Working version of izanagi config

machines/izanagi-minimal/disko-config.nix

@@ -6,7 +6,7 @@
   disko.devices = {
     disk = {
       main = {
-        device = "/dev/sda";
+        device = "/dev/vda";
         type = "disk";
         content = {
           type = "gpt";

machines/izanagi/.sops.yaml

@@ -1,6 +1,6 @@
 keys:
   - &primary age19wvqtn4ju6k4vs8fxr34unl6xx4cv04jw0lx9ps20xlde927zfssgl4qke
-  - &izanagi age1rfxyntqw6kgjr3akm80a84c99ez4sl3r6gqdnxhljc0dqsjj94vqfu67a2
+  - &izanagi age1pqnf52umkjf5taee6wznn5a0kve9ms0dcny2ypx55sksnnneppvqk7srxu
 creation_rules:
   - path_regex: secrets/secrets.yaml$
     key_groups:

machines/izanagi/default.nix

@@ -1,7 +1,6 @@
-{ config, pkgs, extraHomeModules, inputs, lib, ... }:
+{ config, pkgs, extraHomeModules, inputs, lib, username, ... }:
 
 let
-  username = "susano";
   flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs;
 in {
   imports =
@@ -32,7 +31,7 @@ in {
       nix-path = config.nix.nixPath;
 
       # Allow user to reubild nixos without sudo
-      trusted-users = [ "root" username ];
+      trusted-users = [ "root" "omen" username ];
     };
     # Opinionated: disable channels
     channel.enable = false;
@@ -129,7 +128,12 @@ in {
   dov = {
     virtualisation = {
       podman.enable = false;
-      docker.enable = true;
+      docker = {
+        enable = true;
+        isBtrfsStorageDriver = false;
+
+        inherit username;
+      };
     };
   };
 

machines/izanagi/secrets/secrets.yaml

@@ -20,20 +20,20 @@ sops:
         - recipient: age19wvqtn4ju6k4vs8fxr34unl6xx4cv04jw0lx9ps20xlde927zfssgl4qke
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvdXBSVm9adncvMUVPQVc3
-            MStnazNDQ29tQlh2ZVZtSElvZnhTenFtYXlFCnNPU0VKaUR6dG90ZlBBMFdaL2Fz
-            OFc4aTFxdU9DUjhhUk9xUW1GRjB1bGcKLS0tIFg1cEFEejRsMTNJQThoYytmdk1H
-            RFY3T0tYcDFoQUxaL3h1YW8vdXBSQk0KF2nhM4S8vyzCrij5lTvoErgtvUkCrFwh
-            eOhHP2QddxK1dwJsvrqOIQl9Gnd+GBgsNs/CY37MLkPGHXcUb9sCsA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjWlVrOGxXRVJXdUxnV0V0
+            WTlsMm02Q0RhTFdFczFJb0pxQzMrVDZBUXdZCkdQZHgzVUVMQ3g2OGxhS3NBTldF
+            dVVSRC9tZmdBeTBKQVVDazh3WWI0Ym8KLS0tIFdDWVlkRXByMnhoQUhSWFZPbVVL
+            Wko4RFJMMktDazJ2Q1pDWU1ad2paMWsKnnUH9R8GuN0T7kj8FIBXZHT80QJoTm2Y
+            BUM8pvcSxRO6U26O6YUZTyE5YHZzGRSDhbLtf480mlCTIDkSq7mrow==
             -----END AGE ENCRYPTED FILE-----
-        - recipient: age1rfxyntqw6kgjr3akm80a84c99ez4sl3r6gqdnxhljc0dqsjj94vqfu67a2
+        - recipient: age1pqnf52umkjf5taee6wznn5a0kve9ms0dcny2ypx55sksnnneppvqk7srxu
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXd29NUjRGN0FDTHVTSG1v
-            bVBYYUpPYTF0aVRpRlJQbmlMaXgxWGk4OUFJCk0yLzkrcUwwaUhESW1pc1QzNldC
-            dDAvdVVFN0hHa200bDhJTE9vVUs5RFkKLS0tIEVmRG5Ec3ZRTHRwNW8yd09MTXMv
-            VEZhR2NPVjdBa3BadHpMMUZkWDBMY00K5khR4JEKkg4czyNJ+StdM/18Qaw9ci0n
-            zmO/uPFFb1T9IDwQVPQwgbwzv7BSjC3r7tPGjh0hWokaTtDBWxI08Q==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAycXBxVy9WcHh6VGlWN202
+            TkdJTXorVVdYNytCSEROQVRlaEpNQ29wWUhJCmR5bVRUL1RvTlpTbkFBWUwwWWNa
+            UUYzR2p2UWdMOG5SOC84NjduZnpCOEUKLS0tIHk2NVpiTUdzUnRxZ01pRDR2RitT
+            cWlaR2gwblZhTzhkaVVHNDNXc2ZudzQKPEB5buoL9r9QnPCtY2L+G+DVlb8GY+Zl
+            k6WO2eozHIFDh/D5F7QC5E+Iey6mgs3nRn3zlKEqxtcI69MUb2Tnjg==
             -----END AGE ENCRYPTED FILE-----
     lastmodified: "2025-07-28T09:08:03Z"
     mac: ENC[AES256_GCM,data:R66Wy3x0MQxwvS1vR59IEG31p3i9x/IXCusK28HhOH611TPRt5Zy4iWv3pLJpuG36v4qTmGOGq5Fznf/iYl4kj313KXeo45opDZixyOEDTLhaY4ZBLTa0Ozh9DBoq/emrwis8eEysFESBM5WKtQZUDw7gQXgTcgaEa4/RQYtn+o=,iv:dvTmKh0EAEOYY9QikQMXtkxOPLy7XsF131Lnm1E6Kcc=,tag:tBbb8EbTcMkhRCE/NuED9g==,type:str]

modules/virtualisation/docker/default.nix

@@ -4,12 +4,21 @@ with lib;
 
 let
   cfg = config.dov.virtualisation.docker;
-  username = "susano";
 in {
-  options.dov.virtualisation.docker = { enable = mkEnableOption "docker config"; };
+  options.dov.virtualisation.docker = {
+    enable = mkEnableOption "docker config";
+    username = mkOption {
+      default = "susano";
+      type = types.string;
+    };
+    isBtrfsStorageDriver = mkOption {
+      default = true;
+      type = types.bool;
+    };
+  };
 
   config = mkIf cfg.enable {
-    users.extraGroups.docker.members = [ username ];
+    users.extraGroups.docker.members = [ cfg.username ];
 
     virtualisation.docker = {
       enable = true;
@@ -19,7 +28,7 @@ in {
       };
 
       # TODO use if disko is btrfs
-      storageDriver = "btrfs";
+      storageDriver = mkIf cfg.isBtrfsStorageDriver "btrfs";
     };
   };