Merge branch 'podman' into nix

nix/configuration/configuration.nix

@@ -49,6 +49,7 @@
     ./roles/nvme
     ./roles/optimized_build
     ./roles/pcsx2
+    ./roles/podman
     ./roles/python
     ./roles/qemu
     ./roles/reset

nix/configuration/flake.lock

@@ -39,11 +39,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1758160037,
+        "lastModified": 1756733629,
-        "narHash": "sha256-fXelTdjdILspZ1IUU9aICB1+PXwSFiF8j+7ujwo1VpQ=",
+        "narHash": "sha256-dwWGlDhcO5SMIvMSTB4mjQ5Pvo2vtxvpIknhVnSz2I8=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "4f554162fff88e77655073d352eec0cea71103a2",
+        "rev": "a5c4f2ab72e3d1ab43e3e65aa421c6f2bd2e12a1",
         "type": "github"
       },
       "original": {
@@ -190,18 +190,18 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1758242085,
+        "lastModified": 1756787288,
-        "narHash": "sha256-hnrtEiy8qLMskZr0FBp0vbtMJ9xA4HvDdzuFRLxRiFg=",
+        "narHash": "sha256-rw/PHa1cqiePdBxhF66V7R+WAP8WekQ0mCDG4CFqT8Y=",
-        "ref": "og-amd-debug-tools",
+        "owner": "NixOS",
-        "rev": "7b0f433195e299008850d16e85a862177419cef6",
+        "repo": "nixpkgs",
-        "revCount": 862645,
+        "rev": "d0fc30899600b9b3466ddb260fd83deb486c32f1",
-        "type": "git",
+        "type": "github"
-        "url": "https://github.com/tomalexander/nixpkgs.git"
       },
       "original": {
-        "ref": "og-amd-debug-tools",
+        "owner": "NixOS",
-        "type": "git",
+        "ref": "nixos-unstable",
-        "url": "https://github.com/tomalexander/nixpkgs.git"
+        "repo": "nixpkgs",
+        "type": "github"
       }
     },
     "nixpkgs-dda3dcd3f": {
@@ -238,18 +238,18 @@
     },
     "nixpkgs-unoptimized": {
       "locked": {
-        "lastModified": 1758242085,
+        "lastModified": 1756787288,
-        "narHash": "sha256-hnrtEiy8qLMskZr0FBp0vbtMJ9xA4HvDdzuFRLxRiFg=",
+        "narHash": "sha256-rw/PHa1cqiePdBxhF66V7R+WAP8WekQ0mCDG4CFqT8Y=",
-        "ref": "og-amd-debug-tools",
+        "owner": "NixOS",
-        "rev": "7b0f433195e299008850d16e85a862177419cef6",
+        "repo": "nixpkgs",
-        "revCount": 862645,
+        "rev": "d0fc30899600b9b3466ddb260fd83deb486c32f1",
-        "type": "git",
+        "type": "github"
-        "url": "https://github.com/tomalexander/nixpkgs.git"
       },
       "original": {
-        "ref": "og-amd-debug-tools",
+        "owner": "NixOS",
-        "type": "git",
+        "ref": "nixos-unstable",
-        "url": "https://github.com/tomalexander/nixpkgs.git"
+        "repo": "nixpkgs",
+        "type": "github"
       }
     },
     "pre-commit-hooks-nix": {

nix/configuration/flake.nix

@@ -42,11 +42,9 @@
 
   inputs = {
     impermanence.url = "github:nix-community/impermanence";
-    # nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
-    # nixpkgs.url = "github:tomalexander/nixpkgs/amd-debug-tools";
-    nixpkgs.url = "git+https://github.com/tomalexander/nixpkgs.git?ref=og-amd-debug-tools";
     nixpkgs-dda3dcd3f.url = "github:NixOS/nixpkgs/dda3dcd3fe03e991015e9a74b22d35950f264a54";
-    nixpkgs-unoptimized.url = "git+https://github.com/tomalexander/nixpkgs.git?ref=og-amd-debug-tools";
+    nixpkgs-unoptimized.url = "github:NixOS/nixpkgs/nixos-unstable";
     lanzaboote = {
       url = "github:nix-community/lanzaboote/v0.4.2";
 

nix/configuration/hosts/odo/default.nix

@@ -26,7 +26,7 @@
   me.secureBoot.enable = true;
 
   me.optimizations = {
-    enable = false;
+    enable = true;
     arch = "znver4";
     system_features = [
       "gccarch-znver4"
@@ -67,7 +67,7 @@
   me.chromium.enable = true;
   me.d2.enable = true;
   me.direnv.enable = true;
-  me.docker.enable = true;
+  me.docker.enable = false;
   me.ecc.enable = false;
   me.emacs_flavor = "full";
   me.firefox.enable = true;
@@ -87,6 +87,7 @@
   me.media.enable = true;
   me.nix_index.enable = true;
   me.pcsx2.enable = true;
+  me.podman.enable = true;
   me.python.enable = true;
   me.qemu.enable = true;
   me.rpcs3.enable = true;

nix/configuration/hosts/quark/default.nix

@@ -62,7 +62,7 @@
     me.chromium.enable = true;
     me.d2.enable = true;
     me.direnv.enable = true;
-    me.docker.enable = true;
+    me.docker.enable = false;
     me.ecc.enable = true;
     me.emacs_flavor = "full";
     me.firefox.enable = true;
@@ -83,6 +83,7 @@
     me.nix_index.enable = true;
     me.nix_worker.enable = true;
     me.pcsx2.enable = true;
+    me.podman.enable = true;
     me.python.enable = true;
     me.qemu.enable = true;
     me.rpcs3.enable = true;

nix/configuration/roles/amd_s2idle/cysystemd.nix

@@ -0,0 +1,48 @@
+{
+  lib,
+  pkgs,
+  buildPythonPackage,
+  fetchFromGitHub,
+  pythonOlder,
+  cython,
+  pkg-config,
+  setuptools,
+}:
+
+let
+  version = "1.6.3";
+in
+buildPythonPackage {
+  pname = "cysystemd";
+  inherit version;
+  pyproject = true;
+
+  src = fetchFromGitHub {
+    owner = "mosquito";
+    repo = "cysystemd";
+    tag = version;
+    hash = "sha256-xumrQgoKfFeKdRQUIYXXiXEcNd76i4wo/EIDm8BN7oU=";
+  };
+
+  disabled = pythonOlder "3.6";
+
+  build-system = [
+    setuptools
+    cython
+  ];
+
+  nativeBuildInputs = [
+    pkg-config
+  ];
+
+  buildInputs = [ pkgs.systemd ];
+
+  pythonImportsCheck = [ "cysystemd" ];
+
+  meta = {
+    description = "systemd wrapper on Cython";
+    homepage = "https://github.com/mosquito/cysystemd";
+    license = lib.licenses.asl20;
+    platforms = lib.platforms.linux;
+  };
+}

nix/configuration/roles/amd_s2idle/default.nix

@@ -23,6 +23,24 @@
         environment.systemPackages = with pkgs; [
           amd-debug-tools
         ];
+        nixpkgs.overlays = [
+          (
+            final: prev:
+            let
+              innerPackage = (final.callPackage ./package.nix { });
+            in
+            {
+              amd-debug-tools = innerPackage;
+            }
+          )
+          (final: prev: {
+            pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [
+              (python-final: python-prev: {
+                cysystemd = (python-final.callPackage ./cysystemd.nix { });
+              })
+            ];
+          })
+        ];
       }
     ]
   );

nix/configuration/roles/amd_s2idle/package.nix

@@ -0,0 +1,58 @@
+{
+  lib,
+  fetchgit,
+  python3Packages,
+  acpica-tools,
+  ethtool,
+  libdisplay-info,
+}:
+
+let
+  version = "0.2.7";
+in
+python3Packages.buildPythonApplication {
+  pname = "amd-debug-tools";
+  inherit version;
+  pyproject = true;
+
+  build-system = with python3Packages; [
+    setuptools
+    setuptools-git-versioning
+    setuptools-git
+    pyudev
+  ];
+  dependencies = with python3Packages; [
+    cysystemd
+    jinja2
+    matplotlib
+    pandas
+    pyudev
+    seaborn
+    tabulate
+    acpica-tools
+    ethtool
+    libdisplay-info
+  ];
+  src = fetchgit {
+    url = "https://git.kernel.org/pub/scm/linux/kernel/git/superm1/amd-debug-tools.git";
+    tag = version;
+    hash = "sha256-6X9cUKN0BkkKcYGU+YJYCGT+l5iUZDN+D8Fqq/ns98Q=";
+    leaveDotGit = true;
+  };
+
+  disabled = python3Packages.pythonOlder "3.7";
+
+  postPatch = ''
+    substituteInPlace pyproject.toml \
+      --replace-fail ', "setuptools-git-versioning>=2.0,<3"' ""
+  '';
+
+  pythonImportsCheck = [ "amd_debug" ];
+
+  meta = {
+    description = "Debug tools for AMD zen systems";
+    homepage = "https://git.kernel.org/pub/scm/linux/kernel/git/superm1/amd-debug-tools.git/";
+    license = lib.licenses.mit;
+    platforms = lib.platforms.linux;
+  };
+}

nix/configuration/roles/docker/default.nix

@@ -19,6 +19,14 @@
 
   config = lib.mkIf config.me.docker.enable (
     lib.mkMerge [
+      {
+        assertions = [
+          {
+            assertion = !config.me.podman.enable;
+            message = "docker conflicts with podman";
+          }
+        ];
+      }
       {
         virtualisation.docker.enable = true;
         # Use docker activation

nix/configuration/roles/firefox/default.nix

@@ -70,7 +70,7 @@
             # Allow sending dark mode preference to websites.
             # Allow sending timezone to websites.
             "privacy.fingerprintingProtection.overrides" =
-              "+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC,-CanvasExtractionBeforeUserInputIsBlocked";
+              "+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC,-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt";
             # Disable weather on new tab page
             "browser.newtabpage.activity-stream.showWeather" = false;
             # Disable AI stuff that wastes battery life

nix/configuration/roles/podman/default.nix

@@ -0,0 +1,80 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  options.me = {
+    podman.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to install podman.";
+    };
+  };
+
+  config = lib.mkIf config.me.podman.enable (
+    lib.mkMerge [
+      {
+        assertions = [
+          {
+            assertion = !config.me.docker.enable;
+            message = "podman conflicts with docker";
+          }
+        ];
+      }
+      {
+        environment.systemPackages = with pkgs; [
+          dive
+          podman-tui
+          podman-compose
+        ];
+
+        # Write config files in /etc/containers
+        virtualisation.containers.enable = true;
+        # By default this includes "quay.io" which leads to prompting for which registry to download from.
+        virtualisation.containers.registries.search = [ "docker.io" ];
+        virtualisation = {
+          podman = {
+            enable = true;
+            # Install docker shim
+            dockerCompat = true;
+            # Support name resolution in podman-compose.
+            defaultNetwork.settings.dns_enabled = true;
+          };
+        };
+
+        environment.variables = {
+          # For compatibility with tools expecting a docker socket (like dive).
+          DOCKER_HOST = "unix://$XDG_RUNTIME_DIR/podman/podman.sock";
+        };
+
+        environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
+          hideMounts = true;
+          directories = [
+            {
+              directory = "/var/lib/containers";
+              user = "root";
+              group = "root";
+              mode = "0755";
+            }
+          ];
+          users.talexander = {
+            directories = [
+              {
+                directory = ".local/share/containers";
+                user = "talexander";
+                group = "talexander";
+                mode = "0700";
+              }
+            ];
+          };
+        };
+      }
+    ]
+  );
+}