From 4a4648eafd43276ffa23f60f2dc57cd772f3cacc Mon Sep 17 00:00:00 2001
From: xeovalyte <me+gitea@xeovalyte.dev>
Date: Fri, 28 Feb 2025 16:29:18 +0100
Subject: [PATCH] Added incus service

---
 hosts/ti-clt-dsk01/default.nix    |  9 +-------
 hosts/ti-clt-dsk01/home.nix       |  5 -----
 modules/system/default.nix        |  1 +
 modules/system/services/incus.nix | 34 +++++++++++++++++++++++++++++++
 4 files changed, 36 insertions(+), 13 deletions(-)
 create mode 100644 modules/system/services/incus.nix

diff --git a/hosts/ti-clt-dsk01/default.nix b/hosts/ti-clt-dsk01/default.nix
index b1c5384..4311ab3 100644
--- a/hosts/ti-clt-dsk01/default.nix
+++ b/hosts/ti-clt-dsk01/default.nix
@@ -70,7 +70,7 @@
   users.users.xeovalyte = {
     isNormalUser = true;
     description = "Timo Boomers";
-    extraGroups = [ "networkmanager" "wheel" "dialout" "fuse" "incus-admin" ];
+    extraGroups = [ "networkmanager" "wheel" "dialout" "fuse" ];
   };
 
   networking.hosts = {
@@ -79,13 +79,6 @@
 
   services.openssh.enable = true;
 
-  # Temporarely test incus
-  virtualisation.incus.enable = true;
-  virtualisation.incus.package = pkgs.unstable.incus;
-  virtualisation.incus.ui.enable = true;
-  virtualisation.incus.ui.package = pkgs.unstable.incus.ui;
-  networking.nftables.enable = true;
-
   system.stateVersion = "24.05";
 
 }
diff --git a/hosts/ti-clt-dsk01/home.nix b/hosts/ti-clt-dsk01/home.nix
index 3e54b27..8b68045 100644
--- a/hosts/ti-clt-dsk01/home.nix
+++ b/hosts/ti-clt-dsk01/home.nix
@@ -50,11 +50,6 @@
       libreoffice
     ];
 
-    # Temporarely test podman
-    services.podman = {
-      enable = true;
-    };
-
     # Enable home-manager
     programs.home-manager.enable = true;
 
diff --git a/modules/system/default.nix b/modules/system/default.nix
index c13c57d..21df282 100644
--- a/modules/system/default.nix
+++ b/modules/system/default.nix
@@ -10,6 +10,7 @@
     ./services/quickemu.nix
     ./services/sunshine.nix
     ./services/garbage-collection.nix
+    ./services/incus.nix
 
     ./hardware/bluetooth.nix
     ./hardware/fprint.nix
diff --git a/modules/system/services/incus.nix b/modules/system/services/incus.nix
new file mode 100644
index 0000000..b1f7299
--- /dev/null
+++ b/modules/system/services/incus.nix
@@ -0,0 +1,34 @@
+{ pkgs, config, lib, ... }:
+
+with lib;
+
+let
+  cfg = config.settings.services.incus;
+in {
+  options = {
+    settings.services.incus.enable = lib.mkOption {
+      type = lib.types.bool;
+      description = ''
+        Enable incus service
+      '';
+      default = false;
+    };
+  };
+
+  config = mkIf cfg.enable {
+    virtualisation.incus = {
+      enable = true;
+      package = pkgs.unstable.incus;
+      ui.enable = true;
+      ui.package = pkgs.unstable.incus.ui;
+    };
+
+    users.users.xeovalyte = {
+      extraGroups = [ "incus-admin" ];
+    };
+
+    networking.nftables.enable = true;
+
+    networking.firewall.trustedInterfaces = ["incusbr0"];
+  };
+}