From 907bce2d2f4010d47300abe0ee5a0810ac81da03 Mon Sep 17 00:00:00 2001
From: Johannes Rothe <mail@johannes-rothe.de>
Date: Wed, 11 Sep 2024 21:30:18 +0200
Subject: [PATCH] Add incus (by default disabled)

---
 configuration.nix | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/configuration.nix b/configuration.nix
index 427f2b2..4f258cc 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -81,7 +81,7 @@
   users.users.rothe = {
     isNormalUser = true;
     description = "rothe";
-    extraGroups = [ "networkmanager" "wheel" "video" "scanner" "lp" "libvirtd"];
+    extraGroups = [ "networkmanager" "wheel" "video" "scanner" "lp" "incus-admin"];
     shell = pkgs.fish;
     packages = with pkgs; [
       chromium
@@ -176,7 +176,6 @@
         enableSSHSupport = true;
     };
     light.enable = true;
-    virt-manager.enable = true;
   };
   # List services that you want to enable:
   services.resolved = {
@@ -214,10 +213,10 @@
     roboto-mono
   ];
 
-  networking.firewall = {
+  networking.nftables = {
     enable = true;
-    allowedTCPPorts = [ ];
   };
+  networking.firewall.trustedInterfaces = [ "incusbr0" ];
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions
   # on your system were taken. It‘s perfectly fine and recommended to leave
@@ -227,8 +226,7 @@
   system.stateVersion = "23.05"; # Did you read the comment?
 
   virtualisation = {
-    libvirtd.enable = true;
-    podman.enable = true;
+    incus.enable = false;
   };
 
   programs.steam = {