Lock file maintenance

flake.lock

@@ -9,11 +9,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1710174970,
+        "lastModified": 1712328717,
-        "narHash": "sha256-YEeNn5h9kIrkWPsraAqJ2fWh7YP1K8ngyMSA7bLDDVk=",
+        "narHash": "sha256-JjyigEN2M6HTeeUBk6PcOkcSMqDaXoQhYAX7KYk6K24=",
         "owner": "atuinsh",
         "repo": "atuin",
-        "rev": "04f2c95617d8d5f1f9143fe1d9b1f71279232445",
+        "rev": "28b0b490f93fe9f7964d0593b9ba600f4b24663e",
         "type": "github"
       },
       "original": {
@@ -22,28 +22,6 @@
         "type": "github"
       }
     },
-    "deploy-rs": {
-      "inputs": {
-        "flake-compat": "flake-compat_2",
-        "nixpkgs": [
-          "nixpkgs-stable"
-        ],
-        "utils": "utils"
-      },
-      "locked": {
-        "lastModified": 1708091384,
-        "narHash": "sha256-dTGGw2y8wvfjr+J9CjQbfdulOq72hUG17HXVNxpH1yE=",
-        "owner": "serokell",
-        "repo": "deploy-rs",
-        "rev": "0a0187794ac7f7a1e62cda3dabf8dc041f868790",
-        "type": "github"
-      },
-      "original": {
-        "owner": "serokell",
-        "repo": "deploy-rs",
-        "type": "github"
-      }
-    },
     "flake-compat": {
       "flake": false,
       "locked": {
@@ -60,44 +38,10 @@
         "type": "github"
       }
     },
-    "flake-compat_2": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1696426674,
-        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
-        "type": "github"
-      },
-      "original": {
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "type": "github"
-      }
-    },
     "flake-parts": {
       "inputs": {
         "nixpkgs-lib": "nixpkgs-lib"
       },
-      "locked": {
-        "lastModified": 1698882062,
-        "narHash": "sha256-HkhafUayIqxXyHH1X8d9RDl1M2CkFgZLjKD3MzabiEo=",
-        "owner": "hercules-ci",
-        "repo": "flake-parts",
-        "rev": "8c9fa2545007b49a5db5f650ae91f227672c3877",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hercules-ci",
-        "repo": "flake-parts",
-        "type": "github"
-      }
-    },
-    "flake-parts_2": {
-      "inputs": {
-        "nixpkgs-lib": "nixpkgs-lib_2"
-      },
       "locked": {
         "lastModified": 1709336216,
         "narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=",
@@ -117,11 +61,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1709126324,
+        "lastModified": 1710146030,
-        "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
+        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "d465f4819400de7c8d874d50b982301f28a84605",
+        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
         "type": "github"
       },
       "original": {
@@ -137,11 +81,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1706981411,
+        "lastModified": 1710888565,
-        "narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=",
+        "narHash": "sha256-s9Hi4RHhc6yut4EcYD50sZWRDKsugBJHSbON8KFwoTw=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "652fda4ca6dafeb090943422c34ae9145787af37",
+        "rev": "f33900124c23c4eca5831b9b5eb32ea5894375ce",
         "type": "github"
       },
       "original": {
@@ -158,11 +102,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1710164657,
+        "lastModified": 1712317700,
-        "narHash": "sha256-l64+ZjaQAVkHDVaK0VHwtXBdjcBD6nLBD+p7IfyBp/w=",
+        "narHash": "sha256-rnkQ6qMhlxfjpCECkTMlFXHU/88QvC5KpdJWq5H6F1E=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "017b12de5b899ef9b64e2c035ce257bfe95b8ae2",
+        "rev": "782eed8bb64b27acaeb7c17be4a095c85e65717f",
         "type": "github"
       },
       "original": {
@@ -196,7 +140,7 @@
         "hyprland-protocols": "hyprland-protocols",
         "hyprlang": "hyprlang",
         "nixpkgs": "nixpkgs",
-        "systems": "systems_3",
+        "systems": "systems_2",
         "wlroots": "wlroots",
         "xdph": "xdph"
       },
@@ -220,7 +164,7 @@
         "hyprland-protocols": "hyprland-protocols_2",
         "hyprlang": "hyprlang_2",
         "nixpkgs": "nixpkgs_2",
-        "systems": "systems_4",
+        "systems": "systems_3",
         "wlroots": "wlroots_2",
         "xdph": "xdph_2"
       },
@@ -321,7 +265,7 @@
         "hyprland-protocols": "hyprland-protocols_3",
         "hyprlang": "hyprlang_3",
         "nixpkgs": "nixpkgs_3",
-        "systems": "systems_6"
+        "systems": "systems_5"
       },
       "locked": {
         "lastModified": 1709299639,
@@ -390,7 +334,7 @@
           "hyprland-xdph-git",
           "nixpkgs"
         ],
-        "systems": "systems_5"
+        "systems": "systems_4"
       },
       "locked": {
         "lastModified": 1708681732,
@@ -406,39 +350,17 @@
         "type": "github"
       }
     },
-    "nix-fast-build": {
-      "inputs": {
-        "flake-parts": "flake-parts",
-        "nixpkgs": [
-          "nixpkgs-stable"
-        ],
-        "treefmt-nix": "treefmt-nix"
-      },
-      "locked": {
-        "lastModified": 1709911523,
-        "narHash": "sha256-XNutwbRI6h57ybeKy0yYupfngWYcfcIqE0b0LgXnyxs=",
-        "owner": "Mic92",
-        "repo": "nix-fast-build",
-        "rev": "692fe3e98f36b60c678d637235271b57910a7f80",
-        "type": "github"
-      },
-      "original": {
-        "owner": "Mic92",
-        "repo": "nix-fast-build",
-        "type": "github"
-      }
-    },
     "nixd-git": {
       "inputs": {
-        "flake-parts": "flake-parts_2",
+        "flake-parts": "flake-parts",
         "nixpkgs": "nixpkgs_4"
       },
       "locked": {
-        "lastModified": 1710142672,
+        "lastModified": 1711809944,
-        "narHash": "sha256-MRClVDHMGXglXpSR+RflwnrY/ngePqrxOwiwoh5/BtU=",
+        "narHash": "sha256-Z5FEXEn/5lAnGUSDIah0NRkP3RCE5sQQrms7ltvzH/8=",
         "owner": "nix-community",
         "repo": "nixd",
-        "rev": "eb40e5b315fafa1086f69be84918bbd9235e0a10",
+        "rev": "bcf0de61178c4dbf1488e8417cc7e28cc5390164",
         "type": "github"
       },
       "original": {
@@ -464,24 +386,6 @@
       }
     },
     "nixpkgs-lib": {
-      "locked": {
-        "dir": "lib",
-        "lastModified": 1698611440,
-        "narHash": "sha256-jPjHjrerhYDy3q9+s5EAsuhyhuknNfowY6yt6pjn9pc=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "0cbe9f69c234a7700596e943bfae7ef27a31b735",
-        "type": "github"
-      },
-      "original": {
-        "dir": "lib",
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs-lib_2": {
       "locked": {
         "dir": "lib",
         "lastModified": 1709237383,
@@ -499,13 +403,29 @@
         "type": "github"
       }
     },
+    "nixpkgs-ovmf": {
+      "locked": {
+        "lastModified": 1708984720,
+        "narHash": "sha256-gJctErLbXx4QZBBbGp78PxtOOzsDaQ+yw1ylNQBuSUY=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "13aff9b34cc32e59d35c62ac9356e4a41198a538",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1710021367,
+        "lastModified": 1712168706,
-        "narHash": "sha256-FuMVdWqXMT38u1lcySYyv93A7B8wU0EGzUr4t4jQu8g=",
+        "narHash": "sha256-XP24tOobf6GGElMd0ux90FEBalUtw6NkBSVh/RlA6ik=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "b94a96839afcc56de3551aa7472b8d9a3e77e05d",
+        "rev": "1487bdea619e4a7a53a4590c475deabb5a9d1bfb",
         "type": "github"
       },
       "original": {
@@ -517,11 +437,11 @@
     },
     "nixpkgs-stable_2": {
       "locked": {
-        "lastModified": 1710033658,
+        "lastModified": 1711819797,
-        "narHash": "sha256-yiZiVKP5Ya813iYLho2+CcFuuHpaqKc/CoxOlANKcqM=",
+        "narHash": "sha256-tNeB6emxj74Y6ctwmsjtMlzUMn458sBmwnD35U5KIM4=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "b17375d3bb7c79ffc52f3538028b2ec06eb79ef8",
+        "rev": "2b4e3ca0091049c6fbb4908c66b05b77eaef9f0c",
         "type": "github"
       },
       "original": {
@@ -533,11 +453,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1709961763,
+        "lastModified": 1712163089,
-        "narHash": "sha256-6H95HGJHhEZtyYA3rIQpvamMKAGoa8Yh2rFV29QnuGw=",
+        "narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "3030f185ba6a4bf4f18b87f345f104e6a6961f34",
+        "rev": "fd281bd6b7d3e32ddfa399853946f782553163b5",
         "type": "github"
       },
       "original": {
@@ -595,19 +515,40 @@
         "type": "github"
       }
     },
+    "nixvirt-git": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs-stable"
+        ],
+        "nixpkgs-ovmf": "nixpkgs-ovmf"
+      },
+      "locked": {
+        "lastModified": 1709064919,
+        "narHash": "sha256-uscnESRqfncrLg/gsEjDRP57u1tHk9+eGIBb5uhbf9g=",
+        "owner": "AshleyYakeley",
+        "repo": "NixVirt",
+        "rev": "a9cbedf52007b5d525837b0f736ad4fc8fe7f94c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "AshleyYakeley",
+        "ref": "v0.3.0",
+        "repo": "NixVirt",
+        "type": "github"
+      }
+    },
     "root": {
       "inputs": {
         "atuin": "atuin",
-        "deploy-rs": "deploy-rs",
         "home-manager-stable": "home-manager-stable",
         "home-manager-unstable": "home-manager-unstable",
         "hy3": "hy3",
         "hyprland-git": "hyprland-git",
         "hyprland-xdph-git": "hyprland-xdph-git",
-        "nix-fast-build": "nix-fast-build",
         "nixd-git": "nixd-git",
         "nixpkgs-stable": "nixpkgs-stable",
         "nixpkgs-unstable": "nixpkgs-unstable",
+        "nixvirt-git": "nixvirt-git",
         "sops-nix": "sops-nix"
       }
     },
@@ -619,11 +560,11 @@
         "nixpkgs-stable": "nixpkgs-stable_2"
       },
       "locked": {
-        "lastModified": 1710039806,
+        "lastModified": 1711855048,
-        "narHash": "sha256-vC2fo/phnetp6ub/nRv6mgAi5LbhJ6ujGQWrRD2VgNs=",
+        "narHash": "sha256-HxegAPnQJSC4cbEbF4Iq3YTlFHZKLiNTk8147EbLdGg=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "f8d5c8baa83fe620a28c0db633be9db3e34474b4",
+        "rev": "99b1e37f9fc0960d064a7862eb7adfb92e64fa10",
         "type": "github"
       },
       "original": {
@@ -649,16 +590,16 @@
     },
     "systems_2": {
       "locked": {
-        "lastModified": 1681028828,
+        "lastModified": 1689347949,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
         "owner": "nix-systems",
-        "repo": "default",
+        "repo": "default-linux",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
         "type": "github"
       },
       "original": {
         "owner": "nix-systems",
-        "repo": "default",
+        "repo": "default-linux",
         "type": "github"
       }
     },
@@ -707,60 +648,6 @@
         "type": "github"
       }
     },
-    "systems_6": {
-      "locked": {
-        "lastModified": 1689347949,
-        "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
-        "owner": "nix-systems",
-        "repo": "default-linux",
-        "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default-linux",
-        "type": "github"
-      }
-    },
-    "treefmt-nix": {
-      "inputs": {
-        "nixpkgs": [
-          "nix-fast-build",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1698438538,
-        "narHash": "sha256-AWxaKTDL3MtxaVTVU5lYBvSnlspOS0Fjt8GxBgnU0Do=",
-        "owner": "numtide",
-        "repo": "treefmt-nix",
-        "rev": "5deb8dc125a9f83b65ca86cf0c8167c46593e0b1",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "treefmt-nix",
-        "type": "github"
-      }
-    },
-    "utils": {
-      "inputs": {
-        "systems": "systems_2"
-      },
-      "locked": {
-        "lastModified": 1701680307,
-        "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
     "wlroots": {
       "flake": false,
       "locked": {

flake.nix

@@ -25,24 +25,12 @@
       inputs.nixpkgs.follows = "nixpkgs-unstable";
     };
 
-    # nix-fast-build
-    nix-fast-build = {
-      url = "github:Mic92/nix-fast-build";
-      inputs.nixpkgs.follows = "nixpkgs-stable";
-    };
-
      # sops-nix
     sops-nix = {
       url = "github:Mic92/sops-nix";
       inputs.nixpkgs.follows = "nixpkgs-stable";
     };
 
-     # deploy-rs
-    deploy-rs = {
-      url = "github:serokell/deploy-rs";
-      inputs.nixpkgs.follows = "nixpkgs-stable";
-    };
-
     # atuin
     atuin = {
       url = "github:atuinsh/atuin";
@@ -68,6 +56,12 @@
     nixd-git = {
       url = "github:nix-community/nixd";
     };
+
+    # NixVirt for qemu & libvirt
+    nixvirt-git = {
+      url = "github:AshleyYakeley/NixVirt/v0.3.0";
+      inputs.nixpkgs.follows = "nixpkgs-stable";
+    };
   };
 
   # The `@` syntax here is used to alias the attribute set of the
@@ -81,6 +75,7 @@
     ];
   in
   {
+    hydraJobs = import ./hydra.nix { inherit inputs outputs; };
     nixosConfigurations = {
       "durincore" = nixpkgs-unstable.lib.nixosSystem {
         system = "x86_64-linux";

garnix.yaml

@@ -0,0 +1,8 @@
+---
+# Config for garnix.io builds & caching
+builds:
+  include:
+    - homeConfigurations.*
+    - nixosConfigurations.*
+    - packages.x86_64-linux.*
+    - packages.aarch64-linux.*

home-manager/durincore.nix

@@ -15,6 +15,8 @@
       "$menu" = "wofi --show drun";
       bind = 
         [
+          # Disables middle mouse button paste.
+          ", mouse:274, exec, ;"
           # See https://wiki.hyprland.org/Configuring/Keywords/ for more
 
           # Example binds, see https://wiki.hyprland.org/Configuring/Binds/ for more

home-manager/gandalf.nix

@@ -7,6 +7,13 @@
   home = {
     username = "jahanson";
     homeDirectory = "/home/jahanson";
+    stateVersion = "23.11";
+
+    packages = with pkgs; [
+      # it provides the command `nom` works just like `nix`
+      # with more details log output
+      nix-output-monitor
+    ];
   };
 
   # basic configuration of git, please change to your own
@@ -51,18 +58,5 @@
     };
   };
 
-    # Packages that should be installed to the user profile.
-  home.packages = with pkgs; [
-    # here is some command line tools I use frequently
-    # feel free to add your own or remove some of them
-
-    # nix related
-    #
-    # it provides the command `nom` works just like `nix`
-    # with more details log output
-    nix-output-monitor
-  ];
-
-  home.stateVersion = "23.11";
   programs.home-manager.enable = true;
 }

hydra.nix

@@ -0,0 +1,18 @@
+{ inputs, outputs }:
+let
+  inherit (inputs.nixpkgs-stable.lib) filterAttrs mapAttrs elem;
+
+  notBroken = pkg: !(pkg.meta.broken or false);
+  isDistributable = pkg:
+    (pkg.meta.license or { redistributable = true; }).redistributable;
+  hasPlatform = sys: pkg: elem sys (pkg.meta.platforms or [ ]);
+  filterValidPkgs = sys: pkgs:
+    filterAttrs
+    (_: pkg: hasPlatform sys pkg && notBroken pkg && isDistributable pkg) pkgs;
+  getCfg = _: cfg: cfg.config.system.build.toplevel;
+  getHomeCfg = _: cfg: cfg.config.home.activationPackage;
+in {
+  # pkgs = mapAttrs filterValidPkgs outputs.packages;
+  hosts = mapAttrs getCfg outputs.nixosConfigurations;
+  # homes = mapAttrs getHomeCfg outputs.homeConfigurations;
+}

nixos/common.nix

@@ -20,8 +20,12 @@
     options = [ "x-systemd.automount" "noauto" ];
   };
 
-  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  nix.settings = {
-  nix.settings.trusted-users = [ "root" "jahanson" ];
+    experimental-features = [ "nix-command" "flakes" ];
+    trusted-users = [ "root" "jahanson" ];
+    extra-substituters = "https://cache.garnix.io";
+    extra-trusted-public-keys = "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=";
+  };
 
   # Enable fish
   programs.fish.enable = true;

nixos/durincore/configuration.nix

@@ -22,6 +22,9 @@
     portalPackage = inputs.hyprland-xdph-git.packages.${pkgs.system}.xdg-desktop-portal-hyprland;
   };
 
+  # VirtManager for gandalf QEMU/KVM
+  programs.virt-manager.enable = true;
+
   environment.sessionVariables = {
     NIXOS_OZONE_WL = "1";
   };
@@ -46,6 +49,16 @@
   # Enable CUPS to print documents.
   services.printing.enable = true;
 
+  # Enable login prompt when booting.
+  services.greetd = {
+    enable = true;
+    settings = {
+      default_session = {
+        command = "${pkgs.greetd.greetd}/bin/agreety --cmd Hyprland";
+      };
+    };
+  };
+
   # Enable sound with pipewire.
   sound.enable = true;
   hardware.pulseaudio.enable = false;

nixos/gandalf/configuration.nix

@@ -2,33 +2,53 @@
 # your system. Help is available in the configuration.nix(5) man page, on
 # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
 
-{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, inputs, ... }:
-
+let
+  upsPassword = "illgettoiteventually";
+  vendorid = "0764";
+  productid = "0501";
+in
 {
   imports =
     [
       # Include the results of the hardware scan.
       ./hardware-configuration.nix
+      inputs.nixvirt-git.nixosModules.default
     ];
 
   # Use the systemd-boot EFI boot loader.
   boot = {
     supportedFilesystems = [ "zfs" ];
     zfs.forceImportRoot = false;
-    kernelParams = [ "zfs.zfs_arc_max=107374182400" ];
+    kernelParams = [ "zfs.zfs_arc_max=107374182400" ]; # 100GB
     zfs.extraPools = [ "eru" ];
   };
 
+  # ZFS NFS Share settings for read/write. Allows root passthrough with no user permission squash. Multiple IPs.
   # sudo zfs set sharenfs="rw=10.1.2.0/24:10.5.0.8/32,no_root_squash,sec=sys,anonuid=548,anongid=548" eru/xen-backups
+  # Read Only
   # sudo zfs set sharenfs="ro=10.1.2.0/24,no_root_squash,sec=sys,anonuid=548,anongid=548" eru/borg
+  # Read Only and Read Write
   # sudo zfs set sharenfs="ro=10.1.2.0/24,rw=10.1.1.55/32,no_root_squash,sec=sys,anonuid=548,anongid=548" eru/borg/nextcloud
+  # Disables NFS share for dataset.
   # sudo zfs set sharenfs inherit eru/xen-backups
 
   # Network settings
   networking = {
-    hostName = "gandalf"; # Define your hostname.
+    hostName = "gandalf"; 
-    networkmanager.enable = true;
     hostId = "e2fc95cd";
+    useDHCP = false; # needed for bridge
+    networkmanager.enable = true;
+    firewall.enable = false;
+    interfaces = {
+      "enp130s0f0".useDHCP = true;
+      "enp130s0f1".useDHCP = true;
+    };
+    bridges = {
+      "br0" = {
+        interfaces = [ "enp130s0f1" ];
+      };
+    };
   };
   
   environment.systemPackages = with pkgs; [
@@ -36,22 +56,103 @@
     lazydocker
   ];
 
-  # Some programs need SUID wrappers, can be configured further or are
+  # Services
-  # started in user sessions.
-  # programs.gnupg.agent = {
-  #   enable = true;
-  #   enableSSHSupport = true;
-  # };
 
-  # List services that you want to enable:
+  # OpenSSH daemon.
-
-  # Enable the OpenSSH daemon.
   services.openssh = {
     enable = true;
     # require public key authentication for better security
     settings.PasswordAuthentication = false;
     settings.KbdInteractiveAuthentication = false;
   };
+  services.prometheus.exporters.zfs.enable = true;
+  services.prometheus.exporters.smartctl.enable = true;
+
+  # UPS & NUT
+  power.ups = {
+    enable = true;
+    ups.cyberpower = {
+      driver = "usbhid-ups";
+      port = "auto";
+      directives = [
+        "vendorid = ${vendorid}"
+        "productid = ${productid}"
+        "product = CP1500AVRLCDa"
+        "serial = CTHKY2013373"
+        "vendor = CPS"
+        "bus = 002"
+      ];
+    };
+  };
+  users = {
+    users.nut = {
+      isSystemUser = true;
+      group = "nut";
+      # it does not seem to do anything with this directory
+      # but something errored without it, so whatever
+      home = "/var/lib/nut";
+      createHome = true;
+    };
+    groups.nut = { };
+  };
+  services.udev.extraRules = ''
+    SUBSYSTEM=="usb", ATTRS{idVendor}=="${vendorid}", ATTRS{idProduct}=="${productid}", MODE="664", GROUP="nut", OWNER="nut"
+  '';
+
+  systemd.services.upsd.serviceConfig = {
+    User = "root";
+    Group = "nut";
+  };
+
+  systemd.services.upsdrv.serviceConfig = {
+    User = "root";
+    Group = "nut";
+  };
+
+  # reference: https://github.com/networkupstools/nut/tree/master/conf
+  environment.etc = {
+    # all this file needs to do is exist
+    upsdConf = {
+      text = "";
+      target = "nut/upsd.conf";
+      mode = "0440";
+      group = "nut";
+      user = "nut";
+    };
+    upsdUsers = {
+      # update upsmonConf MONITOR to match
+      text = ''
+      [upsmon]
+        password = ${upsPassword}
+        upsmon master
+      '';
+      target = "nut/upsd.users";
+      mode = "0440";
+      group = "nut";
+      user = "nut";
+    };
+    # RUN_AS_USER is not a default
+    # the rest are from the sample
+    # grep -v '#' /nix/store/8nciysgqi7kmbibd8v31jrdk93qdan3a-nut-2.7.4/etc/upsmon.conf.sample
+    upsmonConf = {
+      text = ''
+        RUN_AS_USER nut
+
+        MINSUPPLIES 1
+        SHUTDOWNCMD "shutdown -h 0"
+        POLLFREQ 5
+        POLLFREQALERT 5
+        HOSTSYNC 15
+        DEADTIME 15
+        RBWARNTIME 43200
+        NOCOMMWARNTIME 300
+        FINALDELAY 5
+        MONITOR cyberpower@localhost 1 upsmon ${upsPassword} master
+      '';
+      target = "nut/upsmon.conf";
+      mode = "0444";
+    };
+  };
 
   # NFS
   services.nfs.server.enable = true;
@@ -86,6 +187,38 @@
         "force user" = "apps";
         "force group" = "apps";
       };
+      hansonhive = {
+        path = "/eru/hansonhive";
+        browseable = "yes";
+        "read only" = "no";
+        "guest ok" = "no";
+        "create mask" = "0644";
+        "directory mask" = "0755";
+        "force user" = "www-data";
+        "force group" = "www-data";
+      };
+      tm_joe = {
+        path = "/eru/tm_joe";
+        "valid users" = "jahanson";
+        public = "no";
+        writeable = "yes";
+        "guest ok" = "no";
+        "force user" = "jahanson";
+        "fruit:aapl" = "yes";
+        "fruit:time machine" = "yes";
+        "vfs objects" = "catia fruit streams_xattr";
+      };
+      tm_elisia = {
+        path = "/eru/tm_elisia";
+        "valid users" = "emhanson";
+        public = "no";
+        writeable = "yes";
+        "guest ok" = "no";
+        "force user" = "emhanson";
+        "fruit:aapl" = "yes";
+        "fruit:time machine" = "yes";
+        "vfs objects" = "catia fruit streams_xattr";
+      };
     };
   };
 
@@ -101,10 +234,11 @@
 
   };
 
-  # Xen-orchestra
+  # Podman Containers
   virtualisation.oci-containers = {
     backend = "podman";
     containers ={
+      # Xen-orchestra container
       xen-orchestra = {
         image = "docker.io/ronivay/xen-orchestra:5.136.0";
         ports = [ "80:80" ];
@@ -140,6 +274,57 @@
         daily =  7;
         monthly = 12;
       };
+      "eru/hansonhive" = {
+        recursive = true;
+        autoprune = true;
+        autosnap = true;
+        hourly =  24;
+        daily =  7;
+        monthly = 12;
+      };
+      "eru/tm_joe" = {
+        recursive = true;
+        autoprune = true;
+        autosnap = true;
+        hourly =  24;
+        daily =  7;
+        monthly = 12;
+      };
+      "eru/tm_elisia" = {
+        recursive = true;
+        autoprune = true;
+        autosnap = true;
+        hourly =  24;
+        daily =  7;
+        monthly = 12;
+      };
+      "eru/containers/volumes/xo-data" = {
+        recursive = true;
+        autoprune = true;
+        autosnap = true;
+        hourly =  24;
+        daily =  7;
+        monthly = 12;
+      };
+      "eru/containers/volumes/xo-redis-data" = {
+        recursive = true;
+        autoprune = true;
+        autosnap = true;
+        hourly =  24;
+        daily =  7;
+        monthly = 12;
+      };
+    };
+  };
+
+  # Enable QEMU/KVM/libvirt
+  virtualisation.libvirt.enable = true;
+  virtualisation.libvirtd = {
+    enable = true;
+    qemu = {
+      package = pkgs.qemu_kvm;
+      ovmf.enable = true;
+      ovmf.packages = [pkgs.OVMFFull.fd];
     };
   };
 
@@ -147,28 +332,8 @@
   # networking.firewall.allowedTCPPorts = [ ... ];
   # networking.firewall.allowedUDPPorts = [ ... ];
   # Or disable the firewall altogether.
-  networking.firewall.enable = false;
+  # networking.firewall.enable = false;
 
-  # Copy the NixOS configuration file and link it from the resulting system
-  # (/run/current-system/configuration.nix). This is useful in case you
-  # accidentally delete configuration.nix.
-  # system.copySystemConfiguration = true;
-
-  # This option defines the first version of NixOS you have installed on this particular machine,
-  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
-  #
-  # Most users should NEVER change this value after the initial install, for any reason,
-  # even if you've upgraded your system to a new NixOS release.
-  #
-  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
-  # so changing it will NOT upgrade your system.
-  #
-  # This value being lower than the current NixOS release does NOT mean your system is
-  # out of date, out of support, or vulnerable.
-  #
-  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
-  # and migrated your data accordingly.
-  #
   # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
   system.stateVersion = "23.11"; # Did you read the comment?
 

nixos/gandalf/hardware-configuration.nix

@@ -10,8 +10,9 @@
 
   boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "mpt3sas" "isci" "usbhid" "usb_storage" "sd_mod" ];
   boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-intel" ];
+  boot.kernelModules = [ "kvm-intel" "vfio" "vfio_iommu_type1" "vfio_pci" "vfio_virqfd" ];
   boot.extraModulePackages = [ ];
+  boot.kernelParams = [ "iommu=pt" "intel_iommu=on" ];
 
   fileSystems."/" =
     { device = "/dev/disk/by-uuid/d5e03c8a-9488-47f7-b911-339bdae36009";