firefox: Enable extra stuff

Flake lock file updates:

• Updated input 'emacs-overlay':
    'github:nix-community/emacs-overlay/dc68b375c2733198f642804a3cfacab5ede99761' (2024-02-26)
  → 'github:nix-community/emacs-overlay/8c56baa0e5ba4bbf9947605a31672e2f4735b1a9' (2024-02-28)
• Updated input 'emacs-overlay/nixpkgs-stable':
    'github:NixOS/nixpkgs/5bf1cadb72ab4e77cb0b700dab76bcdaf88f706b' (2024-02-25)
  → 'github:NixOS/nixpkgs/b7ee09cf5614b02d289cd86fcfa6f24d4e078c2a' (2024-02-26)
• Updated input 'flake-utils':
    'github:numtide/flake-utils/1ef2e671c3b0c19053962c07dbda38332dcebf26' (2024-01-15)
  → 'github:numtide/flake-utils/d465f4819400de7c8d874d50b982301f28a84605' (2024-02-28)
• Updated input 'home-manager':
    'github:nix-community/home-manager/4ee704cb13a5a7645436f400b9acc89a67b9c08a' (2024-02-24)
  → 'github:nix-community/home-manager/1d085ea4444d26aa52297758b333b449b2aa6fca' (2024-02-26)
• Updated input 'microvm':
    'github:astro/microvm.nix/4583e2394e1e5723746fb55dbb912385c6c6bda1' (2024-02-26)
  → 'github:astro/microvm.nix/df3254b6a9ff2ddbbd4be27d75d8cc9f1b637d4b' (2024-02-27)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/3f7d0bca003eac1a1a7f4659bbab9c8f8c2a0958' (2024-02-22)
  → 'github:NixOS/nixos-hardware/33a97b5814d36ddd65ad678ad07ce43b1a67f159' (2024-02-28)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/73de017ef2d18a04ac4bfd0c02650007ccb31c2a' (2024-02-24)
  → 'github:nixos/nixpkgs/13aff9b34cc32e59d35c62ac9356e4a41198a538' (2024-02-26)
• Updated input 'rust-overlay':
    'github:oxalica/rust-overlay/cbdf3e5bb205ff2ca165fe661fbd6d885cbd0106' (2024-02-26)
  → 'github:oxalica/rust-overlay/5d56056fb905ff550ee61b6ebb6674d494f57a9e' (2024-02-28)
• Updated input 'sops':
    'github:Mic92/sops-nix/2874fbbe4a65bd2484b0ad757d27a16107f6bc17' (2024-02-25)
  → 'github:Mic92/sops-nix/a1c8de14f60924fafe13aea66b46157f0150f4cf' (2024-02-26)

flake.lock

@@ -148,11 +148,11 @@
         "nixpkgs-stable": "nixpkgs-stable_2"
       },
       "locked": {
-        "lastModified": 1708938386,
+        "lastModified": 1709140068,
-        "narHash": "sha256-WTSScoG1LhH+PBo3l4+Fcl1oGNuISmRzkYDrASPWefk=",
+        "narHash": "sha256-lvRBx3t6wF4crVlHko6Rm7rV2bSES4rgPC8a2zoaic8=",
         "owner": "nix-community",
         "repo": "emacs-overlay",
-        "rev": "dc68b375c2733198f642804a3cfacab5ede99761",
+        "rev": "8c56baa0e5ba4bbf9947605a31672e2f4735b1a9",
         "type": "github"
       },
       "original": {
@@ -324,11 +324,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1705309234,
+        "lastModified": 1709126324,
-        "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
+        "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
+        "rev": "d465f4819400de7c8d874d50b982301f28a84605",
         "type": "github"
       },
       "original": {
@@ -414,11 +414,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1708806879,
+        "lastModified": 1708988456,
-        "narHash": "sha256-MSbxtF3RThI8ANs/G4o1zIqF5/XlShHvwjl9Ws0QAbI=",
+        "narHash": "sha256-RCz7Xe64tN2zgWk+MVHkzg224znwqknJ1RnB7rVqUWw=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "4ee704cb13a5a7645436f400b9acc89a67b9c08a",
+        "rev": "1d085ea4444d26aa52297758b333b449b2aa6fca",
         "type": "github"
       },
       "original": {
@@ -438,11 +438,11 @@
         "spectrum": "spectrum"
       },
       "locked": {
-        "lastModified": 1708906061,
+        "lastModified": 1709054352,
-        "narHash": "sha256-8WlGYMCtggvybPdzQschOoC9r3dl0d3lnGmlTZB6pAw=",
+        "narHash": "sha256-JGxCz3Zv7sErrf1ROn1OjWy8BtP5w/YDp5PnQrJxZnQ=",
         "owner": "astro",
         "repo": "microvm.nix",
-        "rev": "4583e2394e1e5723746fb55dbb912385c6c6bda1",
+        "rev": "df3254b6a9ff2ddbbd4be27d75d8cc9f1b637d4b",
         "type": "github"
       },
       "original": {
@@ -521,11 +521,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1708594753,
+        "lastModified": 1709147990,
-        "narHash": "sha256-c/gH7iXS/IYH9NrFOT+aJqTq+iEBkvAkpWuUHGU3+f0=",
+        "narHash": "sha256-vpXMWoaCtMYJ7lisJedCRhQG9BSsInEyZnnG5GfY9tQ=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "3f7d0bca003eac1a1a7f4659bbab9c8f8c2a0958",
+        "rev": "33a97b5814d36ddd65ad678ad07ce43b1a67f159",
         "type": "github"
       },
       "original": {
@@ -586,11 +586,11 @@
     },
     "nixpkgs-stable_2": {
       "locked": {
-        "lastModified": 1708831307,
+        "lastModified": 1708979614,
-        "narHash": "sha256-0iL/DuGjiUeck1zEaL+aIe2WvA3/cVhp/SlmTcOZXH4=",
+        "narHash": "sha256-FWLWmYojIg6TeqxSnHkKpHu5SGnFP5um1uUjH+wRV6g=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "5bf1cadb72ab4e77cb0b700dab76bcdaf88f706b",
+        "rev": "b7ee09cf5614b02d289cd86fcfa6f24d4e078c2a",
         "type": "github"
       },
       "original": {
@@ -634,11 +634,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1708807242,
+        "lastModified": 1708984720,
-        "narHash": "sha256-sRTRkhMD4delO/hPxxi+XwLqPn8BuUq6nnj4JqLwOu0=",
+        "narHash": "sha256-gJctErLbXx4QZBBbGp78PxtOOzsDaQ+yw1ylNQBuSUY=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "73de017ef2d18a04ac4bfd0c02650007ccb31c2a",
+        "rev": "13aff9b34cc32e59d35c62ac9356e4a41198a538",
         "type": "github"
       },
       "original": {
@@ -762,11 +762,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1708913568,
+        "lastModified": 1709086241,
-        "narHash": "sha256-76PGANC2ADf0h7fe0w2nWpfdGN+bemFs2rvW2EdU/ZY=",
+        "narHash": "sha256-3QHK5zu/5XOa+ghBeKzvt+/BLdEPjw/xDNLcpDfbkmg=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "cbdf3e5bb205ff2ca165fe661fbd6d885cbd0106",
+        "rev": "5d56056fb905ff550ee61b6ebb6674d494f57a9e",
         "type": "github"
       },
       "original": {
@@ -783,11 +783,11 @@
         "nixpkgs-stable": "nixpkgs-stable_4"
       },
       "locked": {
-        "lastModified": 1708830076,
+        "lastModified": 1708987867,
-        "narHash": "sha256-Cjh2xdjxC6S6nW6Whr2dxSeh8vjodzhTmQdI4zPJ4RA=",
+        "narHash": "sha256-k2lDaDWNTU5sBVHanYzjDKVDmk29RHIgdbbXu5sdzBA=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "2874fbbe4a65bd2484b0ad757d27a16107f6bc17",
+        "rev": "a1c8de14f60924fafe13aea66b46157f0150f4cf",
         "type": "github"
       },
       "original": {

home-manager/modules/firefox/default.nix

@@ -9,6 +9,7 @@ let
   cfg = config.eboskma.programs.firefox;
 
   profileSettings = {
+    "browser.chrome.guess_favicon" = false;
     "browser.shell.checkDefaultBrowser" = false;
     "browser.translations.enable" = false;
     "devtools.theme" = "dark";

lib/default.nix

@@ -36,7 +36,11 @@ rec {
 
           config = {
             allowUnfree = true;
-            firefox.speechSynthesisSupport = true;
+            firefox = {
+              speechSynthesisSupport = true;
+              ffmpegSupport = true;
+              pipewireSupport = true;
+            };
           };
         };
         home-manager = {

machines/default.nix

@@ -4,7 +4,7 @@ inputs: {
     # deploy = {
     #   # host = "10.0.0.202";
     #   host = "ci.barn-beaver.ts.net";
-    #   sshUser = "erwin";
+    #   targetUser = "erwin";
     #   buildOn = "local";
     #   substituteOnTarget = true;
     #   tags = [ "container" ];
@@ -15,7 +15,7 @@ inputs: {
     deploy = {
       # host = "10.0.0.205";
       host = "frigate.barn-beaver.ts.net";
-      sshUser = "erwin";
+      targetUser = "erwin";
       buildOn = "local";
       substituteOnTarget = true;
       tags = [ "container" ];
@@ -26,7 +26,7 @@ inputs: {
     deploy = {
       # host = "10.0.0.203";
       host = "gitea.barn-beaver.ts.net";
-      sshUser = "erwin";
+      targetUser = "erwin";
       buildOn = "local";
       substituteOnTarget = true;
       tags = [ "container" ];
@@ -37,7 +37,7 @@ inputs: {
     deploy = {
       # host = "10.0.0.210";
       host = "gitea-runner.barn-beaver.ts.net";
-      sshUser = "erwin";
+      targetUser = "erwin";
       buildOn = "local";
       substituteOnTarget = true;
       tags = [ "container" ];
@@ -48,7 +48,7 @@ inputs: {
     deploy = {
       # host = "heimdall.datarift.nl";
       host = "heimdall.barn-beaver.ts.net";
-      sshUser = "erwin";
+      targetUser = "erwin";
       buildOn = "local";
       substituteOnTarget = true;
       tags = [ "metal" ];
@@ -59,7 +59,7 @@ inputs: {
     deploy = {
       # host = "10.0.0.167";
       host = "10.0.0.208";
-      sshUser = "erwin";
+      targetUser = "erwin";
       buildOn = "local";
       substituteOnTarget = true;
       tags = [ "container" ];
@@ -76,7 +76,7 @@ inputs: {
     deploy = {
       # host = "10.0.0.204";
       host = "minio.barn-beaver.ts.net";
-      sshUser = "erwin";
+      targetUser = "erwin";
       buildOn = "local";
       substituteOnTarget = true;
       tags = [ "container" ];
@@ -106,7 +106,7 @@ inputs: {
     deploy = {
       # host = "10.0.0.251";
       host = "proxy.barn-beaver.ts.net";
-      sshUser = "erwin";
+      targetUser = "erwin";
       buildOn = "local";
       substituteOnTarget = true;
       tags = [ "container" ];
@@ -116,12 +116,21 @@ inputs: {
     system = "aarch64-linux";
     config = import ./regin/configuration.nix inputs;
   };
+  saga = {
+    config = import ./saga/configuration.nix inputs;
+    deploy = {
+      # host = "10.0.0.212";
+      host = "saga.barn-beaver.ts.net";
+      targetUser = "erwin";
+      tags = [ "container" ];
+    };
+  };
   # thor = {
   #   system = "aarch64-linux";
   #   config = import ./thor/configuration.nix inputs;
   #   # deploy = {
   #   #   host = "10.0.0.198";
-  #   #   sshUser = "erwin";
+  #   #   targetUser = "erwin";
   #   #   buildOn = "local";
   #   #   substituteOnTarget = true;
   #   # };
@@ -131,7 +140,7 @@ inputs: {
     deploy = {
       # host = "10.0.0.207";
       host = "unifi.barn-beaver.ts.net";
-      sshUser = "erwin";
+      targetUser = "erwin";
       buildOn = "local";
       substituteOnTarget = true;
       tags = [ "container" ];
@@ -142,7 +151,7 @@ inputs: {
     deploy = {
       # host = "10.0.0.206";
       host = "valkyrie.barn-beaver.ts.net";
-      sshUser = "erwin";
+      targetUser = "erwin";
       buildOn = "local";
       substituteOnTarget = true;
       tags = [ "container" ];

machines/loki/configuration.nix

@@ -1,9 +1,4 @@
-{
+{ nixos-hardware, nix-ld-rs, ... }:
-  nixos-hardware,
-  nix-ld-rs,
-  attic,
-  ...
-}:
 { pkgs, config, ... }:
 {
   imports = [
@@ -478,18 +473,19 @@
     ];
   };
 
-  nix.settings.post-build-hook =
+  # nix.settings.post-build-hook =
-    let
+  #   let
-      inherit (attic.packages.${pkgs.system}) attic-client;
+  #     inherit (attic.packages.${pkgs.system}) attic-client;
-    in
+  #   in
-    pkgs.writeScript "upload-to-cache" ''
+  #   pkgs.writeScript "upload-to-cache" ''
-      set -eu
+  #     set -eu
-      set -f
+  #     set -f
-      export IFS=' '
+  #     export IFS=' '
 
-      echo "Uploading paths to cache " ''${OUT_PATHS}
+  #     OUT_PATHS=$(echo -n ''${OUT_PATHS} | ${pkgs.gawk}/bin/awk 'BEGIN { RS = " "; ORS = " "; } $0 !~ /horus_vcpkg/ { print $0 }')
-      exec ${attic-client}/bin/attic push main ''${OUT_PATHS}
+  #     echo "Uploading paths to cache " ''${OUT_PATHS}
-    '';
+  #     exec ${attic-client}/bin/attic push main ''${OUT_PATHS}
+  #   '';
 
   sops.defaultSopsFile = ./secrets.yaml;
   sops.secrets = {

machines/nix-cache/configuration.nix

@@ -95,7 +95,7 @@
         listen = "127.0.0.1:8080";
 
         garbage-collection = {
-          default-retention-period = "3 months";
+          default-retention-period = "6 weeks";
         };
 
         storage = {
@@ -116,16 +116,16 @@
           #
           # If 0, chunking is disabled entirely for newly-uploaded NARs.
           # If 1, all NARs are chunked.
-          nar-size-threshold = 64 * 1024; # 64 KiB
+          nar-size-threshold = 256 * 1024; # 256 KiB
 
           # The preferred minimum size of a chunk, in bytes
-          min-size = 16 * 1024; # 16 KiB
+          min-size = 128 * 1024; # 128 KiB
 
           # The preferred average size of a chunk, in bytes
-          avg-size = 64 * 1024; # 64 KiB
+          avg-size = 256 * 1024; # 256 KiB
 
           # The preferred maximum size of a chunk, in bytes
-          max-size = 256 * 1024; # 256 KiB
+          max-size = 1024 * 1024; # 1024 KiB
         };
       };
     };

machines/saga/configuration.nix

@@ -0,0 +1,80 @@
+{ self, ... }:
+{ modulesPath, lib, ... }:
+{
+  imports = [
+    (modulesPath + "/virtualisation/lxc-container.nix")
+    ../../users/root
+    ../../users/erwin
+
+    ./grafana
+    ./prometheus
+  ];
+
+  eboskma = {
+    users.erwin = {
+      enable = true;
+      server = true;
+    };
+    nix-common = {
+      enable = true;
+      remote-builders = true;
+    };
+    tailscale.enable = true;
+  };
+
+  boot = {
+    isContainer = true;
+  };
+
+  time.timeZone = "Europe/Amsterdam";
+
+  system.configurationRevision = lib.mkIf (self ? rev) self.rev;
+
+  networking = {
+    hostName = "saga";
+    useDHCP = false;
+    useHostResolvConf = false;
+    networkmanager.enable = false;
+    useNetworkd = true;
+    nftables.enable = true;
+
+    firewall.trustedInterfaces = [ "tailscale0" ];
+  };
+
+  systemd.network = {
+    enable = true;
+
+    wait-online.anyInterface = true;
+
+    networks = {
+      "40-eth0" = {
+        matchConfig = {
+          Name = "eth0";
+        };
+
+        networkConfig = {
+          Address = "10.0.0.212/24";
+          Gateway = "10.0.0.1";
+          DNS = "10.0.0.206";
+          DHCP = "no";
+        };
+      };
+    };
+  };
+
+  security = {
+    sudo-rs = {
+      enable = true;
+      execWheelOnly = true;
+      wheelNeedsPassword = false;
+    };
+    sudo.enable = false;
+  };
+
+  # sops.defaultSopsFile = ./secrets.yaml;
+  # sops.secrets = {
+
+  # };
+
+  system.stateVersion = "24.05";
+}

machines/saga/grafana/default.nix

@@ -0,0 +1,13 @@
+{
+  services.grafana = {
+    enable = true;
+    settings = {
+      server = {
+        domain = "saga.datarift.nl";
+        enforce_domain = true;
+        http_addr = "0.0.0.0";
+        root_url = "https://saga.datarift.nl";
+      };
+    };
+  };
+}

machines/saga/prometheus/default.nix

@@ -0,0 +1,37 @@
+{ config, ... }:
+{
+  services.prometheus = {
+    enable = true;
+
+    scrapeConfigs = [
+      {
+        job_name = "saga";
+        static_configs = [
+          {
+            targets = [
+              "saga:${toString config.services.prometheus.exporters.node.port}" # node
+            ];
+          }
+        ];
+      }
+      {
+        job_name = "valkyrie";
+        static_configs = [
+          {
+            targets = [
+              "valkyrie:${toString config.services.prometheus.exporters.node.port}" # node
+              "valkyrie:${toString config.services.prometheus.exporters.unbound.port}" # unbound
+            ];
+          }
+        ];
+      }
+    ];
+
+    exporters = {
+      node = {
+        enable = true;
+        enabledCollectors = [ "systemd" ];
+      };
+    };
+  };
+}

machines/valkyrie/unbound/default.nix

@@ -1,68 +1,82 @@
 {
-  services.unbound = {
+  services = {
-    enable = true;
+    unbound = {
-    localControlSocketPath = "/run/unbound/unbound.ctl";
+      enable = true;
-    settings = {
+      localControlSocketPath = "/run/unbound/unbound.ctl";
-      server = {
+      settings = {
-        # Setting logfile to an empty string outputs to stderr
+        server = {
-        log-queries = false;
+          # Setting logfile to an empty string outputs to stderr
-        verbosity = 1;
+          log-queries = false;
+          verbosity = 1;
 
-        port = 5335;
+          port = 5335;
-        do-ip4 = true;
+          do-ip4 = true;
-        do-ip6 = true;
+          do-ip6 = true;
-        do-udp = true;
+          do-udp = true;
-        do-tcp = true;
+          do-tcp = true;
-        prefer-ip6 = true;
+          prefer-ip6 = true;
 
-        hide-identity = true;
+          hide-identity = true;
-        hide-version = true;
+          hide-version = true;
 
-        # Trust glue only if it is within the server's authority
+          # Trust glue only if it is within the server's authority
-        harden-glue = true;
+          harden-glue = true;
 
-        # Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS
+          # Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS
-        harden-dnssec-stripped = true;
+          harden-dnssec-stripped = true;
 
-        harden-referral-path = true;
+          harden-referral-path = true;
 
-        # Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes
+          # Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes
-        # see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details
+          # see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details
-        use-caps-for-id = false;
+          use-caps-for-id = false;
 
-        # Reduce EDNS reassembly buffer size.
+          # Reduce EDNS reassembly buffer size.
-        # Suggested by the unbound man page to reduce fragmentation reassembly problems
+          # Suggested by the unbound man page to reduce fragmentation reassembly problems
-        edns-buffer-size = 1472;
+          edns-buffer-size = 1472;
 
-        # Perform prefetching of close to expired message cache entries
+          # Perform prefetching of close to expired message cache entries
-        # This only applies to domains that have been frequently queried
+          # This only applies to domains that have been frequently queried
-        prefetch = true;
+          prefetch = true;
-        prefetch-key = true;
+          prefetch-key = true;
 
-        # This attempts to reduce latency by serving the outdated record before
+          # This attempts to reduce latency by serving the outdated record before
-        # updating it instead of the other way around. Alternative is to increase
+          # updating it instead of the other way around. Alternative is to increase
-        # cache-min-ttl to e.g. 3600.
+          # cache-min-ttl to e.g. 3600.
-        cache-min-ttl = 0;
+          cache-min-ttl = 0;
-        serve-expired = true;
+          serve-expired = true;
 
-        rrset-cache-size = "256m";
+          rrset-cache-size = "256m";
-        msg-cache-size = "128m";
+          msg-cache-size = "128m";
-        msg-cache-slabs = 4;
+          msg-cache-slabs = 4;
-        # One thread should be sufficient, can be increased on beefy machines. In reality for most users running on small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1.
+          # One thread should be sufficient, can be increased on beefy machines. In reality for most users running on small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1.
-        num-threads = 2;
+          num-threads = 2;
 
-        # Ensure kernel buffer is large enough to not lose messages in traffic spikes
+          # Ensure kernel buffer is large enough to not lose messages in traffic spikes
-        so-rcvbuf = "1m";
+          so-rcvbuf = "8m";
 
-        # Ensure privacy of local IP ranges
+          # Ensure privacy of local IP ranges
-        private-address = [
+          private-address = [
-          "192.168.0.0/16"
+            "192.168.0.0/16"
-          "169.254.0.0/16"
+            "169.254.0.0/16"
-          "172.16.0.0/12"
+            "172.16.0.0/12"
-          "10.0.0.0/8"
+            "10.0.0.0/8"
-          "fd00::/8"
+            "fd00::/8"
-          "fe80::/10"
+            "fe80::/10"
-        ];
+          ];
+        };
+      };
+    };
+
+    prometheus.exporters = {
+      node = {
+        enable = true;
+        enabledCollectors = [ "systemd" ];
+      };
+
+      unbound = {
+        enable = true;
+        unbound.host = "unix:///run/unbound/unbound.ctl";
       };
     };
   };

modules/caddy-proxy/default.nix

@@ -14,6 +14,7 @@ let
 
       tls {
         dns cloudflare {env.CF_API_TOKEN}
+        propagation_timeout -1
       }
     '';
   };
@@ -32,6 +33,7 @@ let
 
       tls {
         dns cloudflare {env.CF_API_TOKEN}
+        propagation_timeout -1
       }
     '';
   };
@@ -49,7 +51,7 @@ in
 
       email = "erwin@datarift.nl";
 
-      # acmeCA = "https://acme-staging-v02.api.letsencrypt.org/directory";
+      acmeCA = "https://acme-v02.api.letsencrypt.org/directory";
 
       virtualHosts = {
         "home.datarift.nl" = mkProxyHost "homeassistant.barn-beaver.ts.net:8123";
@@ -58,6 +60,7 @@ in
         "git.datarift.nl" = mkProxyHost "gitea.barn-beaver.ts.net:3000";
         "minio.datarift.nl" = mkProxyHost "minio.barn-beaver.ts.net:9000";
         "minio-admin.datarift.nl" = mkLocalProxyHost "minio.barn-beaver.ts.net:9001";
+        "saga.datarift.nl" = mkLocalProxyHost "saga.barn-beaver.ts.net:3000";
         "unifi.datarift.nl" = mkLocalProxyHost "unifi.barn-beaver.ts.net:8443";
       };
     };

modules/podman/default.nix

@@ -30,7 +30,6 @@ in
 
     virtualisation.podman = {
       enable = true;
-      enableNvidia = cfg.enableNvidia;
       dockerCompat = true;
 
       autoPrune = {
@@ -43,6 +42,7 @@ in
 
     virtualisation.containers = {
       enable = true;
+      cdi.dynamic.nvidia.enable = cfg.enableNvidia;
       registries = {
         insecure = cfg.insecureRegistries;
       };

users/erwin/home.nix

@@ -72,8 +72,6 @@ in
           };
           eww = {
             enable = true;
-            # This will fail once https://github.com/NixOS/nixpkgs/pull/289595 is merged
-            package = pkgs.eww.override { withWayland = true; };
           };
           firefox = {
             enable = true;

users/erwin/work.nix

@@ -87,8 +87,6 @@ in
           };
           eww = {
             enable = true;
-            # This will fail once https://github.com/NixOS/nixpkgs/pull/289595 is merged
-            package = pkgs.eww.override { withWayland = true; };
           };
           firefox = {
             enable = true;