From f0df29065859f3a9d5d2e1775df6bba245f704d8 Mon Sep 17 00:00:00 2001
From: Spotlight <spotlight@joscomputing.space>
Date: Tue, 8 Apr 2025 04:08:37 -0500
Subject: [PATCH] cyclone: Add support for Incus

---
 hosts/linux/cyclone/configuration.nix | 54 +++++++++++++++------------
 hosts/linux/shared.nix                |  1 +
 2 files changed, 32 insertions(+), 23 deletions(-)

diff --git a/hosts/linux/cyclone/configuration.nix b/hosts/linux/cyclone/configuration.nix
index 7fbbcf0..b2f2c80 100644
--- a/hosts/linux/cyclone/configuration.nix
+++ b/hosts/linux/cyclone/configuration.nix
@@ -54,25 +54,41 @@
       package = config.boot.kernelPackages.nvidiaPackages.beta;
     };
 
+    # Docker NVIDIA runtime support
+    nvidia-container-toolkit.enable = true;
+
     # AMD
     cpu.amd.updateMicrocode = true;
   };
 
-  # As recommended in https://nixos.wiki/wiki/Libvirt#Setup
-  virtualisation.libvirtd = {
-    enable = true;
-    qemu = {
-      package = pkgs.qemu_kvm;
-      runAsRoot = true;
-      swtpm.enable = true;
-      ovmf = {
-        enable = true;
-        packages = [
-          (pkgs.OVMF.override {
-            secureBoot = true;
-            tpmSupport = true;
-          }).fd
-        ];
+  # Container programs
+  boot.kernel.sysctl."net.ipv4.ip_forward" = true;
+  networking.firewall.trustedInterfaces = [ "docker0" "incusbr0" ];
+  users.users.spotlight.extraGroups = [ "adbusers" "docker" "incus-admin" ];
+
+  virtualisation = {
+    # Docker
+    docker.enable = true;
+
+    # Incus (LXD)
+    incus.enable = true;
+
+    # As recommended in https://nixos.wiki/wiki/Libvirt#Setup
+    libvirtd = {
+      enable = true;
+      qemu = {
+        package = pkgs.qemu_kvm;
+        runAsRoot = true;
+        swtpm.enable = true;
+        ovmf = {
+          enable = true;
+          packages = [
+            (pkgs.OVMF.override {
+              secureBoot = true;
+              tpmSupport = true;
+            }).fd
+          ];
+        };
       };
     };
   };
@@ -119,14 +135,6 @@
     steam.enable = true;
   };
 
-  # Docker support
-  boot.kernel.sysctl."net.ipv4.ip_forward" = true;
-  networking.firewall.trustedInterfaces = [ "docker0" ];
-  users.users.spotlight.extraGroups = [ "adbusers" "docker" ];
-  virtualisation.docker.enable = true;
-  # Docker NVIDIA runtime support
-  hardware.nvidia-container-toolkit.enable = true;
-
   # Please do not change this without reviewing release notes upstream.
   system.stateVersion = "24.11";
 }
diff --git a/hosts/linux/shared.nix b/hosts/linux/shared.nix
index b732dff..01f33d9 100644
--- a/hosts/linux/shared.nix
+++ b/hosts/linux/shared.nix
@@ -15,6 +15,7 @@
   networking = {
     domain = "host.fox-int.cloud";
     networkmanager.enable = true;
+    nftables.enable = true;
 
     nameservers = [
       # Quad9