{ config, lib, ... }: with lib; let cfg = config.nixfiles.modules.incus; in { options.nixfiles.modules.incus.enable = mkEnableOption "Incus"; config = mkIf cfg.enable { ark.directories = [ "/var/lib/incus" ]; virtualisation.incus = { enable = true; preseed = mkDefault { networks = [ { name = "incusbr0"; type = "bridge"; config = { "ipv4.address" = "10.0.30.1/24"; "ipv4.nat" = true; "ipv6.address" = "fc30::1/64"; "ipv6.nat" = true; }; } ]; storage_pools = [ { name = "default"; driver = "dir"; config.source = "/var/lib/incus/storage-pools/default"; } ]; profiles = [ { name = "default"; devices = { eth0 = { type = "nic"; name = "eth0"; network = "incusbr0"; }; root = { type = "disk"; pool = "default"; size = "15GiB"; path = "/"; }; }; } ]; }; }; networking.firewall.trustedInterfaces = [ "incusbr0" ]; # FIXME https://nixpk.gs/pr-tracker.html?pr=295364 # systemd.services.incus.path = mkForce [ # config.boot.zfs.package # "${config.boot.zfs.package}/lib/udev" # ]; my.extraGroups = [ "incus-admin" ]; }; }