From 14461cf4ac6abe48dd5f8ffcf064fa9fe9f5da20 Mon Sep 17 00:00:00 2001
From: Joseph Hanson <joe@veri.dev>
Date: Sat, 24 Aug 2024 12:53:24 -0500
Subject: [PATCH] update file pattern for sops secrets pre-commit

---
 .pre-commit-config.yaml                      |  1 +
 nixos/modules/nixos/system/incus/default.nix | 31 ++++++++++++++++++++
 2 files changed, 32 insertions(+)
 create mode 100644 nixos/modules/nixos/system/incus/default.nix

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 4f657d7..9f3cd00 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -36,3 +36,4 @@ repos:
       - id: sops-encryption
         # Uncomment to exclude all markdown files from encryption
         # exclude: *.\.md
+        files: .*secrets.*
diff --git a/nixos/modules/nixos/system/incus/default.nix b/nixos/modules/nixos/system/incus/default.nix
new file mode 100644
index 0000000..ceef2a7
--- /dev/null
+++ b/nixos/modules/nixos/system/incus/default.nix
@@ -0,0 +1,31 @@
+{ config, pkgs, ... }:
+{
+  sops.secrets.secret-domain-0 = {
+    sopsFile = ./secret.sops.yaml;
+  };
+
+  users.users.jahanson.extraGroups = [ "incus-admin" ];
+
+  virtualisation.incus = {
+    enable = true;
+    ui.enable = true;
+  };
+
+
+  # systemd.services.incus-preseed.postStart = "${oidcSetup}";
+
+  networking = {
+    nftables.enable = true;
+    firewall = {
+      allowedTCPPorts = [
+        8443
+        53
+        67
+      ];
+      allowedUDPPorts = [
+        53
+        67
+      ];
+    };
+  };
+}