From 87752f4f9659ed62e0b97a5da47f442d8f09a01d Mon Sep 17 00:00:00 2001
From: David Crompton <davidcrompton@duck.com>
Date: Sat, 22 Mar 2025 14:04:40 -0400
Subject: [PATCH 1/8] flake.lock: Update
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/c630dfa8abcc65984cc1e47fb25d4552c81dd37e' (2025-03-11)
  → 'github:nix-community/home-manager/296ddc64627f4a6a4eb447852d7346b9dd16197d' (2025-03-21)
• Updated input 'lix-module':
    'https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/b90bf629bbd835e61f1317b99e12f8c831017006.tar.gz?narHash=sha256-YMLrcBpf0TR5r/eaqm8lxzFPap2TxCor0ZGcK3a7%2Bb8%3D' (2025-01-18)
  → 'https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/b90bf629bbd835e61f1317b99e12f8c831017006.tar.gz?narHash=sha256-YMLrcBpf0TR5r/eaqm8lxzFPap2TxCor0ZGcK3a7%2Bb8%3D&rev=b90bf629bbd835e61f1317b99e12f8c831017006' (2025-01-18)
• Updated input 'me-emacs':
    'git+https://git.syzygial.cc/Syzygial/EmacsConfig.git?ref=refs/heads/master&rev=3f9a4859a98123dd840e928d0e6af60ca921607a' (2025-03-18)
  → 'git+https://git.syzygial.cc/Syzygial/EmacsConfig.git?ref=refs/heads/master&rev=14454885f19e63584cc3ce557e97488541f15883' (2025-03-20)
• Updated input 'nix-darwin':
    'github:LnL7/nix-darwin/adf5c88ba1fe21af5c083b4d655004431f20c5ab' (2025-03-06)
  → 'github:LnL7/nix-darwin/e9f41de2a81f04390afd106959adf352a207628f' (2025-03-21)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/e3e32b642a31e6714ec1b712de8c91a3352ce7e1' (2025-03-09)
  → 'github:NixOS/nixpkgs/a84ebe20c6bc2ecbcfb000a50776219f48d134cc' (2025-03-19)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/e653d71e82575a43fe9d228def8eddb73887b866' (2025-03-10)
  → 'github:Mic92/sops-nix/b7756921b002de60fb66782effad3ce8bdb5b25d' (2025-03-21)
• Updated input 'sops-nix/nixpkgs':
    'github:NixOS/nixpkgs/c69a9bffbecde46b4b939465422ddc59493d3e4d' (2024-11-16)
  → 'github:NixOS/nixpkgs/573c650e8a14b2faa0041645ab18aed7e60f0c9a' (2025-03-13)
---
 flake.lock | 40 ++++++++++++++++++++--------------------
 1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/flake.lock b/flake.lock
index b08213f..f4668e7 100644
--- a/flake.lock
+++ b/flake.lock
@@ -58,11 +58,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1741701235,
-        "narHash": "sha256-gBlb8R9gnjUAT5XabJeel3C2iEUiBHx3+91651y3Sqo=",
+        "lastModified": 1742588233,
+        "narHash": "sha256-Fi5g8H5FXMSRqy+mU6gPG0v+C9pzjYbkkiePtz8+PpA=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "c630dfa8abcc65984cc1e47fb25d4552c81dd37e",
+        "rev": "296ddc64627f4a6a4eb447852d7346b9dd16197d",
         "type": "github"
       },
       "original": {
@@ -99,7 +99,7 @@
         "narHash": "sha256-YMLrcBpf0TR5r/eaqm8lxzFPap2TxCor0ZGcK3a7+b8=",
         "rev": "b90bf629bbd835e61f1317b99e12f8c831017006",
         "type": "tarball",
-        "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/b90bf629bbd835e61f1317b99e12f8c831017006.tar.gz"
+        "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/b90bf629bbd835e61f1317b99e12f8c831017006.tar.gz?rev=b90bf629bbd835e61f1317b99e12f8c831017006"
       },
       "original": {
         "type": "tarball",
@@ -114,11 +114,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1742305973,
-        "narHash": "sha256-1LtwFQf95Wm7HbpX85Hls3mme92ysFvGWWoyWUrRz94=",
+        "lastModified": 1742486781,
+        "narHash": "sha256-Q0JINFp8mtpkbvODO2arZJUONfXhYBu8O4oGqUjso2A=",
         "ref": "refs/heads/master",
-        "rev": "3f9a4859a98123dd840e928d0e6af60ca921607a",
-        "revCount": 75,
+        "rev": "14454885f19e63584cc3ce557e97488541f15883",
+        "revCount": 77,
         "type": "git",
         "url": "https://git.syzygial.cc/Syzygial/EmacsConfig.git"
       },
@@ -134,11 +134,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1741229100,
-        "narHash": "sha256-0HwrTDXp9buEwal/1ymK9uQmzUD5ozIA7CJGqnT/gLs=",
+        "lastModified": 1742595055,
+        "narHash": "sha256-cEetDber6LF8W4ThmRc4rwKs/o8y2GH0pUdX7e6CnAQ=",
         "owner": "LnL7",
         "repo": "nix-darwin",
-        "rev": "adf5c88ba1fe21af5c083b4d655004431f20c5ab",
+        "rev": "e9f41de2a81f04390afd106959adf352a207628f",
         "type": "github"
       },
       "original": {
@@ -150,11 +150,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1741513245,
-        "narHash": "sha256-7rTAMNTY1xoBwz0h7ZMtEcd8LELk9R5TzBPoHuhNSCk=",
+        "lastModified": 1742422364,
+        "narHash": "sha256-mNqIplmEohk5jRkqYqG19GA8MbQ/D4gQSK0Mu4LvfRQ=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "e3e32b642a31e6714ec1b712de8c91a3352ce7e1",
+        "rev": "a84ebe20c6bc2ecbcfb000a50776219f48d134cc",
         "type": "github"
       },
       "original": {
@@ -166,11 +166,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1731763621,
-        "narHash": "sha256-ddcX4lQL0X05AYkrkV2LMFgGdRvgap7Ho8kgon3iWZk=",
+        "lastModified": 1741865919,
+        "narHash": "sha256-4thdbnP6dlbdq+qZWTsm4ffAwoS8Tiq1YResB+RP6WE=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "c69a9bffbecde46b4b939465422ddc59493d3e4d",
+        "rev": "573c650e8a14b2faa0041645ab18aed7e60f0c9a",
         "type": "github"
       },
       "original": {
@@ -195,11 +195,11 @@
         "nixpkgs": "nixpkgs_2"
       },
       "locked": {
-        "lastModified": 1741644481,
-        "narHash": "sha256-E0RrMykMtEv15V3QhpsFutgoSKhL1JBhidn+iZajOyg=",
+        "lastModified": 1742595978,
+        "narHash": "sha256-05onsoMrLyXE4XleDCeLC3bXnC4nyUbKWInGwM7v6hU=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "e653d71e82575a43fe9d228def8eddb73887b866",
+        "rev": "b7756921b002de60fb66782effad3ce8bdb5b25d",
         "type": "github"
       },
       "original": {

From 65750629d3f5ef177cba74f12e30c475e6faaaaf Mon Sep 17 00:00:00 2001
From: David Crompton <davidcrompton@syzygial.cc>
Date: Mon, 31 Mar 2025 23:58:05 +0000
Subject: [PATCH 2/8] Machines: add machine pericyte

---
 flake.nix                                    |  7 +++++++
 machines/pericyte/configuration.nix          | 19 +++++++++++++++++++
 machines/pericyte/hardware-configuration.nix | 14 ++++++++++++++
 3 files changed, 40 insertions(+)
 create mode 100644 machines/pericyte/configuration.nix
 create mode 100644 machines/pericyte/hardware-configuration.nix

diff --git a/flake.nix b/flake.nix
index 281ee87..5596ce4 100644
--- a/flake.nix
+++ b/flake.nix
@@ -63,6 +63,13 @@
           lix-module.nixosModules.default
         ];
       };
+      pericyte = nixosSystem' {
+        modules = [
+          ./machines/pericyte/configuration.nix
+          modules.sops
+          # lix-module.nixosModules.default
+        ];
+      };
     };
     darwinConfigurations = {
       UniverseAir = darwinSystem' {
diff --git a/machines/pericyte/configuration.nix b/machines/pericyte/configuration.nix
new file mode 100644
index 0000000..ec6573c
--- /dev/null
+++ b/machines/pericyte/configuration.nix
@@ -0,0 +1,19 @@
+{ pkgs, ... }: {
+  imports = [
+    ./hardware-configuration.nix
+  ];
+
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+
+  environment.systemPackages = with pkgs; [
+    git
+  ];
+
+  boot.tmp.cleanOnBoot = true;
+  zramSwap.enable = true;
+  networking.hostName = "pericyte";
+  networking.domain = "";
+  services.openssh.enable = true;
+  users.users.root.openssh.authorizedKeys.keys = [''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOaNNSV/wurGA8D7bT+WX4UlHdKqd9SFfVXvSalvHag5qYDPUIsGGkqSNj1dcong9qxrC8y7G7ybWhwRKTKXInXrq6EO4JkVkCSbVqrq8gIv66upsKltvmf0esiOdrpRgHoiup8JKaX93aUT27rykReT39mFwkJZDoD4ViNiK7QmbgDC/9pyGDSJykreSnBoxtczox8Zi+pwN8XMI4nRVdV9hppXMpj38/O3Qaq+oXdHJ2MVNy9D+TqxYofstFbzpJpEb2xA4QYnq/VVJFk8VaZlg3qxelwBJ1GNZO8TMkLA+6b07D3aISyEIQAONviNktPwRPiw903hsDyeKDunDx ssh-key-2025-03-31'' ];
+  system.stateVersion = "25.05";
+}
diff --git a/machines/pericyte/hardware-configuration.nix b/machines/pericyte/hardware-configuration.nix
new file mode 100644
index 0000000..b26ab3a
--- /dev/null
+++ b/machines/pericyte/hardware-configuration.nix
@@ -0,0 +1,14 @@
+{ modulesPath, ... }:
+{
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+  boot.loader.grub = {
+    efiSupport = true;
+    efiInstallAsRemovable = true;
+    device = "nodev";
+  };
+  fileSystems."/boot" = { device = "/dev/disk/by-uuid/FCE4-1F46"; fsType = "vfat"; };
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
+  boot.initrd.kernelModules = [ "nvme" ];
+  fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
+  
+}

From d5e663c6d8a75bf156e7c14965092011204fa84e Mon Sep 17 00:00:00 2001
From: David Crompton <davidcrompton@syzygial.cc>
Date: Tue, 1 Apr 2025 02:25:50 +0000
Subject: [PATCH 3/8] Pericyte: Headless/Minimal Profiles

---
 machines/pericyte/configuration.nix | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/machines/pericyte/configuration.nix b/machines/pericyte/configuration.nix
index ec6573c..aca40cf 100644
--- a/machines/pericyte/configuration.nix
+++ b/machines/pericyte/configuration.nix
@@ -1,6 +1,8 @@
-{ pkgs, ... }: {
+{ pkgs, inputs, ... }: {
   imports = [
     ./hardware-configuration.nix
+    "${inputs.nixpkgs}/nixos/modules/profiles/headless.nix"
+    "${inputs.nixpkgs}/nixos/modules/profiles/minimal.nix"
   ];
 
   nix.settings.experimental-features = [ "nix-command" "flakes" ];

From d24f3fc198188e7abc134ab72f055ed75bd664da Mon Sep 17 00:00:00 2001
From: David Crompton <davidcrompton@syzygial.cc>
Date: Tue, 1 Apr 2025 18:51:28 +0000
Subject: [PATCH 4/8] Flake: add microvm

---
 flake.lock                                  | 72 +++++++++++++++++++++
 flake.nix                                   |  5 +-
 machines/pericyte/configuration.nix         |  2 +
 machines/pericyte/microvm-configuration.nix | 44 +++++++++++++
 4 files changed, 122 insertions(+), 1 deletion(-)
 create mode 100644 machines/pericyte/microvm-configuration.nix

diff --git a/flake.lock b/flake.lock
index b08213f..26f0fb9 100644
--- a/flake.lock
+++ b/flake.lock
@@ -36,6 +36,24 @@
         "type": "github"
       }
     },
+    "flake-utils_3": {
+      "inputs": {
+        "systems": "systems_3"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
     "flakey-profile": {
       "locked": {
         "lastModified": 1712898590,
@@ -127,6 +145,28 @@
         "url": "https://git.syzygial.cc/Syzygial/EmacsConfig.git"
       }
     },
+    "microvm": {
+      "inputs": {
+        "flake-utils": "flake-utils_3",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "spectrum": "spectrum"
+      },
+      "locked": {
+        "lastModified": 1743083165,
+        "narHash": "sha256-Fz7AiCJWtoWZ2guJwO3B1h3RuJxYWaCzFIqY0Kmkyrs=",
+        "owner": "astro",
+        "repo": "microvm.nix",
+        "rev": "773d5a04e2e10ca7b412270dea11276a496e1b61",
+        "type": "github"
+      },
+      "original": {
+        "owner": "astro",
+        "repo": "microvm.nix",
+        "type": "github"
+      }
+    },
     "nix-darwin": {
       "inputs": {
         "nixpkgs": [
@@ -185,6 +225,7 @@
         "home-manager": "home-manager",
         "lix-module": "lix-module",
         "me-emacs": "me-emacs",
+        "microvm": "microvm",
         "nix-darwin": "nix-darwin",
         "nixpkgs": "nixpkgs",
         "sops-nix": "sops-nix"
@@ -208,6 +249,22 @@
         "type": "github"
       }
     },
+    "spectrum": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1733308308,
+        "narHash": "sha256-+RcbMAjSxV1wW5UpS9abIG1lFZC8bITPiFIKNnE7RLs=",
+        "ref": "refs/heads/main",
+        "rev": "80c9e9830d460c944c8f730065f18bb733bc7ee2",
+        "revCount": 792,
+        "type": "git",
+        "url": "https://spectrum-os.org/git/spectrum"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://spectrum-os.org/git/spectrum"
+      }
+    },
     "systems": {
       "locked": {
         "lastModified": 1681028828,
@@ -237,6 +294,21 @@
         "repo": "default",
         "type": "github"
       }
+    },
+    "systems_3": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
     }
   },
   "root": "root",
diff --git a/flake.nix b/flake.nix
index 5596ce4..bbb3d4b 100644
--- a/flake.nix
+++ b/flake.nix
@@ -12,9 +12,11 @@
       url = "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0.tar.gz";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    microvm.url = "github:astro/microvm.nix";
+    microvm.inputs.nixpkgs.follows = "nixpkgs";
   };
   
-  outputs = { self, nixpkgs, sops-nix, me-emacs, nix-darwin, home-manager, lix-module }@inputs: let
+  outputs = { self, nixpkgs, sops-nix, me-emacs, nix-darwin, home-manager, lix-module, microvm }@inputs: let
     overlays = import ./overlays/default.nix inputs;
     modules = import ./modules/default.nix inputs;
 
@@ -68,6 +70,7 @@
           ./machines/pericyte/configuration.nix
           modules.sops
           # lix-module.nixosModules.default
+          microvm.nixosModules.host
         ];
       };
     };
diff --git a/machines/pericyte/configuration.nix b/machines/pericyte/configuration.nix
index aca40cf..09d8cd1 100644
--- a/machines/pericyte/configuration.nix
+++ b/machines/pericyte/configuration.nix
@@ -3,6 +3,8 @@
     ./hardware-configuration.nix
     "${inputs.nixpkgs}/nixos/modules/profiles/headless.nix"
     "${inputs.nixpkgs}/nixos/modules/profiles/minimal.nix"
+
+    ./microvm-configuration.nix
   ];
 
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
diff --git a/machines/pericyte/microvm-configuration.nix b/machines/pericyte/microvm-configuration.nix
new file mode 100644
index 0000000..3af81ed
--- /dev/null
+++ b/machines/pericyte/microvm-configuration.nix
@@ -0,0 +1,44 @@
+{ pkgs, ... }: {
+  networking.useNetworkd = true;
+
+  systemd.network.netdevs."10-microvm".netdevConfig = {
+    Kind = "bridge";
+    Name = "microvm";
+  };
+  systemd.network.networks."10-microvm" = {
+    matchConfig.Name = "microvm";
+    networkConfig = {
+      DHCPServer = true;
+      IPv6SendRA = true;
+    };
+    addresses = [ {
+      addressConfig.Address = "10.1.0.1/24";
+    } {
+      addressConfig.Address = "fd12:3456:789a::1/64";
+    } ];
+    ipv6Prefixes = [ {
+      ipv6PrefixConfig.Prefix = "fd12:3456:789a::/64";
+    } ];
+  };
+
+  systemd.network.networks."11-microvm" = {
+    matchConfig.Name = "vm-*";
+    # Attach to the bridge that was configured above
+    networkConfig.Bridge = "microvm";
+  };
+
+  # Allow inbound traffic for the DHCP server
+  networking.firewall.allowedUDPPorts = [ 67 ];
+
+  networking.nat = {
+    enable = true;
+    # NAT66 exists and works. But if you have a proper subnet in
+    # 2000::/3 you should route that and remove this setting:
+    enableIPv6 = true;
+
+    # Change this to the interface with upstream Internet access
+    externalInterface = "ens3";
+    # The bridge where you want to provide Internet access
+    internalInterfaces = [ "microvm" ];
+  };
+}

From 22701fb35acbad6ae8558c63927ea17d90404155 Mon Sep 17 00:00:00 2001
From: David Crompton <davidcrompton@syzygial.cc>
Date: Tue, 1 Apr 2025 18:51:49 +0000
Subject: [PATCH 5/8] Pericyte: Microvm config

---
 machines/pericyte/microvm-configuration.nix | 46 ++-------------------
 1 file changed, 4 insertions(+), 42 deletions(-)

diff --git a/machines/pericyte/microvm-configuration.nix b/machines/pericyte/microvm-configuration.nix
index 3af81ed..ba993fc 100644
--- a/machines/pericyte/microvm-configuration.nix
+++ b/machines/pericyte/microvm-configuration.nix
@@ -1,44 +1,6 @@
 { pkgs, ... }: {
-  networking.useNetworkd = true;
-
-  systemd.network.netdevs."10-microvm".netdevConfig = {
-    Kind = "bridge";
-    Name = "microvm";
-  };
-  systemd.network.networks."10-microvm" = {
-    matchConfig.Name = "microvm";
-    networkConfig = {
-      DHCPServer = true;
-      IPv6SendRA = true;
-    };
-    addresses = [ {
-      addressConfig.Address = "10.1.0.1/24";
-    } {
-      addressConfig.Address = "fd12:3456:789a::1/64";
-    } ];
-    ipv6Prefixes = [ {
-      ipv6PrefixConfig.Prefix = "fd12:3456:789a::/64";
-    } ];
-  };
-
-  systemd.network.networks."11-microvm" = {
-    matchConfig.Name = "vm-*";
-    # Attach to the bridge that was configured above
-    networkConfig.Bridge = "microvm";
-  };
-
-  # Allow inbound traffic for the DHCP server
-  networking.firewall.allowedUDPPorts = [ 67 ];
-
-  networking.nat = {
-    enable = true;
-    # NAT66 exists and works. But if you have a proper subnet in
-    # 2000::/3 you should route that and remove this setting:
-    enableIPv6 = true;
-
-    # Change this to the interface with upstream Internet access
-    externalInterface = "ens3";
-    # The bridge where you want to provide Internet access
-    internalInterfaces = [ "microvm" ];
-  };
+  microvm.autostart = [
+    "vm-starbot"
+    "vm-starbot-dev"
+  ];
 }

From 56367f0e9c9494adf0cfef49c1ac437e3eb73072 Mon Sep 17 00:00:00 2001
From: David Crompton <davidcrompton@syzygial.cc>
Date: Tue, 1 Apr 2025 18:52:30 +0000
Subject: [PATCH 6/8] Pericyte: package: add btop

---
 machines/pericyte/configuration.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/machines/pericyte/configuration.nix b/machines/pericyte/configuration.nix
index 09d8cd1..721d6f6 100644
--- a/machines/pericyte/configuration.nix
+++ b/machines/pericyte/configuration.nix
@@ -11,6 +11,7 @@
 
   environment.systemPackages = with pkgs; [
     git
+    btop
   ];
 
   boot.tmp.cleanOnBoot = true;

From 4ad1613d4503b192a4d734bd789667b56f70b9b0 Mon Sep 17 00:00:00 2001
From: David Crompton <davidcrompton@syzygial.cc>
Date: Fri, 18 Apr 2025 03:27:55 +0000
Subject: [PATCH 7/8] Pericyte: enable basic k3s

---
 machines/pericyte/configuration.nix |  1 +
 machines/pericyte/k3s.nix           | 19 +++++++++++++++++++
 2 files changed, 20 insertions(+)
 create mode 100644 machines/pericyte/k3s.nix

diff --git a/machines/pericyte/configuration.nix b/machines/pericyte/configuration.nix
index 721d6f6..c89a940 100644
--- a/machines/pericyte/configuration.nix
+++ b/machines/pericyte/configuration.nix
@@ -5,6 +5,7 @@
     "${inputs.nixpkgs}/nixos/modules/profiles/minimal.nix"
 
     ./microvm-configuration.nix
+    ./k3s.nix
   ];
 
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
diff --git a/machines/pericyte/k3s.nix b/machines/pericyte/k3s.nix
new file mode 100644
index 0000000..e8e8508
--- /dev/null
+++ b/machines/pericyte/k3s.nix
@@ -0,0 +1,19 @@
+{ pkgs, ... }: {
+  networking.firewall = {
+    allowedTCPPorts = [
+      6443 # k3s: required so that pods can reach the API server (running on port 6443 by default)
+      # 2379 # k3s, etcd clients: required if using a "High Availability Embedded etcd" configuration
+      # 2380 # k3s, etcd peers: required if using a "High Availability Embedded etcd" configuration
+    ];
+    allowedUDPPorts = [
+      # 8472 # k3s, flannel: required if using multi-node for inter-node networking
+    ];
+  };
+  services.k3s = {
+    enable = true;
+    role = "server";
+    extraFlags = toString [
+      # "--debug" # Optionally add additional args to k3s
+    ];
+  };
+}

From 827f98791a3ac2ec7933cc90f58a1ffb0dad8c5a Mon Sep 17 00:00:00 2001
From: David Crompton <davidcrompton@duck.com>
Date: Sat, 26 Apr 2025 13:11:10 -0400
Subject: [PATCH 8/8] universedesktop:  Vulkan beta no longer needed

---
 machines/universedesktop/desktop/graphics.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/machines/universedesktop/desktop/graphics.nix b/machines/universedesktop/desktop/graphics.nix
index f259404..fa6c7d8 100644
--- a/machines/universedesktop/desktop/graphics.nix
+++ b/machines/universedesktop/desktop/graphics.nix
@@ -9,7 +9,7 @@
       powerManagement.finegrained = false;
       nvidiaSettings = true;
       open = true;
-      package = config.boot.kernelPackages.nvidiaPackages.vulkan_beta;
+      # package = config.boot.kernelPackages.nvidiaPackages.vulkan_beta;
       #package = let 
       #  rcu_patch = pkgs.fetchpatch {
       #    url = "https://github.com/gentoo/gentoo/raw/c64caf53/x11-drivers/nvidia-drivers/files/nvidia-drivers-470.223.02-gpl-pfn_valid.patch";