System/Nixinator: Disable restic until I figure out why the repo breaks all the time

System/Nixinator: Disable rootless docker
2026-01-18 01:19:19 +01:00 · 2026-01-18 01:19:04 +01:00
4 changed files with 62 additions and 60 deletions
--- a/system/default.nix
+++ b/system/default.nix
@ -46,12 +46,9 @@ with mylib.networking; {

    docker = {
      enable = true;
-
-      # Use podman on the desktops, the servers are
-      # already configured using docker though...
-      # TODO: Use podman on the servers
-      podman = !headless;
-      docker.rootless = true;
+      podman = false;
+      docker.rootless = false;
+      docker.buildkit = true;
    };

    fonts = {
--- a/system/modules/docker/default.nix
+++ b/system/modules/docker/default.nix
@ -18,6 +18,10 @@ in {

    networking.firewall.trustedInterfaces = ["docker0" "podman0"];

+    # Needed for default bridge network to automatically work
+    # boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
+    # boot.kernel.sysctl."net.ipv6.ip_forward" = 1;
+
    virtualisation = {
      docker = {
        enable = !docker.podman;
@ -25,6 +29,7 @@ in {

        extraPackages = with pkgs; [docker-compose];

+        # TODO: Rootless docker has no internet?
        rootless = {
          enable = docker.docker.rootless;
          setSocketVariable = true;
--- a/system/modules/impermanence/default.nix
+++ b/system/modules/impermanence/default.nix
@ -162,7 +162,7 @@ in {
            (mkUDir ".config/Zeal" m755)

            # Share
-            (mkUDir ".local/share/containers" m755)
+            # (mkUDir ".local/share/containers" m755) # Rootless docker
            (mkUDir ".local/share/direnv" m755)
            (mkUDir ".local/share/docker" m755)
            (mkUDir ".local/share/fish" m755)
--- a/system/nixinator/default.nix
+++ b/system/nixinator/default.nix
@ -132,59 +132,59 @@

    # Keep this as a system service because we're backing up /persist as root
    # TODO: The repository gets corrupted all the time, maybe because the service runs before the repository is mounted?
-    restic.backups."synology" = {
-      # user = "${username}"; # Keep default (root), so restic can read everything
-
-      repository = "/home/${username}/Restic";
-      initialize = true;
-      passwordFile = config.sops.secrets.restic-repo-key.path;
-      createWrapper = true;
-
-      timerConfig = {
-        OnCalendar = "daily";
-        Persistent = true;
-        RandomizedDelaySec = "5h";
-      };
-
-      runCheck = true;
-      checkOpts = [
-        "--with-cache"
-      ];
-
-      pruneOpts = [
-        "--keep-daily 3"
-        "--keep-weekly 2"
-        # "--keep-monthly 0"
-        # "--keep-yearly 0"
-
-        "--prune" # Automatically remove dangling files not referenced by any snapshot
-        "--repack-uncompressed"
-      ];
-
-      paths = ["/persist"];
-      exclude = [
-        # The backup is just supposed to allow a system restore
-        "/persist/old_homes"
-        "/persist/old_roots"
-
-        # Those are synced by nextcloud, no need to backup them 50 times
-        "/persist/home/${username}/Documents"
-        "/persist/home/${username}/NixFlake"
-        "/persist/home/${username}/Notes"
-        "/persist/home/${username}/Projects"
-        "/persist/home/${username}/Public"
-
-        # Some more caches
-        ".cache"
-        "cache2" # firefox
-        "Cache"
-      ];
-      extraBackupArgs = [
-        "--exclude-caches" # Excludes marked cache directories
-        "--one-file-system" # Only stay on /persist (in case symlinks lead elsewhere)
-        "--cleanup-cache" # Auto remove old cache directories
-      ];
-    };
+    # restic.backups."synology" = {
+    #   # user = "${username}"; # Keep default (root), so restic can read everything
+    #
+    #   repository = "/home/${username}/Restic";
+    #   initialize = true;
+    #   passwordFile = config.sops.secrets.restic-repo-key.path;
+    #   createWrapper = true;
+    #
+    #   timerConfig = {
+    #     OnCalendar = "daily";
+    #     Persistent = true;
+    #     RandomizedDelaySec = "5h";
+    #   };
+    #
+    #   runCheck = true;
+    #   checkOpts = [
+    #     "--with-cache"
+    #   ];
+    #
+    #   pruneOpts = [
+    #     "--keep-daily 3"
+    #     "--keep-weekly 2"
+    #     # "--keep-monthly 0"
+    #     # "--keep-yearly 0"
+    #
+    #     "--prune" # Automatically remove dangling files not referenced by any snapshot
+    #     "--repack-uncompressed"
+    #   ];
+    #
+    #   paths = ["/persist"];
+    #   exclude = [
+    #     # The backup is just supposed to allow a system restore
+    #     "/persist/old_homes"
+    #     "/persist/old_roots"
+    #
+    #     # Those are synced by nextcloud, no need to backup them 50 times
+    #     "/persist/home/${username}/Documents"
+    #     "/persist/home/${username}/NixFlake"
+    #     "/persist/home/${username}/Notes"
+    #     "/persist/home/${username}/Projects"
+    #     "/persist/home/${username}/Public"
+    #
+    #     # Some more caches
+    #     ".cache"
+    #     "cache2" # firefox
+    #     "Cache"
+    #   ];
+    #   extraBackupArgs = [
+    #     "--exclude-caches" # Excludes marked cache directories
+    #     "--one-file-system" # Only stay on /persist (in case symlinks lead elsewhere)
+    #     "--cleanup-cache" # Auto remove old cache directories
+    #   ];
+    # };

    xserver = {
      # Configure keymap in X11
Author	SHA1	Message	Date
Christoph Urlacher	ea03e2266f	System/Nixinator: Disable restic until I figure out why the repo breaks all the time	2026-01-18 01:19:19 +01:00
Christoph Urlacher	5e422d05c9	System/Nixinator: Disable rootless docker	2026-01-18 01:19:04 +01:00