diff --git a/.sops.yaml b/.sops.yaml index d6b7264..df2b30c 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -12,6 +12,7 @@ keys: - &witt age1dzr2v5py0vwj3wujdmfgcfjqc26vz07u7vl0j8la345y97f0au2smk79jd - &addams age1t70vans0qsnru7j06fwtj7wq7hpfj59cxreu9a20rrxuahff9fmqsa2wjd - &hello-world age14vg23yfklu7ld6flwnycx4lmfhkkuncejsju7tus2hj5qrryvgxsvvqtng + - &linkding age1uh5u7zcz28dskcskpyznxkyg2y4xj0wkaf4usmrjhkmfhzr6gg8qynk3hq creation_rules: - path_regex: terraform/secrets.sops.ya?ml$ key_groups: @@ -87,3 +88,10 @@ creation_rules: - *hello-world - *disaster-recovery - *ramblurr-tmp + + - path_regex: guests/linkding/.*.sops.*$ + key_groups: + - age: + - *linkding + - *disaster-recovery + - *ramblurr-tmp diff --git a/config/common-server.nix b/config/common-server.nix index aff0b31..5308a3e 100644 --- a/config/common-server.nix +++ b/config/common-server.nix @@ -55,6 +55,7 @@ bmon curl nvd + ncdu dig ethtool fd diff --git a/config/guests.nix b/config/guests.nix index 82e2df7..4ae1236 100644 --- a/config/guests.nix +++ b/config/guests.nix @@ -1,6 +1,7 @@ -{ inputs, ... }: +{ inputs, config, ... }: { imports = [ + inputs.home-manager.nixosModules.home-manager inputs.microvm.nixosModules.microvm inputs.impermanence.nixosModules.impermanence inputs.sops-nix.nixosModules.sops @@ -14,4 +15,15 @@ ../modules/sops.nix ../modules/impermanence/default.nix ]; + + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + sharedModules = [ + { + home.stateVersion = config.system.stateVersion; + } + inputs.quadlet-nix.homeManagerModules.quadlet + ]; + }; } diff --git a/config/site.nix b/config/site.nix index 237a422..5764c7b 100644 --- a/config/site.nix +++ b/config/site.nix @@ -55,6 +55,7 @@ in domainName = "prim.${domain}"; mtu = 1500; subnet4 = "10.9.4.0/22"; + #subnets6 = { }; subnets6.main = "${prefix6}:4::/64"; hosts4 = { addams = [ @@ -65,6 +66,7 @@ in dewey = [ "10.9.4.17" ]; mali = [ "10.9.4.10" ]; }; + hosts6 = { }; hosts6.main = { addams = [ "${prefix6}:4::1" ]; }; @@ -210,15 +212,17 @@ in subnets6.main = "${prefix6}:5::/64"; hosts4 = { addams = [ "172.20.20.1" ]; - hello-world = [ "172.20.20.2" ]; - quine = [ "172.20.20.3" ]; + quine = [ "172.20.20.2" ]; + dewey = [ "172.20.20.3" ]; + debord = [ "172.20.20.4" ]; + linkding = [ "172.20.20.20" ]; }; hosts6.local = { addams = [ "${prefix6}:5::1" ]; }; dhcp = { enable = true; - start = "172.20.20.10"; + start = "172.20.20.200"; end = "172.20.20.254"; router = "addams"; }; @@ -313,6 +317,10 @@ in parent = "lan0"; gw4 = true; }; + svc = { + type = "bridge"; + parent = "lan0"; + }; }; }; quine = { @@ -321,6 +329,7 @@ in lan0.type = "phys"; prim.type = "bridge"; svc.type = "bridge"; + vpn.type = "bridge"; }; }; mali = { diff --git a/flake.lock b/flake.lock index e40d9d1..a82ea1c 100644 --- a/flake.lock +++ b/flake.lock @@ -692,17 +692,14 @@ "spectrum": "spectrum" }, "locked": { - "lastModified": 1738449543, - "narHash": "sha256-OX6MnQzR0t/3LDlLKTpSLE7/T3vVKrJOn00OKwXsj04=", - "owner": "astro", - "repo": "microvm.nix", - "rev": "f71f275bfad1a4e46d8171de00b0a834efa3d118", - "type": "github" + "lastModified": 1740231763, + "narHash": "sha256-rfYc4epXLj6j3aDZXF4B98q4V+TKdBWOH5NaGuI9HVc=", + "path": "/home/ramblurr/src/microvm.nix", + "type": "path" }, "original": { - "owner": "astro", - "repo": "microvm.nix", - "type": "github" + "path": "/home/ramblurr/src/microvm.nix", + "type": "path" } }, "mozilla": { diff --git a/flake.nix b/flake.nix index 6e7a5d4..1141804 100644 --- a/flake.nix +++ b/flake.nix @@ -14,7 +14,8 @@ nixfmt.url = "github:serokell/nixfmt"; - microvm.url = "github:astro/microvm.nix"; + #microvm.url = "github:astro/microvm.nix"; + microvm.url = "path:/home/ramblurr/src/microvm.nix"; microvm.inputs.nixpkgs.follows = "nixpkgs"; cadquery.url = "github:vinszent/cq-flake/main"; diff --git a/guests/linkding/default.nix b/guests/linkding/default.nix new file mode 100644 index 0000000..0d6b04d --- /dev/null +++ b/guests/linkding/default.nix @@ -0,0 +1,109 @@ +{ + lib, + inputs, + config, + pkgs, + ... +}: +let + inherit (config.users.users.linkding) uid name; + inherit (config.repo.secrets.global) domain; + homeDir = "/home/linkding"; +in +{ + system.stateVersion = "24.11"; + repo.secretFiles.home-ops = ../../secrets/home-ops.nix; + modules.microvm-guest = { + host = "dewey"; + hostFQDN = "bookmarks.${domain}"; + homeManager = { + enable = true; + username = "linkding"; + uid = config.repo.secrets.home-ops.users.linkding.uid; + gid = config.repo.secrets.home-ops.groups.linkding.gid; + }; + quadlet.enable = true; + }; + + systemd.tmpfiles.rules = [ + "d /var/lib/linkding 0750 ${name} ${name}" + ]; + + microvm.hypervisor = "qemu"; + microvm.credentialFiles = { + "SOPS_AGE_KEY" = "/run/secrets/linkding_sops_age_key"; + }; + systemd.services.sshd = { + serviceConfig = { + ImportCredential = "SOPS_AGE_KEY"; + }; + preStart = '' + # Make sure we don't write to stdout, since in case of + # socket activation, it goes to the remote side (#19589). + exec >&2 + mkdir -p /etc/ssh + cat $CREDENTIALS_DIRECTORY/SOPS_AGE_KEY > /etc/ssh/ssh_host_ed25519_key + chmod 0600 /etc/ssh/ssh_host_ed25519_key + ''; + }; + ##microvm.qemu.machine = "q35"; + #microvm.qemu.extraArgs = [ + # # only works with microvm.qemu.machine = "q35"; + # #"-smbios" "type=11,value=io.systemd.credential:mycred=supersecret" + + # #WORKS + # "-fw_cfg" + # "name=opt/io.systemd.credentials/mycred,string=supersecret" + #]; + #microvm.cloud-hypervisor.platformOEMStrings = [ + # "io.systemd.credential:APIKEY=supersecret" + #]; + microvm.shares = + let + dir = "/var/lib/linkding"; + tag = builtins.replaceStrings [ "/" ] [ "_" ] dir; + in + [ + { + inherit tag; + source = "/var/lib/linkding"; + mountPoint = dir; + proto = "virtiofs"; + } + ]; + + home-manager.users.linkding = + { pkgs, config, ... }: + { + #virtualisation.quadlet.containers.linkding = { + # autoStart = false; + # serviceConfig = { + # RestartSec = "10"; + # Restart = "always"; + # }; + # containerConfig = { + # # renovate: docker-image + # image = "docker.io/sissbruecker/linkding:1.38.0"; + # autoUpdate = "registry"; + # userns = "keep-id"; + # publishPorts = [ "8080:9090" ]; + # environments = { + # LD_AUTH_PROXY_USERNAME_HEADER = "HTTP_X_AUTHENTIK_USERNAME"; + # LD_ENABLE_AUTH_PROXY = "True"; + # LD_SUPERUSER_NAME = "casey"; + # LD_DB_ENGINE = "postgres"; + # LD_DB_HOST = "/run/postgresql"; + # LD_DB_PORT = ""; + # LD_DB_DATABASE = "linkding"; + # LD_DB_USER = "linkding"; + # LD_DB_PASSWORD = ""; + # }; + # podmanArgs = [ ]; + # volumes = [ + # "/var/lib/linkding:/etc/linkding/data:rw" + # "/run/postgresql:/run/postgresql:ro" + # ]; + # }; + #}; + }; +} diff --git a/guests/linkding/secrets.sops.yaml b/guests/linkding/secrets.sops.yaml new file mode 100644 index 0000000..4e6494e --- /dev/null +++ b/guests/linkding/secrets.sops.yaml @@ -0,0 +1,42 @@ +ssh_host_ed25519_key: ENC[AES256_GCM,data:oImvdjWrBC6LaDT8YRvH3th83Fjf/PN6+6fIVdaj1PlnR9bYdP2IxHk7QNj/L4fG7BHvs/5Yh9YqAWl6285JLkNq2gSkl6I5i0kfxUooul5aJ0XDkJqvvuvOlXq7aWim9aA3wH3/GtEZAeF/ak7p/tx2+cHMZNSZ5onUnqhWfvWwHhM8k/AQAu6NDMYiYw7WE+WjBQmiW204LKEAWIHSEFCaklKbnIVjBJGn/qxmAsOR33Ux0HRvpPofdto8zGekACpChO0r6tZJStnBQFd5T2Fl2Iip/2n4Txh+Iy2ghdsK6ExRt0SnsPuJYTbKXO/T2bs2Dx2Cdmv4xAiVLK4HNFwczguaVYl+0BGNoXzLV03ihr9QHjyZH7L8pDstRdw9WbK099loUwGAbHqbG/qiww24GnO2+lYVCQ7XpYReejY/rChgdVp110RU0jFrNIUncEShtcXghkjwa/4Gg2euFz3QSaSKOHbaUDh6/En6zSu2jlGPIIA60DfMgN0yuSLiR+EXwWl+Jy+QJsvwPBM/,iv:nym+wL8JnfA0d9YoecpXJS6o5dNUQL5+QxE4d7Xu0CE=,tag:LciQESy7KmS1w3H0ff6JMA==,type:str] +ssh_host_ed25519_key_pub: ENC[AES256_GCM,data:6v4wnXaGFSR2yuPGkNTGagZBQz4RX3nn5i0DFCJnehPSSlNRrex8/9wLO9iJbOwURxW1eHku8oaLbxa21u9LqWeyTq+dVtx25ussgtLuMcPl9pVYbErnVZw=,iv:eJ4xHXwXSbOjQ6DpjI7RsjPhSdHX/Icp2Kx4n0E5SBQ=,tag:09xh1RX97wiriGRgZ8A2eA==,type:str] +age_key_pub: ENC[AES256_GCM,data:DzGc3LXqBpiPj/5Ig796AMKVa0abzgmGvgHdh28QqC5MWF4GcFPVqDHdb7N3SL5sfACUrYESBZNGZTV03+M=,iv:IYbl56HzusNPlc2/aXOsl4Jg+G7e+f9pnULaDnX3g9I=,tag:gThJFbqSwsFoIYFeAfKqpA==,type:str] +machine_id: ENC[AES256_GCM,data:jbOYgynDeAi5eYeOR0qIqvUvPRjDA1F+sz7W9CZ9CRc=,iv:Cf/mjHcgkCiVYI2gT8yW7FQWD4r6ahd0J943qnss9+0=,tag:2+8/XWFDS/44n9negtdbdg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1uh5u7zcz28dskcskpyznxkyg2y4xj0wkaf4usmrjhkmfhzr6gg8qynk3hq + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6eHBZS3ZHWG55cy9iWjRl + bUhGNlU0bHAwS0hJQnVPN3hwTE9YbVI5YjA0ClVKTlFHWm1FQnhiUHd4d0RsNFZV + dnBkK2J6ZVZEbGxEQnJ2OCtsbTZKZ2cKLS0tIHZraWNUMGV1d1plcDlzRGUvVmFk + QjRjRHRyckNIdngyMFJJd3Vyb2laN0UKOBvIYdHn0DOqWNbokzhTuPlD00y6WoGD + Pj+NlAmCvKdKSMIGRPBrsocfgDPRGqAwIE5N/sS9jW0tW/vi1Hu9Ig== + -----END AGE ENCRYPTED FILE----- + - recipient: age15j42dspmmwprjau6l48xp05d97s8ml5s3tjxrfwvm37tvuynssuqtsevkj + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxM1VJczFvZGtRVDdtQU43 + VStlc25Dc0c0M0RIWk51dXQ5Q05Ud1ZVSVdVCitFem94Nko0VDVzMU9LMkh3V0xC + UDM3M0wvaFZLK0I1eHBqYnRLeVNheFkKLS0tIHdXNzgyamFNaWhFN3gwMDlTYlkx + N0d0ZGlSdjNQZXhrQjJ1VlZCQ0pJeHMKziyOHm028ul7GQxq7qpQixAB2i01Brl9 + b/NiU7i93Waaec5xXeluAwTzOEKoiRzeVWiuAmbI0iyg07voJmFULA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1urrpmqc2erg2tg5ene0tyr6cfne925zggtlqn40xwp5wqlqrp5tst8f808 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArWWdGOERIalVHRUpRd1JT + cDcyOFRuVnZMK2t2YVhUUWFENTNBQjJzdVJ3CjJvMStSVENhdzVSNmcyQ0FSazc4 + RitYUzY2T3NwY3ZHbHZvV0ZDWkZSQUEKLS0tIHFYL1RZVVFicG9XQjNmdnA0aUJ2 + MW1pWFlscmV4TXQ4Mk9Hd2ZmNmtOYUUK64eFpt4KJSBVgtwMcryjo+hL1uPZK6BR + DHMS4ThjAnr1gCvijeG9svvz078glzRHPcXY/AEkN+PS3dKmyGVg7A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-02-17T15:47:20Z" + mac: ENC[AES256_GCM,data:RzIe0xGkwdOiUMZq0TKm8W46jyaJS77ROm2XSQs6vMdacgLsCTRrC8Tv07VKBlYxYcWw3bIrvr1b7UBjNKiM6SJ8qgHM1u4A3T8bR87ykQ8vz2KZnbsqY4e53kC3ByN51Dlm6rmtFIpXB9uTq/MCgN0ym9nuFwjZr3D9tDW1ff0=,iv:TJqZhCnGNum1b5++zigYm9cV1ER2icFIe8psMhzjB1k=,tag:BPTBm+dPxiNo05bIIcRpUg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.4 diff --git a/hosts/dewey/default.nix b/hosts/dewey/default.nix index 92b88c2..0691a51 100644 --- a/hosts/dewey/default.nix +++ b/hosts/dewey/default.nix @@ -24,6 +24,10 @@ in sops.defaultSopsFile = ./secrets.sops.yaml; modules.vpn.tailscale.enable = true; + modules.microvm-host = { + enable = true; + baseZfsDataset = "rpool/encrypted/safe/microvms"; + }; home-ops = { enable = true; ingress.enable = true; @@ -46,7 +50,7 @@ in calibre.enable = true; calibre-web.enable = true; archivebox.enable = false; - linkding.enable = true; + #linkding.enable = true; matrix-synapse.enable = true; influxdb.enable = true; git-archive.enable = true; diff --git a/modules/distributed-config.nix b/modules/distributed-config.nix index 8b98478..59e3c73 100644 --- a/modules/distributed-config.nix +++ b/modules/distributed-config.nix @@ -87,7 +87,8 @@ in getConfig = path: otherNode: let - cfg = nodes.${otherNode}.config.nodes.${nodeName} or null; + otherNode2 = lib.traceVal otherNode; + cfg = nodes.${otherNode2}.config.nodes.${nodeName} or null; in optionals (cfg != null) (getAttrFromPath path cfg); mergeConfigFromOthers = path: mkMerge (concatMap (getConfig path) (attrNames nodes)); diff --git a/modules/microvm-guest/common.nix b/modules/microvm-guest/common.nix index a0d849e..85327ae 100644 --- a/modules/microvm-guest/common.nix +++ b/modules/microvm-guest/common.nix @@ -22,12 +22,6 @@ in config = lib.mkIf cfg.enable { - modules.microvm-guest.mounts = [ - "etc" - "home" - "var" - ]; - # make mounts like /etc /home /var available early so that they can be used in system.activationScripts fileSystems = { @@ -41,14 +35,16 @@ in microvm = { hypervisor = lib.mkDefault "cloud-hypervisor"; deflateOnOOM = false; - mem = lib.mkDefault 512; + mem = lib.mkDefault 1024; vcpu = lib.mkDefault 4; interfaces = lib.mkIf cfg.autoNetSetup ( map (net: { - type = "tap"; + type = "macvtap"; id = builtins.substring 0 15 "${net}-${hostName}"; mac = generateMacAddress net; + macvtap.link = "vlan-svc"; + macvtap.mode = "bridge"; }) nets ); @@ -98,6 +94,7 @@ in }; systemd.network = lib.mkIf cfg.autoNetSetup { + enable = true; links = builtins.foldl' ( links: net: links @@ -181,11 +178,11 @@ in hardware.enableRedistributableFirmware = false; # nix store is mounted read only - nix = { - enable = lib.mkDefault false; - gc.automatic = false; - optimise.automatic = false; - }; + #nix = { + # enable = lib.mkDefault false; + # gc.automatic = false; + # optimise.automatic = false; + #}; system.build.installBootLoader = "${pkgs.coreutils}/bin/true"; @@ -193,11 +190,15 @@ in "d /home/root 0700 root root -" # createHome does not create it ]; + systemd.user.extraConfig = '' + DefaultEnvironment="PATH=/run/current-system/sw/bin:/run/wrappers/bin:${lib.makeBinPath [ pkgs.bash ]}" + ''; + users = { mutableUsers = false; users."root" = { createHome = true; - #home = lib.mkForce "/home/root"; + home = lib.mkForce "/home/root"; }; }; }; diff --git a/modules/microvm-guest/default.nix b/modules/microvm-guest/default.nix index 77e42f4..d6f5dee 100644 --- a/modules/microvm-guest/default.nix +++ b/modules/microvm-guest/default.nix @@ -5,5 +5,7 @@ imports = [ ./options.nix ./common.nix + ./home-manager.nix + ./quadlet.nix ]; } diff --git a/modules/microvm-guest/home-manager.nix b/modules/microvm-guest/home-manager.nix new file mode 100644 index 0000000..0244993 --- /dev/null +++ b/modules/microvm-guest/home-manager.nix @@ -0,0 +1,51 @@ +{ + lib, + inputs, + config, + pkgs, + ... +}: +let + cfg = config.modules.microvm-guest; + username = cfg.homeManager.username; + inherit (config.users.users.linkding) uid home; +in +lib.mkIf cfg.homeManager.enable { + microvm.writableStoreOverlay = "/nix/.rw-store"; + nix.settings.allowed-users = [ username ]; + users.users.${username} = { + name = username; + isNormalUser = true; + uid = cfg.homeManager.uid; + group = username; + linger = true; + home = "/home/${username}"; + createHome = true; + autoSubUidGidRange = true; + }; + + users.groups.${username} = { + name = username; + gid = cfg.homeManager.gid; + }; + + systemd.services."home-manager-${username}".serviceConfig.TimeoutStartSec = lib.mkOverride 99 "15m"; + home-manager.users.${username} = + { pkgs, config, ... }: + { + home.homeDirectory = home; + home.sessionVariables = { + EDITOR = "vim"; + DBUS_SESSION_BUS_ADDRESS = "unix:path=/run/user/${toString uid}/bus"; + XDG_RUNTIME_DIR = "/run/user/${toString uid}"; + }; + + systemd.user.startServices = "sd-switch"; + programs.bash = { + enable = true; + initExtra = '' + [[ -f "${config.home.profileDirectory}/etc/profile.d/hm-session-vars.sh" ]] && source "${config.home.profileDirectory}/etc/profile.d/hm-session-vars.sh" + ''; + }; + }; +} diff --git a/modules/microvm-guest/options.nix b/modules/microvm-guest/options.nix index 1300330..3accaf2 100644 --- a/modules/microvm-guest/options.nix +++ b/modules/microvm-guest/options.nix @@ -45,6 +45,7 @@ in mounts = mkOption { description = "Persistent filesystems to create, without leading /."; type = types.listOf types.str; + default = [ ]; }; mountBase = mkOption { @@ -65,5 +66,33 @@ in ''; }; + homeManager = { + enable = mkEnableOption "Enable home-manager for the microvm"; + username = mkOption { + type = types.str; + description = '' + Username for the home-manager configuration. + ''; + }; + uid = mkOption { + type = types.int; + default = null; + description = '' + UID for the home-manager configuration. + ''; + }; + gid = mkOption { + type = types.int; + default = null; + description = '' + GID for the home-manager configuration. + ''; + }; + }; + + quadlet = { + enable = mkEnableOption "Enable podman quadlet for the microvm"; + }; + }; } diff --git a/modules/microvm-guest/quadlet.nix b/modules/microvm-guest/quadlet.nix new file mode 100644 index 0000000..e9035d6 --- /dev/null +++ b/modules/microvm-guest/quadlet.nix @@ -0,0 +1,37 @@ +{ + lib, + inputs, + config, + pkgs, + ... +}: +let + cfg = config.modules.microvm-guest; + username = cfg.homeManager.username; + inherit (config.users.users.linkding) uid home; +in +lib.mkIf cfg.quadlet.enable { + virtualisation.podman = { + enable = true; + autoPrune.enable = true; + autoPrune.dates = "weekly"; + #defaultNetwork.settings.dns_enabled = true; + }; + home-manager.users.${username} = + { pkgs, config, ... }: + { + virtualisation.quadlet.autoUpdate.enable = lib.mkDefault true; + home.packages = [ + pkgs.podman + pkgs.nix + pkgs.dive + pkgs.podman-tui + ]; + xdg.configFile."systemd/user/podman-user-wait-network-online.service.d/override2.conf" = { + text = '' + [Service] + ExecSearchPath=/run/current-system/sw/bin + ''; + }; + }; +} diff --git a/modules/microvm-host/default.nix b/modules/microvm-host/default.nix index 8b15d57..7e4b4c7 100644 --- a/modules/microvm-host/default.nix +++ b/modules/microvm-host/default.nix @@ -14,7 +14,7 @@ in enable = lib.mkEnableOption "Enable microvm host services (for imperative control!)"; baseZfsDataset = lib.mkOption { type = lib.types.str; - description = "Base ZFS dataset whereunder to create shares for MicroVMs."; + description = "Base ZFS dataset under which microvm shares are created."; }; }; config = lib.mkIf cfg.enable { @@ -23,11 +23,11 @@ in # TODO autostart = [ ]; }; - modules.zfs.datasets.properties = { - "rpool/encrypted/safe/svc/microvms"."mountpoint" = "/var/lib/microvms"; - "rpool/encrypted/safe/svc/microvms"."com.sun:auto-snapshot" = "false"; - }; - systemd.tmpfiles.rules = [ "d /var/lib/microvms 0770 microvm kvm" ]; + # create the state directory for our microvms + # this doesn't get its own zfs dataset, because the vm shares themselves will + # be mounted under here + environment.persistence."/persist".directories = [ "/var/lib/microvms" ]; + systemd.tmpfiles.rules = [ "d /persist/var/lib/microvms 0770 microvm kvm" ]; # allow microvm access to zvol users.users.microvm.extraGroups = [ "disk" ]; diff --git a/modules/services/linkding.nix b/modules/services/linkding.nix index 9e1b6c8..322c5c6 100644 --- a/modules/services/linkding.nix +++ b/modules/services/linkding.nix @@ -69,6 +69,12 @@ in } ]; + nix = { + enable = true; + gc.automatic = false; + optimise.automatic = false; + }; + home-manager.users.${cfg.user.name} = { pkgs, config, ... }: let diff --git a/nix/nixos.nix b/nix/nixos.nix index a30c206..811b1d2 100644 --- a/nix/nixos.nix +++ b/nix/nixos.nix @@ -127,6 +127,7 @@ let inherit (pkgs) lib; inherit (config) nodes; inherit inputs; + nixpkgs = inputs.nixpkgs; }; modules = [ ../config/guests.nix