Disable man pages

configuration.nix

@@ -105,7 +105,11 @@ with pkgs;
 
   # Specify secrets
   age = {
-    secrets.wireguard.file = secrets/wireguard.age;
+    secrets.wireguard = {
+      file = secrets/wireguard.age;
+      owner = "systemd-network";
+      group = "systemd-network";
+    };
     secrets.syncthing.file = secrets/syncthing.age;
     secrets.msmtp.file = secrets/msmtp.age;
     secrets.gitea = {
@@ -167,6 +171,9 @@ with pkgs;
     };
   };
 
+  # Disable man pages
+  documentation.man.enable = false;
+
   # Import other configuration modules
   imports = [
     ./modules/hardware-configuration.nix

modules/hardware-configuration.nix

@@ -23,39 +23,38 @@
       fsType = "vfat";
     };
 
-  fileSystems."/var/lib/containers/storage/overlay" =
-    { device = "/var/lib/containers/storage/overlay";
-      fsType = "none";
-      options = [ "bind" ];
-    };
-
-  fileSystems."/var/lib/containers/storage/overlay-containers/dba1864ff1473b3ba5fddd103f9cfff67334fbcc5c99c42b619e8a6d88776061/userdata/shm" =
-    { device = "shm";
-      fsType = "tmpfs";
-    };
-
-  fileSystems."/var/lib/containers/storage/overlay/1990fed1fbfbe8dc75ded251c84e8d82700fef0f01e8ead81916cadc5ec2cac1/merged" =
-    { device = "overlay";
-      fsType = "overlay";
-    };
-
   fileSystems."/vault" =
     { device = "vault";
       fsType = "zfs";
     };
 
-  fileSystems."/vault/radicale" =
+  fileSystems."/var/lib/signald" =
-    { device = "vault/radicale";
+    { device = "vault/state_directories/signald";
       fsType = "zfs";
     };
 
-  fileSystems."/vault/syncthing" =
+  fileSystems."/var/lib/gitea" =
-    { device = "vault/syncthing";
+    { device = "vault/state_directories/gitea";
       fsType = "zfs";
     };
 
-  fileSystems."/vault/backups" =
+  fileSystems."/var/lib/wallabag" =
-    { device = "vault/backups";
+    { device = "vault/state_directories/wallabag";
+      fsType = "zfs";
+    };
+
+  fileSystems."/var/lib/matrix-as-telegram" =
+    { device = "vault/state_directories/matrix-as-telegram";
+      fsType = "zfs";
+    };
+
+  fileSystems."/var/lib/matrix-as-signal" =
+    { device = "vault/state_directories/matrix-as-signal";
+      fsType = "zfs";
+    };
+
+  fileSystems."/var/lib/matrix-as-facebook" =
+    { device = "vault/state_directories/matrix-as-facebook";
       fsType = "zfs";
     };
 
@@ -69,6 +68,21 @@
       fsType = "zfs";
     };
 
+  fileSystems."/vault/backups" =
+    { device = "vault/backups";
+      fsType = "zfs";
+    };
+
+  fileSystems."/vault/radicale" =
+    { device = "vault/radicale";
+      fsType = "zfs";
+    };
+
+  fileSystems."/vault/syncthing" =
+    { device = "vault/syncthing";
+      fsType = "zfs";
+    };
+
   fileSystems."/vault/backups/monolith" =
     { device = "vault/backups/monolith";
       fsType = "zfs";
@@ -84,33 +98,18 @@
       fsType = "zfs";
     };
 
-  fileSystems."/var/lib/wallabag" =
+  fileSystems."/var/lib/containers" =
-    { device = "vault/state_directories/wallabag";
+    { device = "vault/containers";
       fsType = "zfs";
     };
 
-  fileSystems."/var/lib/gitea" =
+  fileSystems."/var/lib/containers/storage/zfs-containers/7521f1406d193340f67dfea6538f5ba05b19c61f757917f13e12b70287841045/userdata/shm" =
-    { device = "vault/state_directories/gitea";
+    { device = "shm";
-      fsType = "zfs";
+      fsType = "tmpfs";
     };
 
-  fileSystems."/var/lib/signald" =
+  fileSystems."/var/lib/containers/storage/zfs/graph/6bf2a36ab4d55af9e693f55018f5b2fd38b6aae285183b8680969f5820bd0be9" =
-    { device = "vault/state_directories/signald";
+    { device = "vault/containers/6bf2a36ab4d55af9e693f55018f5b2fd38b6aae285183b8680969f5820bd0be9";
-      fsType = "zfs";
-    };
-
-  fileSystems."/var/lib/matrix-as-signal" =
-    { device = "vault/state_directories/matrix-as-signal";
-      fsType = "zfs";
-    };
-
-  fileSystems."/var/lib/matrix-as-facebook" =
-    { device = "vault/state_directories/matrix-as-facebook";
-      fsType = "zfs";
-    };
-
-  fileSystems."/var/lib/matrix-as-telegram" =
-    { device = "vault/state_directories/matrix-as-telegram";
       fsType = "zfs";
     };
 
@@ -123,7 +122,7 @@
   networking.useDHCP = lib.mkDefault true;
   # networking.interfaces.cni-podman0.useDHCP = lib.mkDefault true;
   # networking.interfaces.eth0.useDHCP = lib.mkDefault true;
-  # networking.interfaces.veth65ee03c8.useDHCP = lib.mkDefault true;
+  # networking.interfaces.veth8009136e.useDHCP = lib.mkDefault true;
   # networking.interfaces.wg0.useDHCP = lib.mkDefault true;
   # networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
 

modules/information.nix

@@ -31,11 +31,31 @@
   # Set environment variable pointing to wallabag configuration directory
   environment.variables.WALLABAG_DATA = "/var/lib/wallabag";
 
-  # Openbooks configuration
+  # Podman setup with ZFS
-  virtualisation.oci-containers.containers = {
+  virtualisation = {
-    openbooks = {
+    containers.enable = true;
-      image = "evanbuss/openbooks:latest";
+    containers.storage.settings.storage = {
-      ports = [ "127.0.0.1:9000:80" ];
+      driver = "zfs";
+      graphroot = "/var/lib/containers/storage";
+      runroot = "/run/containers/storage";
+    };
+
+    podman = {
+      enable = true;
+      dockerCompat = true;
+      extraPackages = with pkgs; [ zfs ];
+    };
+
+    # Openbooks configuration
+    oci-containers = {
+      backend = "podman";
+      containers = {
+        openbooks = {
+          image = "evanbuss/openbooks:latest";
+          ports = [ "127.0.0.1:9000:80" ];
+        };
+      };
     };
   };
+
 }

modules/networking.nix

@@ -3,23 +3,24 @@
 let wireguard_port = 1194;
 
 in {
-  # Assign a static IP
+  # Enable systemd-networkd
   networking = {
     hostName = "zion";
     hostId = "4e74ea68";
-    interfaces.eth0 = {
+    useDHCP = false;
-      useDHCP = false;
+    useNetworkd = true;
-      ipv4.addresses = [{
+    dhcpcd.enable = false;
-        address = "192.168.13.2";
+  };
-        prefixLength = 24;
+  systemd.services."systemd-networkd-wait-online".enable = false;
-      }];
+
-    };
+  # Assign a static IP
-    defaultGateway = {
+  systemd.network.networks."24-home" = {
-      address = "192.168.13.1";
+    name = "eth0";
-      interface = "eth0";
+    matchConfig.Name = "eth0";
-    };
+    address = [ "192.168.13.2/24" ];
-    nameservers = [ "51.158.108.203" "137.220.55.93" ];
+    gateway = [ "192.168.13.1" ];
-    enableIPv6 = false;
+    dns = [ "51.158.108.203" "137.220.55.93" ];
+    networkConfig.DNSSEC = "no";
   };
 
   # Enable zeroconf
@@ -61,38 +62,47 @@ in {
     '';
   };
 
-  # Enable NAT for wireguard
+  # Wireguard setup
-  networking.nat = {
+  systemd.network.netdevs."wg0" = {
-    enable = true;
+    netdevConfig = {
-    externalInterface = "eth0";
+      Kind = "wireguard";
-    internalInterfaces = [ "wg0" ];
+      Name = "wg0";
+    };
+    wireguardConfig = {
+      ListenPort = wireguard_port;
+      PrivateKeyFile = config.age.secrets.wireguard.path;
+    };
+    wireguardPeers = [
+      # panacea
+      {
+        wireguardPeerConfig = {
+          PublicKey = "XMkTztU2Y8hw6Fu/2o4Gszij+EmNacvFMXuZyHS1n38=";
+          AllowedIPs = [ "10.8.0.2/32" ];
+        };
+      }
+      # caravanserai
+      {
+        wireguardPeerConfig = {
+          PublicKey = "eeKfAgMisM3K4ZOErev05RJ9LS2NLqL4x9jyi4XhM1Q=";
+          AllowedIPs = [ "10.8.0.3/32" ];
+        };
+      }
+    ];
   };
 
-  # Wireguard setup
+  systemd.network.networks."wg0" = {
-  networking.wireguard.interfaces = {
+    matchConfig.Name = "wg0";
-    wg0 = {
+    networkConfig = {
-      ips = [ "10.8.0.1/24" ];
+      Address = "10.8.0.1/24";
-      listenPort = wireguard_port;
+      IPForward = true;
-      privateKeyFile = config.age.secrets.wireguard.path;
+      IPMasquerade = "ipv4";
-      peers = [
-        # panacea
-        {
-          publicKey = "XMkTztU2Y8hw6Fu/2o4Gszij+EmNacvFMXuZyHS1n38=";
-          allowedIPs = [ "10.8.0.2/32" ];
-        }
-        # caravanserai
-        {
-          publicKey = "eeKfAgMisM3K4ZOErev05RJ9LS2NLqL4x9jyi4XhM1Q=";
-          allowedIPs = [ "10.8.0.3/32" ];
-        }
-      ];
     };
   };
 
   # DNS server with ad-block
   services.dnsmasq = {
     enable = true;
-    servers = config.networking.nameservers;
+    servers = config.systemd.network.networks."24-home".dns;
     extraConfig = ''
       domain-needed
       bogus-priv