Update hosts/docker/configuration.nix

common/home.nix

@@ -11,7 +11,7 @@ in {
 
   home.username = "nixos";         # your actual username
   home.homeDirectory = "/home/nixos";
-  home.stateVersion = "25.05";        # match your NixOS stateVersion
+  home.stateVersion = "25.11";        # match your NixOS stateVersion
 
   programs.home-manager.enable = true;  # mandatory to activate HM
   

flake.nix

@@ -3,14 +3,14 @@
   description = "LAN NixOS configs";
       nixConfig = {
         access-tokens = [
-          "github.com=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"
+          "github.com=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"
         ];
       };          
   inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
     nixos-conf-editor.url = "github:snowfallorg/nixos-conf-editor";
     home-manager = {
-      url = "github:nix-community/home-manager/release-24.11";
+      url = "github:nix-community/home-manager/release-25.11";
       inputs.nixpkgs.follows = "nixpkgs";
     };
   };

hosts/docker/configuration.nix

@@ -18,8 +18,20 @@ in
     ];
 
   networking.hostName = "docker"; # Define your hostname.
-  virtualisation.docker.enable = true;
+#  virtualisation.docker.enable = true;
+  virtualisation.docker = {
+  enable = true;
+#  listenOptions = [
+#  "unix:///var/run/docker.sock"
+#  "tcp://0.0.0.0:2375"
+#];
 
+#  daemon.settings = {
+#    metrics-addr = "0.0.0.0:9323";
+#    experimental = true;
+#  };
+};
+  services.tailscale.enable = true;
   # Enable docker-compose
   environment.systemPackages = with pkgs; [
   docker-compose
@@ -123,7 +135,7 @@ system.userActivationScripts.createSetupSymlink.text = ''
   services.openssh.settings.PermitRootLogin = "yes";
 
   # Open ports in the firewall.
-  networking.firewall.allowedTCPPorts = [ 80 8080 443 ];
+  networking.firewall.allowedTCPPorts = [ 80 8080 443 9323 ];
   # networking.firewall.allowedUDPPorts = [ ... ];
   # Or disable the firewall altogether.
   # networking.firewall.enable = false;

hosts/nix-cache/configuration.nix

@@ -22,6 +22,10 @@
       locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
     };
   };
+services.prometheus.exporters.node = {
+  enable = true;
+  openFirewall = true;
+};
 
   networking.firewall.allowedTCPPorts = [ config.services.nginx.defaultHTTPListenPort ];
   # Open ports in the firewall.

hosts/server/configuration.nix

@@ -109,10 +109,13 @@ systemd.timers.backup = {
   # NAT: lets LAN devices reply to the Pi without needing routes on the LAN router
   networking.nat = {
     enable = true;
-    externalInterface = "ens18";
+    externalInterface = "enp0s18";
     internalInterfaces = [ "wg0" ];
   };
-
+services.prometheus.exporters.node = {
+  enable = true;
+  openFirewall = true;
+};
 
   services.openssh.settings.PermitRootLogin = "yes";
   # Open ports in the firewall.