flake.lock: Update

Flake lock file updates:

• Updated input 'secrets':
    'git+ssh://git@git.caspervk.net/caspervk/nixos-secrets.git?ref=refs/heads/master&rev=833bd4232b64b3cd84385f1e1faa058ac49db2b1' (2024-04-29)
  → 'git+ssh://git@git.caspervk.net/caspervk/nixos-secrets.git?ref=refs/heads/master&rev=6d65c05c19961bd0874240810446378cd04c0257' (2024-04-29)

flake.lock

@@ -228,11 +228,11 @@
     },
     "secrets": {
       "locked": {
-        "lastModified": 1714422881,
-        "narHash": "sha256-HSmkgafU4Ge4b02MYytuG2HsPjsk2ZLKfigcqektFbA=",
+        "lastModified": 1714423975,
+        "narHash": "sha256-uxipcpP/qICN5VfIpLzzGorVmU8FUvADnVNsfB+Sxmo=",
         "ref": "refs/heads/master",
-        "rev": "833bd4232b64b3cd84385f1e1faa058ac49db2b1",
-        "revCount": 33,
+        "rev": "6d65c05c19961bd0874240810446378cd04c0257",
+        "revCount": 34,
         "type": "git",
         "url": "ssh://git@git.caspervk.net/caspervk/nixos-secrets.git"
       },

hosts/sigma/default.nix

@@ -11,6 +11,7 @@
     ./hardware.nix
     ./jellyfin.nix
     ./mail.nix
+    ./memos.nix
     ./network.nix
     ./sonarr.nix
   ];

hosts/sigma/memos.nix

@@ -0,0 +1,18 @@
+{...}: {
+  virtualisation.oci-containers.containers = {
+    memos = {
+      # https://www.usememos.com/docs/install/self-hosting
+      image = "docker.io/neosmemo/memos:stable";
+      environment = {
+        # https://github.com/usememos/memos/issues/2433#issuecomment-1797316081
+        MEMOS_METRIC = "false";
+      };
+      ports = [
+        "127.0.0.1:5230:5230"
+      ];
+      volumes = [
+        "memos:/var/opt/memos"
+      ];
+    };
+  };
+}

modules/base/default.nix

@@ -11,6 +11,7 @@
     ./network.nix
     ./nix.nix
     ./packages.nix
+    ./podman.nix
     ./ripgrep.nix
     ./ssh.nix
     ./sudo.nix

modules/base/podman.nix

@@ -0,0 +1,30 @@
+{...}: {
+  # Podman can run rootless containers and be a drop-in replacement for Docker.
+  # It is used for systemd services containers defined using
+  # `virtualisation.oci-containers`.
+  # https://wiki.nixos.org/wiki/Podman
+  virtualisation.containers.enable = true;
+  virtualisation.podman = {
+    enable = true;
+    # Automatically `podman system prune` weekly
+    autoPrune.enable = true;
+    # Required for containers under podman-compose to be able to talk to each
+    # other.
+    defaultNetwork.settings = {
+      dns_enabled = true;
+      ipv6_enabled = true;
+    };
+  };
+
+  # Persist docker volumes
+  environment.persistence."/nix/persist" = {
+    directories = [
+      {
+        directory = "/var/lib/containers";
+        user = "root";
+        group = "root";
+        mode = "0700";
+      }
+    ];
+  };
+}

modules/borg.nix

@@ -90,15 +90,17 @@
       "! /**/found.000/*"
 
       "! /**/.cache"
-      "! /**/Cache"
       "! /**/cache"
+      "! /**/Cache"
       "! /srv/torrents"
+      "! /var/lib/containers/overlay*"
       "! /var/lib/docker/overlay2"
       "- *.tmp"
 
       "! /home/*/Android/Sdk"
       "! /home/*/Downloads"
       "! /home/*/GOG Games"
+      "! /home/*/.local/share/containers/storage/overlay*"
       "! /home/*/.steam"
     ];