update docker and podman config

README.md

@@ -70,7 +70,7 @@ signing, as well as for SSH'ing around.
 
 Most relevant user apps daily drivers:
 
-- neovim
+- emacs
 - fish
 - kitty
 - qutebrowser

flake.nix

@@ -1,4 +1,3 @@
-
 {
   description = "Greg Burd's NixOS and Home Manager Configuration";
 
@@ -42,7 +41,6 @@
   };
   outputs =
     { self
-    , fh
     , nixpkgs
     , nix-formatter-pack
     , ...

home-manager/_mixins/desktop/signal.nix

@@ -1,3 +1,3 @@
-{ desktop, lib, pkgs, ... }: {
+{ pkgs, ... }: {
   home.packages = [ pkgs.signal-desktop ];
 }

home-manager/_mixins/users/gburd/default.nix

@@ -148,7 +148,7 @@
       plocate
     ];
     sessionVariables = {
-#      PAGER = "moar";
+      #      PAGER = "moar";
     };
   };
   programs = {

nixos/_mixins/desktop/pantheon.nix

@@ -3,7 +3,7 @@
 { pkgs, ... }: {
   imports = [
     ./qt-style.nix
-#    ../services/networkmanager.nix
+    #    ../services/networkmanager.nix
   ];
 
   # Exclude the elementary apps I don't use

nixos/_mixins/hardware/gpu.nix

@@ -1,16 +1,16 @@
-{ config, lib, pkgs, ...}: {
+{ config, lib, pkgs, ... }: {
   environment.systemPackages = with pkgs;
-  [
-    clinfo
-    libva-utils
-    python311Packages.gpustat
-    vdpauinfo
-  ] ++ (if lib.elem "nvidia" config.services.xserver.videoDrivers then
-  [
-    nvtop
-  ]
-  else
-  [
-    nvtop-amd
-  ]);
+    [
+      clinfo
+      libva-utils
+      python311Packages.gpustat
+      vdpauinfo
+    ] ++ (if lib.elem "nvidia" config.services.xserver.videoDrivers then
+      [
+        nvtop
+      ]
+    else
+      [
+        nvtop-amd
+      ]);
 }

nixos/_mixins/optin-persistence.nix

@@ -1,3 +1,9 @@
+# https://nixos.wiki/wiki/Impermanence
+#
+# https://nixos.wiki/wiki/Impermanence
+# https://grahamc.com/blog/erase-your-darlings/
+# https://lantian.pub/en/article/modify-computer/nixos-impermanence.lantian/
+#
 # This file defines the "non-hardware dependent" part of opt-in persistence
 # It imports impermanence, defines the basic persisted dirs, and ensures each
 # users' home persist dir exists and has the right permissions
@@ -11,9 +17,10 @@
   environment.persistence = {
     "/persist" = {
       directories = [
+        "/var/lib/containers"
         "/var/lib/systemd"
         "/var/lib/nixos"
-#        "/var/log"
+        # "/var/log"
         "/srv"
       ];
     };

nixos/_mixins/users/gburd/default.nix

@@ -76,9 +76,8 @@ in
 
     homeMode = "0755";
     isNormalUser = true;
-    # TODO
     hashedPassword = "$6$RDOZHdTwt.BuOR4C$fYDkyb3yppbgX0ewPbsKabS2u9W.wyrRJONQPtugrO/gBJCzsWkfVIVYOAj07Qar1yqeYJBlBkYSFAgGe5ssw.";
-    #hashedPasswordFile = config.sops.secrets.gburd-password.path;
+    # TODO: hashedPasswordFile = config.sops.secrets.gburd-password.path;
     openssh.authorizedKeys.keys = [
       (builtins.readFile ../../../../home-manager/_mixins/users/gburd/ssh.pub)
       (builtins.readFile ../../../../home-manager/_mixins/users/gburd/symas-ssh.pub)

nixos/_mixins/virt/default.nix

@@ -1,25 +1,24 @@
 { config, desktop, lib, pkgs, ... }: {
-  #https://nixos.wiki/wiki/Podman
   environment.systemPackages = with pkgs; [
-    unstable.distrobox
     fuse-overlayfs
-    podman-compose
-    podman-tui
   ] ++ lib.optionals (desktop != null) [
-    unstable.pods
     unstable.quickemu
+    unstable.quickgui
     xorg.xhost
   ];
 
   virtualisation = {
-    podman = {
-      defaultNetwork.settings = {
-        dns_enabled = true;
+    containers.enable = true;
+    containers.storage.settings = {
+      storage = {
+        driver = "overlay";
+        runroot = "/run/containers/storage";
+        graphroot = "/var/lib/containers/storage";
+        rootless_storage_path = "/tmp/containers-$USER";
+        options.overlay.mountopt = "nodev,metacopy=on,acltype=posixacl";
       };
-      dockerCompat = true;
-      dockerSocket.enable = true;
-      enable = true;
-      enableNvidia = lib.elem "nvidia" config.services.xserver.videoDrivers;
     };
+    docker.storageDriver = "btrfs";
   };
+
 }

nixos/_mixins/virt/docker.nix

@@ -0,0 +1,14 @@
+{ pkgs, lib, config, ... }: {
+
+  # https://nixos.wiki/wiki/Docker
+  environment.systemPackages = with pkgs; [ docker-compose ];
+
+  virtualisation.docker = {
+    enable = true;
+    rootless = {
+      enable = true;
+      setSocketVariable = true;
+    };
+  };
+
+}

nixos/_mixins/virt/podman.nix

@@ -0,0 +1,34 @@
+{ config, desktop, lib, pkgs, ... }:
+let
+  dockerEnabled = config.virtualisation.docker.enable;
+in
+{
+
+  # https://nixos.wiki/wiki/Podman
+  environment.systemPackages = with pkgs; [
+    unstable.distrobox
+    podman-compose
+    podman-tui
+  ] ++ lib.optionals (desktop != null) [
+    unstable.pods
+    podman-desktop
+  ];
+
+  virtualisation.podman = {
+    enable = true;
+    dockerCompat = !dockerEnabled;
+    dockerSocket.enable = !dockerEnabled;
+    defaultNetwork.settings.dns_enabled = true;
+    enableNvidia = lib.elem "nvidia" config.services.xserver.videoDrivers;
+  };
+
+  virtualisation.oci-containers.backend = lib.mkIf (!dockerEnabled) "podman";
+
+  environment.extraInit = lib.mkIf (!dockerEnabled)
+    ''
+      if [ -z "$DOCKER_HOST" -a -n "$XDG_RUNTIME_DIR" ]; then
+        export DOCKER_HOST="unix://$XDG_RUNTIME_DIR/podman/podman.sock"
+      fi
+    '';
+
+}

nixos/floki/default.nix

@@ -12,9 +12,8 @@
     ../_mixins/services/bluetooth.nix
     ../_mixins/services/pipewire.nix
     ../_mixins/virt
-
-    #    ../_mixins/global
-    #    ../_mixins/users/gburd
+    ../_mixins/virt/docker.nix
+    ../_mixins/virt/podman.nix
   ];
 
   boot = {

shells/code-format/flake.nix

@@ -7,8 +7,7 @@
   };
 
   outputs =
-    { self
-    , nixpkgs
+    { nixpkgs
     , flake-utils
     }:
 

shells/gpu/flake.nix

@@ -7,8 +7,7 @@
   };
 
   outputs =
-    { self
-    , nixpkgs
+    { nixpkgs
     , flake-utils
     }:
 

shells/network/flake.nix

@@ -7,8 +7,7 @@
   };
 
   outputs =
-    { self
-    , nixpkgs
+    { nixpkgs
     , flake-utils
     }: