docker: remove

configs/default.nix

@@ -105,6 +105,56 @@ in
         supportedLocales = [ "all" ];
       };
     }
+    {
+      services.displayManager.cosmic-greeter.enable = false;
+      services.desktopManager.cosmic.enable = true;
+      services.system76-scheduler.enable = true;
+
+      users.users.applicative = {
+        name = "applicative";
+        description = "<*>";
+        hashedPasswordFile = config.age.secrets.kfm-password.path;
+        isNormalUser = true;
+        extraGroups = [
+          "pipewire"
+          "audio"
+        ];
+      };
+
+      # to run nspawn in nix sandbox
+      nix.settings = {
+        auto-allocate-uids = true;
+        system-features = [ "uid-range" ];
+        experimental-features = [
+          "auto-allocate-uids"
+          "cgroups"
+        ];
+      };
+
+      services.restic.backups.niveum = {
+        extraBackupArgs = [
+          "--exclude=${config.users.users.applicative.home}/src/nixpkgs/.git"
+        ];
+        paths = [
+          config.users.users.applicative.home
+        ];
+      };
+
+      security.sudo.extraRules = [
+        {
+          # still required for systemd-nspawn
+          users = [ config.users.users.applicative.name ];
+          commands = [ "ALL" ];
+        }
+      ];
+
+      home-manager.users.applicative = {
+        xdg.enable = true;
+        home.stateVersion = "25.11";
+        # programs.git = config.home-manager.users.me.programs.git;
+        # programs.alacritty = config.home-manager.users.me.programs.alacritty;
+      };
+    }
     {
       services.displayManager = {
         autoLogin = {
@@ -204,7 +254,6 @@ in
     ./clipboard.nix
     ./cloud.nix
     ./direnv.nix
-    ./docker.nix
     ./dunst.nix
     ./fonts.nix
     ./fzf.nix

configs/docker.nix

@@ -1,20 +0,0 @@
-{
-  lib,
-  pkgs,
-  ...
-}:
-{
-  virtualisation.docker = {
-    enable = true;
-    # for ICE wifi, ref https://gist.github.com/sunsided/7840e89ff4e11b64a2d7503fafa0290c
-    extraOptions = lib.concatStringsSep " " [
-      "--bip=172.39.1.5/24"
-      "--fixed-cidr=172.39.1.0/25"
-    ];
-  };
-  users.users.me.extraGroups = [ "docker" ];
-  environment.systemPackages = [
-    pkgs.docker
-    pkgs.docker-compose
-  ];
-}

configs/nix.nix

@@ -8,6 +8,6 @@
   };
   nix = {
     package = pkgs.nixVersions.stable;
-    extraOptions = "experimental-features = nix-command flakes";
+    settings.experimental-features = [ "nix-command" "flakes" ];
   };
 }

flake.nix

@@ -351,6 +351,17 @@
           profiles.default = [
             { nix.nixPath = [ "nixpkgs=${nixpkgs}" ]; }
             { nixpkgs.overlays = [ self.overlays.default ]; }
+            {
+              system.autoUpgrade = {
+                enable = true;
+                flake = self.outPath;
+                flags = [
+                  "--print-build-logs"
+                ];
+                dates = "02:00";
+                randomizedDelaySec = "45min";
+              };
+            }
             agenix.nixosModules.default
             retiolum.nixosModules.retiolum
             nix-topology.nixosModules.default
@@ -374,17 +385,6 @@
             configs/save-space.nix
             configs/monitoring.nix
             self.nixosModules.passport
-            {
-              system.autoUpgrade = {
-                enable = true;
-                flake = self.outPath;
-                flags = [
-                  "--print-build-logs"
-                ];
-                dates = "02:00";
-                randomizedDelaySec = "45min";
-              };
-            }
           ];
         in
         {