Added incus service

hosts/ti-clt-dsk01/default.nix

@@ -70,7 +70,7 @@
   users.users.xeovalyte = {
     isNormalUser = true;
     description = "Timo Boomers";
-    extraGroups = [ "networkmanager" "wheel" "dialout" "fuse" "incus-admin" ];
+    extraGroups = [ "networkmanager" "wheel" "dialout" "fuse" ];
   };
 
   networking.hosts = {
@@ -79,13 +79,6 @@
 
   services.openssh.enable = true;
 
-  # Temporarely test incus
-  virtualisation.incus.enable = true;
-  virtualisation.incus.package = pkgs.unstable.incus;
-  virtualisation.incus.ui.enable = true;
-  virtualisation.incus.ui.package = pkgs.unstable.incus.ui;
-  networking.nftables.enable = true;
-
   system.stateVersion = "24.05";
 
 }

hosts/ti-clt-dsk01/home.nix

@@ -50,11 +50,6 @@
       libreoffice
     ];
 
-    # Temporarely test podman
-    services.podman = {
-      enable = true;
-    };
-
     # Enable home-manager
     programs.home-manager.enable = true;
 

modules/system/default.nix

@@ -10,6 +10,7 @@
     ./services/quickemu.nix
     ./services/sunshine.nix
     ./services/garbage-collection.nix
+    ./services/incus.nix
 
     ./hardware/bluetooth.nix
     ./hardware/fprint.nix

modules/system/services/incus.nix

@@ -0,0 +1,34 @@
+{ pkgs, config, lib, ... }:
+
+with lib;
+
+let
+  cfg = config.settings.services.incus;
+in {
+  options = {
+    settings.services.incus.enable = lib.mkOption {
+      type = lib.types.bool;
+      description = ''
+        Enable incus service
+      '';
+      default = false;
+    };
+  };
+
+  config = mkIf cfg.enable {
+    virtualisation.incus = {
+      enable = true;
+      package = pkgs.unstable.incus;
+      ui.enable = true;
+      ui.package = pkgs.unstable.incus.ui;
+    };
+
+    users.users.xeovalyte = {
+      extraGroups = [ "incus-admin" ];
+    };
+
+    networking.nftables.enable = true;
+
+    networking.firewall.trustedInterfaces = ["incusbr0"];
+  };
+}