backups"; + mailer = { + ENABLED = true; + SMTP_ADDR = "mail.example.com"; + FROM = "noreply@${fqdn}"; + USER = "noreply@${fqdn}"; + PASSWD = smtpPassword; }; }; }; - config = mkIf cfg.enable { - # PostgreSQL database - services.postgresql = mkIf cfg.database.createLocally { + # Create/ensure admin user + systemd.services.forgejo.preStart = let + adminCmd = "${lib.getExe cfg.package} admin user"; + in '' + ${adminCmd} create \ + --admin \ + --username ${adminUser} \ + --email "${adminEmail}" \ + --password "${adminPassword}" \ + --must-change-password=false || true + ''; + + # Actions runner (runs jobs in Docker containers per labels) + virtualisation.docker.enable = true; + + services.gitea-actions-runner = { + package = pkgs.forgejo-runner; + instances.default = { enable = true; - enableTCPIP = false; - ensureDatabases = [ "forgejo" ]; - ensureUsers = [ - { - name = "forgejo"; - ensureDBOwnership = true; - } + name = "warp"; + url = "https://${fqdn}"; + token = runnerToken; + labels = [ + "node-22:docker://node:22-bookworm" + "nixos-latest:docker://nixos/nix" + # "native:host" ]; }; - - # Forgejo service - services.forgejo = { - enable = true; - settings = { - server = { - HTTP_PORT = 3000; - DOMAIN = cfg.domain; - ROOT_URL = "https://${cfg.domain}/"; - DISABLE_SSH = false; - SSH_PORT = 22; - LFS_START_SERVER = cfg.lfs.enable; - LFS_CONTENT_PATH = cfg.lfs.storage; - }; - - database = { - DB_TYPE = "postgres"; - HOST = "/run/postgresql"; - NAME = "forgejo"; - USER = "forgejo"; - PASSWD = mkIf (cfg.database.passwordFile != null) "#dbpass#"; - }; - - service = { - DISABLE_REGISTRATION = false; - REQUIRE_SIGNIN_VIEW = false; - ENABLE_NOTIFY_MAIL = cfg.mailer.enable; - }; - - mailer = mkIf cfg.mailer.enable { - ENABLED = true; - FROM = cfg.mailer.from; - SMTP_ADDR = cfg.mailer.host; - SMTP_PORT = toString cfg.mailer.port; - USER = "#smtpuser#"; - PASSWD = "#smtppass#"; - PROTOCOL = "smtps"; - }; - - session = { - COOKIE_SECURE = true; - COOKIE_SAMESITE = "strict"; - }; - - security = { - INSTALL_LOCK = true; - PASSWORD_CHECK_PWN = true; - PASSWORD_COMPLEXITY = "lower,digit" - }; - }; - }; - - # Set database password from file - systemd.services.forgejo = { - serviceConfig = mkMerge [ - (mkIf (cfg.database.passwordFile != null) { - EnvironmentFile = cfg.database.passwordFile; - }) - (mkIf cfg.mailer.enable { - EnvironmentFile = [ cfg.mailer.userFile cfg.mailer.passwordFile ]; - }) - ]; - }; - - # Nginx reverse proxy - services.nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - - virtualHosts.${cfg.domain} = { - forceSSL = true; - enableACME = true; - - locations."/".proxyPass = "http://localhost:3000"; - - # Proxy for WebSocket - locations."/" = { - proxyPass = "http://localhost:3000"; - proxyWebsockets = true; - extraConfig = '' - proxy_buffering off; - proxy_read_timeout 86400; - ''; - }; - - # Proxy for LFS - locations."/.git/info/lfs" = { - proxyPass = "http://localhost:3000"; - extraConfig = '' - client_max_body_size 0; - ''; - }; - }; - }; - - # Firewall - networking.firewall = { - allowedTCPPorts = [ 80 443 ]; - allowedUDPPorts = [ 443 ]; - }; - - # Backup service - systemd.services.forgejo-backup = mkIf cfg.backup.enable { - description = "Forgejo backup service"; - serviceConfig = { - Type = "oneshot"; - User = "forgejo"; - Group = "forgejo"; - WorkingDirectory = cfg.stateDir; - ExecStart = "${pkgs.forgejo}/bin/forgejo dump --type zip --file ${cfg.backup.backupDir}/forgejo-backup-%Y-%m-%d.zip"; - }; - }; - - systemd.timers.forgejo-backup = mkIf cfg.backup.enable { - description = "Forgejo backup timer"; - wantedBy = [ "timers.target" ]; - timerConfig = { - OnCalendar = cfg.backup.interval; - Persistent = true; - }; - }; - - # Backup cleanup - systemd.services.forgejo-backup-cleanup = mkIf cfg.backup.enable { - description = "Clean up old Forgejo backups"; - serviceConfig = { - Type = "oneshot"; - User = "root"; - ExecStart = pkgs.writeShellScript "forgejo-backup-cleanup" '' - find ${cfg.backup.backupDir} -name "forgejo-backup-*.zip" -mtime +${toString cfg.backup.retentionDays} -delete - ''; - }; - }; - - systemd.timers.forgejo-backup-cleanup = mkIf cfg.backup.enable { - description = "Forgejo backup cleanup timer"; - wantedBy = [ "timers.target" ]; - timerConfig = { - OnCalendar = "weekly"; - Persistent = true; - }; - }; - - # Create backup directory - system.activationScripts.forgejo-backup-dir = '' - mkdir -p ${cfg.backup.backupDir} - chown forgejo:forgejo ${cfg.backup.backupDir} - chmod 750 ${cfg.backup.backupDir} - ''; - - # Add Forgejo to known services - environment.systemPackages = with pkgs; [ - forgejo - ]; }; } diff --git a/servers/hugo.nix b/servers/hugo.nix old mode 100644 new mode 100755 diff --git a/servers/nginx.nix b/servers/nginx.nix new file mode 100644 index 0000000..d76e7c9 --- /dev/null +++ b/servers/nginx.nix @@ -0,0 +1,29 @@ +{ config, lib, pkgs, ... }: +let + # WARNING: this ends up world-readable in the Nix store if you inline it. + cloudflareEnv = pkgs.writeText "cloudflare-acme.env" '' + umnyPSYOr9U3m404_IBMl4PTOzg29nz_XzNEGw2v + ''; +in +{ + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + }; + + security.acme = { + acceptTerms = true; + + # These defaults are inherited by security.acme.certs.* unless overridden. :contentReference[oaicite:0]{index=0} + defaults = { + email = "admin@symbiotrip.com"; + dnsProvider = "cloudflare"; # :contentReference[oaicite:1]{index=1} + environmentFile = cloudflareEnv; # :contentReference[oaicite:2]{index=2} + }; + }; +} diff --git a/systems/aurora.nix b/systems/aurora.nix old mode 100644 new mode 100755 diff --git a/systems/common.nix b/systems/common.nix old mode 100644 new mode 100755 index 94f584c..b19f31b --- a/systems/common.nix +++ b/systems/common.nix @@ -61,12 +61,6 @@ # Services security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - }; services.openssh.enable = true; security.polkit.enable = true; programs.zsh.enable = true; @@ -103,7 +97,6 @@ python3 pv whois - kdePackages.xdg-desktop-portal-kde fwupd usbutils # lsusb pciutils # lspci @@ -113,23 +106,8 @@ nvme-cli smartmontools ripgrep - mesa-demos ]; - services.flatpak.enable = true; - - fonts.packages = with pkgs; [ - noto-fonts-color-emoji - noto-fonts-cjk-sans - liberation_ttf - fira-code - fira-code-symbols - mplus-outline-fonts.githubRelease - dina-font - proggyfonts - ]; - - services.xserver.excludePackages = [ pkgs.xterm ]; documentation.nixos.enable = false; systemd.network.wait-online.enable = false; diff --git a/systems/desktop.nix b/systems/desktop.nix new file mode 100755 index 0000000..d47fc54 --- /dev/null +++ b/systems/desktop.nix @@ -0,0 +1,29 @@ +{ config, pkgs, ... }: + + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + + environment.systemPackages = with pkgs; [ + kdePackages.xdg-desktop-portal-kde + mesa-demos + ]; + + services.flatpak.enable = true; + + fonts.packages = with pkgs; [ + noto-fonts-color-emoji + noto-fonts-cjk-sans + liberation_ttf + fira-code + fira-code-symbols + mplus-outline-fonts.githubRelease + dina-font + proggyfonts + ]; + + services.xserver.excludePackages = [ pkgs.xterm ]; +} diff --git a/systems/framework.nix b/systems/framework.nix old mode 100644 new mode 100755 diff --git a/systems/labrizor.nix b/systems/labrizor.nix old mode 100644 new mode 100755 diff --git a/systems/skip01.nix b/systems/skip01.nix deleted file mode 100644 index 8b1f7f9..0000000 --- a/systems/skip01.nix +++ /dev/null @@ -1,71 +0,0 @@ -{ config, lib, pkgs, modulesPath, ... }: { - networking.hostName = "skip01"; - - # CPU Settings for 13th gen Intel Core i5 - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - - # Boot and kernel modules for Intel NUC - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; # No graphics drivers needed for headless - boot.kernelModules = [ "kvm-intel" ]; # Intel virtualization support - boot.extraModulePackages = []; - - # Server-specific kernel parameters - boot.kernelParams = [ - "intel_iommu=on" # Enable IOMMU for virtualization - ]; - - networking.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - - # No graphics support needed for headless server - - # Power management optimized for server use - powerManagement = { - enable = true; - cpuFreqGovernor = "ondemand"; - }; - - # Thermal management - services.thermald.enable = true; - - # Server-oriented settings - services.openssh = { - enable = true; - settings = { - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - PermitRootLogin = "no"; - }; - }; - - # Swap configuration (smaller for server use) - swapDevices = [ - { - device = "/swapfile"; - size = 8192; # 8GB swap for server workload - priority = 0; - } - ]; - - # Enable hardware monitoring (CLI only) - hardware.sensor.iio.enable = true; - - # Network performance tuning for server use - boot.kernel.sysctl = { - "net.core.rmem_max" = 134217728; - "net.core.wmem_max" = 134217728; - "net.ipv4.tcp_rmem" = "4096 65536 134217728"; - "net.ipv4.tcp_wmem" = "4096 65536 134217728"; - "net.core.netdev_max_backlog" = 5000; - }; - - # Disable unnecessary services for server use - services.xserver.enable = lib.mkForce false; - services.pipewire.enable = lib.mkForce false; - - # Enable container support for future server services - virtualisation.docker.enable = true; - virtualisation.podman.enable = lib.mkDefault true; -} diff --git a/systems/warp.nix b/systems/warp.nix old mode 100644 new mode 100755 index 0ceafa2..c241292 --- a/systems/warp.nix +++ b/systems/warp.nix @@ -1,32 +1,33 @@ { config, lib, pkgs, modulesPath, ... }: { networking.hostName = "warp"; - # CPU Settings for 13th gen Intel Core + fileSystems."/" = + { device = "/dev/disk/by-partlabel/primary"; + fsType = "ext4"; + }; + fileSystems."/boot" = + { device = "/dev/disk/by-partlabel/ESP"; + fsType = "vfat"; + }; + + # CPU Settings for 13th gen Intel Core i5 hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; # Boot and kernel modules for Intel NUC - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; - - # File system configuration - placeholder for actual hardware - fileSystems."/" = { - device = "/dev/disk/by-label/nixos"; - fsType = "ext4"; - }; - boot.initrd.kernelModules = []; - boot.kernelModules = [ "kvm-intel" ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; # No graphics drivers needed for headless + boot.kernelModules = [ "kvm-intel" ]; # Intel virtualization support boot.extraModulePackages = []; # Server-specific kernel parameters boot.kernelParams = [ - "intel_iommu=on" + "intel_iommu=on" # Enable IOMMU for virtualization ]; networking.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - # No graphics support needed for headless server - # Power management optimized for server use powerManagement = { enable = true; @@ -46,16 +47,16 @@ }; }; - # Swap configuration + # Swap configuration (smaller for server use) swapDevices = [ { device = "/swapfile"; - size = 8192; + size = 8192; # 8GB swap for server workload priority = 0; } ]; - # Enable hardware monitoring + # Enable hardware monitoring (CLI only) hardware.sensor.iio.enable = true; # Network performance tuning for server use @@ -70,9 +71,8 @@ # Disable unnecessary services for server use services.xserver.enable = lib.mkForce false; services.pipewire.enable = lib.mkForce false; - services.flatpak.enable = lib.mkForce false; - # Enable container support for server services + # Enable container support for future server services virtualisation.docker.enable = true; virtualisation.podman.enable = lib.mkDefault true; } diff --git a/users/aksutter.nix b/users/aksutter.nix old mode 100644 new mode 100755 diff --git a/users/common-home.nix b/users/common-home.nix old mode 100644 new mode 100755 diff --git a/users/isutter.nix b/users/isutter.nix old mode 100644 new mode 100755 diff --git a/users/jsutter.nix b/users/jsutter.nix old mode 100644 new mode 100755