...

29 files changed, 274 insertions, 238 deletions

diff --git a/_sources/generated.json b/_sources/generated.json
index dcbde8b1..3f08cb6a 100644
--- a/_sources/generated.json
+++ b/_sources/generated.json
@@ -1,6 +1,7 @@
 {
     "afew": {
         "cargoLocks": null,
+        "date": "2021-05-30",
         "extract": null,
         "name": "afew",
         "passthru": null,
@@ -20,6 +21,7 @@
     },
     "emacs-scratch_el": {
         "cargoLocks": null,
+        "date": "2015-09-10",
         "extract": null,
         "name": "emacs-scratch_el",
         "passthru": null,
@@ -37,27 +39,9 @@
         },
         "version": "0077334cc299aa7885f804d88f52cdb1b35caf71"
     },
-    "fast-cli": {
-        "cargoLocks": null,
-        "extract": null,
-        "name": "fast-cli",
-        "passthru": null,
-        "pinned": false,
-        "src": {
-            "deepClone": false,
-            "fetchSubmodules": false,
-            "leaveDotGit": false,
-            "name": null,
-            "owner": "gesquive",
-            "repo": "fast-cli",
-            "rev": "v0.2.10",
-            "sha256": "sha256-j7/3Llc3jTeJGpOH3Aexm9qcNscuk0mbi4ZCCyzC3+s=",
-            "type": "github"
-        },
-        "version": "v0.2.10"
-    },
     "lesspipe": {
         "cargoLocks": null,
+        "date": null,
         "extract": null,
         "name": "lesspipe",
         "passthru": null,
@@ -72,6 +56,7 @@
     },
     "mpv-autosave": {
         "cargoLocks": null,
+        "date": "2020-10-22",
         "extract": null,
         "name": "mpv-autosave",
         "passthru": null,
@@ -90,6 +75,7 @@
     },
     "mpv-chapterskip": {
         "cargoLocks": null,
+        "date": "2022-09-08",
         "extract": null,
         "name": "mpv-chapterskip",
         "passthru": null,
@@ -109,6 +95,7 @@
     },
     "mpv-createchapter": {
         "cargoLocks": null,
+        "date": "2020-09-05",
         "extract": null,
         "name": "mpv-createchapter",
         "passthru": null,
@@ -128,6 +115,7 @@
     },
     "mpv-mpris": {
         "cargoLocks": null,
+        "date": null,
         "extract": null,
         "name": "mpv-mpris",
         "passthru": null,
@@ -147,6 +135,7 @@
     },
     "mpv-reload": {
         "cargoLocks": null,
+        "date": "2022-01-27",
         "extract": null,
         "name": "mpv-reload",
         "passthru": null,
@@ -166,6 +155,7 @@
     },
     "postfix-mta-sts-resolver": {
         "cargoLocks": null,
+        "date": null,
         "extract": null,
         "name": "postfix-mta-sts-resolver",
         "passthru": null,
@@ -180,6 +170,7 @@
     },
     "postfwd": {
         "cargoLocks": null,
+        "date": null,
         "extract": null,
         "name": "postfwd",
         "passthru": null,
@@ -194,6 +185,7 @@
     },
     "psql-versioning": {
         "cargoLocks": null,
+        "date": "2020-02-18",
         "extract": null,
         "name": "psql-versioning",
         "passthru": null,
@@ -212,20 +204,22 @@
     },
     "smartprom": {
         "cargoLocks": null,
+        "date": null,
         "extract": null,
         "name": "smartprom",
         "passthru": null,
         "pinned": false,
         "src": {
             "name": null,
-            "sha256": "sha256-VbpFvDBygJswUfmufVjo/xXxDDmXLq/0D9ln8u+139E=",
+            "sha256": "sha256-l2Mg/WQZ34a6SEcftIroZglgMS6faNFTRnhPgyZNt+I=",
             "type": "url",
-            "url": "https://github.com/matusnovak/prometheus-smartctl/archive/refs/tags/v2.1.0.tar.gz"
+            "url": "https://github.com/matusnovak/prometheus-smartctl/archive/refs/tags/v2.2.0.tar.gz"
         },
-        "version": "2.1.0"
+        "version": "2.2.0"
     },
     "uhk-agent": {
         "cargoLocks": null,
+        "date": null,
         "extract": null,
         "name": "uhk-agent",
         "passthru": null,
@@ -240,6 +234,7 @@
     },
     "v4l2loopback": {
         "cargoLocks": null,
+        "date": "2022-08-05",
         "extract": null,
         "name": "v4l2loopback",
         "passthru": null,
@@ -259,6 +254,7 @@
     },
     "xcompose": {
         "cargoLocks": null,
+        "date": "2022-09-14",
         "extract": null,
         "name": "xcompose",
         "passthru": null,
@@ -270,10 +266,10 @@
             "name": null,
             "owner": "kragen",
             "repo": "xcompose",
-            "rev": "150c47fabb9f45e81138f71347dc75f69b5dd987",
-            "sha256": "sha256-XQ0ZuXGvDLz9fJ0yGHtgL4wl9Jx3SG30cGBM2b947iY=",
+            "rev": "cd8d3e622f547ec9f83d7f64f51d4a27ee812681",
+            "sha256": "sha256-fkl2lDv/DdrqPjVsEUKSRD3BNGwTjTsA0ovI8akFI6U=",
             "type": "github"
         },
-        "version": "150c47fabb9f45e81138f71347dc75f69b5dd987"
+        "version": "cd8d3e622f547ec9f83d7f64f51d4a27ee812681"
     }
 }
\ No newline at end of file
diff --git a/_sources/generated.nix b/_sources/generated.nix
index a77cb5d8..e472a8e8 100644
--- a/_sources/generated.nix
+++ b/_sources/generated.nix
@@ -13,6 +13,7 @@
       leaveDotGit = true;
       sha256 = "sha256-Ipt/EvksMFihSo6t2aoQkjuxAEYdY6P4f1fhLJuGl3g=";
     });
+    date = "2021-05-30";
   };
   emacs-scratch_el = {
     pname = "emacs-scratch_el";
@@ -24,17 +25,7 @@
       fetchSubmodules = false;
       sha256 = "sha256-FUkKJ+1COGzgllzzv51yUIjMZI6slOFVExdwWl2ZEBA=";
     });
-  };
-  fast-cli = {
-    pname = "fast-cli";
-    version = "v0.2.10";
-    src = fetchFromGitHub ({
-      owner = "gesquive";
-      repo = "fast-cli";
-      rev = "v0.2.10";
-      fetchSubmodules = false;
-      sha256 = "sha256-j7/3Llc3jTeJGpOH3Aexm9qcNscuk0mbi4ZCCyzC3+s=";
-    });
+    date = "2015-09-10";
   };
   lesspipe = {
     pname = "lesspipe";
@@ -55,6 +46,7 @@
       leaveDotGit = false;
       sha256 = "sha256-yxA8wgzdS7SyKLoNTWN87ShsBfPKUflbOu4Y0jS2G3I=";
     };
+    date = "2020-10-22";
   };
   mpv-chapterskip = {
     pname = "mpv-chapterskip";
@@ -66,6 +58,7 @@
       fetchSubmodules = false;
       sha256 = "sha256-OTrLQE3rYvPQamEX23D6HttNjx3vafWdTMxTiWpDy90=";
     });
+    date = "2022-09-08";
   };
   mpv-createchapter = {
     pname = "mpv-createchapter";
@@ -77,6 +70,7 @@
       fetchSubmodules = false;
       sha256 = "sha256-rPtG7mgf7tOY8Ih4Bz1tpd4MwXOxJmngjY+s70zWX+g=";
     });
+    date = "2020-09-05";
   };
   mpv-mpris = {
     pname = "mpv-mpris";
@@ -99,6 +93,7 @@
       fetchSubmodules = false;
       sha256 = "sha256-+DoKPIulQA3VSeXo8DjoxnPwDfcuCO5YHpXmB+M7EWk=";
     });
+    date = "2022-01-27";
   };
   postfix-mta-sts-resolver = {
     pname = "postfix-mta-sts-resolver";
@@ -127,13 +122,14 @@
       leaveDotGit = false;
       sha256 = "sha256-j+njRssJHTdNV3FbcA3MdUmzCaJxuYBrC0qwtK3HoyY=";
     };
+    date = "2020-02-18";
   };
   smartprom = {
     pname = "smartprom";
-    version = "2.1.0";
+    version = "2.2.0";
     src = fetchurl {
-      url = "https://github.com/matusnovak/prometheus-smartctl/archive/refs/tags/v2.1.0.tar.gz";
-      sha256 = "sha256-VbpFvDBygJswUfmufVjo/xXxDDmXLq/0D9ln8u+139E=";
+      url = "https://github.com/matusnovak/prometheus-smartctl/archive/refs/tags/v2.2.0.tar.gz";
+      sha256 = "sha256-l2Mg/WQZ34a6SEcftIroZglgMS6faNFTRnhPgyZNt+I=";
     };
   };
   uhk-agent = {
@@ -154,16 +150,18 @@
       fetchSubmodules = true;
       sha256 = "sha256-c6g63jW+a+v/TxLD9NnQGn/aUgivwVkxzP+hZ65w2/o=";
     });
+    date = "2022-08-05";
   };
   xcompose = {
     pname = "xcompose";
-    version = "150c47fabb9f45e81138f71347dc75f69b5dd987";
+    version = "cd8d3e622f547ec9f83d7f64f51d4a27ee812681";
     src = fetchFromGitHub ({
       owner = "kragen";
       repo = "xcompose";
-      rev = "150c47fabb9f45e81138f71347dc75f69b5dd987";
+      rev = "cd8d3e622f547ec9f83d7f64f51d4a27ee812681";
       fetchSubmodules = false;
-      sha256 = "sha256-XQ0ZuXGvDLz9fJ0yGHtgL4wl9Jx3SG30cGBM2b947iY=";
+      sha256 = "sha256-fkl2lDv/DdrqPjVsEUKSRD3BNGwTjTsA0ovI8akFI6U=";
     });
+    date = "2022-09-14";
   };
 }
diff --git a/accounts/gkleen@sif/systemd.nix b/accounts/gkleen@sif/systemd.nix
index 819c1ff6..2fba0404 100644
--- a/accounts/gkleen@sif/systemd.nix
+++ b/accounts/gkleen@sif/systemd.nix
@@ -48,7 +48,7 @@ in {
         Type = "oneshot";
         WorkingDirectory = "~";
         ExecStart = toString (pkgs.writers.writePython3 "sync-keepass" {
-          libraries = with pkgs.python3Packages; [ dateutil ];
+          libraries = with pkgs.python3Packages; [ python-dateutil ];
         } ''
           import json
           import subprocess
diff --git a/flake.lock b/flake.lock
index 7a0dd9c1..e76b90cb 100644
--- a/flake.lock
+++ b/flake.lock
@@ -59,11 +59,11 @@
     },
     "flake-utils_2": {
       "locked": {
-        "lastModified": 1649676176,
-        "narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=",
+        "lastModified": 1659877975,
+        "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "a4b154ebbdc88c8498a5c7b01589addc9e9cb678",
+        "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
         "type": "github"
       },
       "original": {
@@ -80,11 +80,11 @@
         "utils": "utils_2"
       },
       "locked": {
-        "lastModified": 1662759269,
-        "narHash": "sha256-lt8bAfEZudCQb+MxoNKmenhMTXhu3RCCyLYxU9t5FFk=",
+        "lastModified": 1664573442,
+        "narHash": "sha256-AovlSIuJfMf8n9QLNUVtsCul+NVHIoen7APH2fLls3k=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "9f7fe353b613d0e45d7a5cdbd1f13c96c15803dd",
+        "rev": "a7f0cc2d7b271b4a5df9b9e351d556c172f7e903",
         "type": "github"
       },
       "original": {
@@ -121,11 +121,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1663071011,
-        "narHash": "sha256-HjPb5iEwKwyNpnkn4Wo2hptAU5TAmfXd30mxemXPBtg=",
+        "lastModified": 1664729105,
+        "narHash": "sha256-jriM5XldII1rs3v4EWPqHYZdmyRxqE6pRUlINxNwVE8=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "0caf7675ec9b90ab9ad309d7a993a13798eeaa26",
+        "rev": "15ffd20e8c26a23e95293d15dcb25237aa44cb1c",
         "type": "github"
       },
       "original": {
@@ -137,11 +137,11 @@
     },
     "nixpkgs-22_05": {
       "locked": {
-        "lastModified": 1662864125,
-        "narHash": "sha256-AtjyEFK7Zp9+hOOUNO1/YZRADV/wC94R3yeKN8saUK4=",
+        "lastModified": 1664201777,
+        "narHash": "sha256-cUW9DqELUNi1jNMwVSbfq4yl5YGyOfeu+UHUUImbby0=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "e6f053b6079c16e7df97531e3e0524ace1304d4d",
+        "rev": "00f877f4927b6f7d7b75731b5a1e2ae7324eaf14",
         "type": "github"
       },
       "original": {
@@ -162,11 +162,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1654975372,
-        "narHash": "sha256-wkNZ16akgKViuZzE/IM+bux4uaJ04KIwUeexH8gBjgw=",
+        "lastModified": 1664550666,
+        "narHash": "sha256-eXfMRd9uItEp3PsYI31FSVGPG9dVC6yF++65ZrGwW8A=",
         "owner": "berberman",
         "repo": "nvfetcher",
-        "rev": "d4b237c10f14f72f8266b0f658faad822e491e55",
+        "rev": "9763ad40d59a044e90726653d9253efaeeb053b2",
         "type": "github"
       },
       "original": {
@@ -179,11 +179,11 @@
     "pypi-deps-db": {
       "flake": false,
       "locked": {
-        "lastModified": 1663059297,
-        "narHash": "sha256-JaD4mhUOLJRNaepE50fOUfaSYRNwMhobyj8HGIxosiQ=",
+        "lastModified": 1664698977,
+        "narHash": "sha256-Jqeg42mhfge4CJ/cHJTEpxY7RWAaVoxG7tgc9LTeVsQ=",
         "owner": "DavHau",
         "repo": "pypi-deps-db",
-        "rev": "8aa6ec60bf7ed12c1e1705a2f28be63d8eee4386",
+        "rev": "b4f1bfd3534e076a9a790df2c88226abc5bc8278",
         "type": "github"
       },
       "original": {
@@ -212,11 +212,11 @@
         "nixpkgs-22_05": "nixpkgs-22_05"
       },
       "locked": {
-        "lastModified": 1662870301,
-        "narHash": "sha256-O+ABD+WzEBLVH6FwxKCIpps0hsR6b5dpYe6fB3e3Ju8=",
+        "lastModified": 1664204020,
+        "narHash": "sha256-LAey3hr8b9EAt3n304Wt9Vm4uQFd8pSRtLX8leuYFDs=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "20929e1c5722a6db2f2dbe4cd36d4af0de0a9df0",
+        "rev": "912f9ff41fd9353dec1f783170793699789fe9aa",
         "type": "github"
       },
       "original": {
@@ -243,11 +243,11 @@
     },
     "utils_2": {
       "locked": {
-        "lastModified": 1653893745,
-        "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=",
+        "lastModified": 1659877975,
+        "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1",
+        "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index defcd864..43825563 100644
--- a/flake.nix
+++ b/flake.nix
@@ -157,7 +157,10 @@
 
       # systemsSelector = "x86_64-linux";
       # systems = filter (system: !(isNull (builtins.match systemsSelector system))) nixpkgs.lib.systems.flakeExposed;
-      systems = nixpkgs.lib.systems.flakeExposed;
+      systems =
+        let
+          disallowedSystems = ["armv5tel-linux"];
+        in filter (system: !(elem system disallowedSystems)) nixpkgs.lib.systems.flakeExposed;
       nixpkgsPackages = localSystem: (makeOverridable (import (nixpkgs.outPath + "/pkgs/top-level"))) { inherit localSystem; };
       forAllSystems = f: mapAttrs f (genAttrs systems nixpkgsPackages);
       forAllUsers = genAttrs (unique (map accountUserName (attrNames self.nixosModules.accounts)));
@@ -167,20 +170,18 @@
 
       overlayPaths = nixImport rec { dir = ./overlays; _import = (path: _name: dir + "/${path}"); };
 
-      installerProfiles = system:
-        let nixpkgs-path = nixpkgs.outPath;
-        in mapAttrs (name: {path, output}: { profile = mkSystemProfile nixpkgs-path path "installer-${name}"; inherit output; })
-          { cd-dvd = { path = "nixos/modules/installer/cd-dvd/installation-cd-minimal.nix"; output = out: out.config.system.build.isoImage; };
-            netboot = { path = "nixos/modules/installer/netboot/netboot-minimal.nix"; output = out: (self.legacyPackages.${system}.symlinkJoin { name = "netboot"; paths = with out.config.system.build; [ netbootRamdisk kernel netbootIpxeScript ]; preferLocalBuild = true; }); };
-          };
+      installerProfiles = nixImport rec {
+        dir = ./installer-profiles;
+        _import = path: name: mkSystemProfile dir path "installer-${name}";
+      };
 
       installerConfig = if pathExists ./installer.nix then "installer.nix" else (if pathExists ./installer then "installer" else null);
       mkInstallerForSystem = system: (lib.systems.elaborate system).isLinux;
       installers =
-        let mkInstallers = system: mapAttrs (mkInstaller system) (installerProfiles system);
-            mkInstaller = system: name: {profile, output}: let mkOutput = output; in rec { config = mkNixosConfiguration [profile { config = { nixpkgs.system = system; }; }] ./. installerConfig "installer"; output = mkOutput config; };
+        let mkInstallers = system: mapAttrs (mkInstaller system) installerProfiles;
+            mkInstaller = system: name: profile: mkNixosConfiguration [profile { config = { nixpkgs.system = system; }; }] ./. installerConfig "installer";
         in forAllSystems (system: _systemPkgs: optionalAttrs (!(isNull installerConfig) && mkInstallerForSystem system) (mkInstallers system));
-      installerNixosConfigurations = listToAttrs (concatLists (mapAttrsToList (system: mapAttrsToList (profile: { config, ... }: nameValuePair ("installer-${system}-${profile}") config)) installers));
+      installerNixosConfigurations = listToAttrs (concatLists (mapAttrsToList (system: mapAttrsToList (profile: config: nameValuePair ("installer-${system}-${profile}") config)) installers));
 
       # packages = forAllSystems (system: systemPkgs: composeManyExtensions (attrValues self.overlays) self.legacyPackages.${system} systemPkgs);
 
diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix
index b4713736..b38a387c 100644
--- a/hosts/sif/default.nix
+++ b/hosts/sif/default.nix
@@ -290,7 +290,7 @@ in {
 
     services = {
       udev.packages = with pkgs; [ uhk-agent ];
-      
+
       # tinc.yggdrasil.enable = true;
 
       uucp = {
@@ -313,9 +313,9 @@ in {
       fprintd.enable = true;
 
       blueman.enable = true;
-    
+
       colord.enable = true;
-    
+
       vnstat.enable = true;
 
       upower.enable = true;
@@ -468,8 +468,8 @@ in {
 
     hardware = {
       bluetooth = {
-        enable = true;   
-        package = pkgs.bluezFull;
+        enable = true;
+        package = pkgs.bluez;
         settings = {
           General = {
             Enable = "Source,Sink,Media,Socket";
@@ -510,12 +510,14 @@ in {
       daemonCPUSchedPolicy = "idle";
       daemonIOSchedClass = "idle";
 
-      buildServers.vidhar = {
+      buildServers.vidhar = let
+        vidhar = flake.nixosConfigurations.vidhar;
+      in {
         address = "vidhar.yggdrasil";
-        systems = ["x86_64-linux" "i686-linux"];
+        systems = [vidhar.config.nixpkgs.system] ++ vidhar.config.nix.settings.extra-platforms;
+        supportedFeatures = vidhar.config.nix.settings.system-features;
         maxJobs = 12;
         speedFactor = 4;
-        supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"];
       };
     };
 
diff --git a/hosts/surtr/vpn/default.nix b/hosts/surtr/vpn/default.nix
index cad3b5b4..7f3065f7 100644
--- a/hosts/surtr/vpn/default.nix
+++ b/hosts/surtr/vpn/default.nix
@@ -143,9 +143,9 @@ in {
         serviceConfig = {
           Type = "oneshot";
           RemainAfterExit = true;
-          ExecStop = "${pkgs.iproute}/bin/ip netns exec vpn ip link delete upstream";
+          ExecStop = "${pkgs.iproute2}/bin/ip netns exec vpn ip link delete upstream";
         };
-        path = with pkgs; [ iproute procps ];
+        path = with pkgs; [ iproute2 procps ];
         script = ''
           ip netns exec vpn sysctl \
             net.ipv6.conf.all.forwarding=1 \
diff --git a/hosts/vidhar/borg/default.nix b/hosts/vidhar/borg/default.nix
index 650c91ee..79c75c4d 100644
--- a/hosts/vidhar/borg/default.nix
+++ b/hosts/vidhar/borg/default.nix
@@ -57,7 +57,7 @@ let
 
     buildInputs = with pkgs; [makeWrapper];
 
-    python = inpPython.withPackages (ps: with ps; [humanize tqdm dateutil xdg python-unshare pyprctl halo]);
+    python = inpPython.withPackages (ps: with ps; [humanize tqdm python-dateutil xdg python-unshare pyprctl halo]);
 
     buildPhase = ''
       substitute $src copy \
@@ -74,7 +74,7 @@ let
         copy
 
       wrapProgram $out/bin/copy \
-        --prefix PATH : ${makeBinPath (with pkgs; [utillinux borgbackup])}:${config.security.wrapperDir}
+        --prefix PATH : ${makeBinPath (with pkgs; [util-linux borgbackup])}:${config.security.wrapperDir}
     '';
   });
 
@@ -93,7 +93,7 @@ let
     '';
     postInstall = ''
       wrapProgram $out/bin/borgsnap \
-        --prefix PATH : ${makeBinPath (with pkgs; [utillinux borgbackup])}:${config.security.wrapperDir}
+        --prefix PATH : ${makeBinPath (with pkgs; [util-linux borgbackup])}:${config.security.wrapperDir}
     '';
 
     providers.python-unshare = "nixpkgs";
diff --git a/hosts/vidhar/network/dhcp/default.nix b/hosts/vidhar/network/dhcp/default.nix
index 067dc6d6..e14b15ac 100644
--- a/hosts/vidhar/network/dhcp/default.nix
+++ b/hosts/vidhar/network/dhcp/default.nix
@@ -1,4 +1,7 @@
 { flake, config, pkgs, lib, ... }:
+
+with lib;
+
 {
   config = {
     services.kea = {
@@ -23,7 +26,7 @@
             { name = "ipxe";
               test = "option[77].hex == 'iPXE'";
               next-server = "10.141.0.1";
-              boot-file-name = "netboot.ipxe";
+              boot-file-name = "installer-x86_64-linux/netboot.ipxe";
               only-if-required = true;
             }
             { name = "uefi-64";
@@ -146,7 +149,7 @@
               pools = [ { pool = "10.141.2.128 - 10.141.2.254"; } ];
               reservations = [];
             }
-          ]; 
+          ];
         };
       };
       # dhcp6 = {
@@ -195,16 +198,16 @@
     };
 
     systemd.services.kea-dhcp-ddns-server = {
-      preStart = let 
+      preStart = let
         configLines = [
           "<?include \"\${CREDENTIALS_DIRECTORY}/knot-tsig.json.frag\"?>"
-        ] ++ lib.mapAttrsToList (k: v:
+        ] ++ mapAttrsToList (k: v:
           "\"${k}\": ${builtins.toJSON v}"
         ) config.services.kea.dhcp-ddns.settings;
 
         config-template = pkgs.writeText "dhcp-ddns.conf" ''
           {"DhcpDdns": {
-            ${lib.concatStringsSep ",\n  " configLines}
+            ${concatStringsSep ",\n  " configLines}
           }}
         '';
       in ''
@@ -212,8 +215,8 @@
       '';
 
       serviceConfig = {
-        ExecStart = lib.mkForce ''
-          ${pkgs.kea}/bin/kea-dhcp-ddns -c "''${RUNTIME_DIRECTORY}/dhcp-ddns.conf" ${lib.escapeShellArgs config.services.kea.dhcp-ddns.extraArgs}
+        ExecStart = mkForce ''
+          ${pkgs.kea}/bin/kea-dhcp-ddns -c "''${RUNTIME_DIRECTORY}/dhcp-ddns.conf" ${escapeShellArgs config.services.kea.dhcp-ddns.extraArgs}
         '';
         LoadCredential = [
           "knot-tsig.json.frag:${config.sops.secrets."kea-knot-tsig.json.frag".path}"
@@ -226,26 +229,53 @@
       sopsFile = ./knot-tsig.json.frag;
     };
 
-    systemd.services."installer-atftpd" = {
-      description = "TFTP Server for PXE Booting NixOS Installer";
+    systemd.services."pxe-atftpd" = {
+      description = "TFTP Server for PXE Booting";
       after = [ "network.target" ];
       wantedBy = [ "multi-user.target" ];
       serviceConfig.ExecStart = let
-        installerBuild = flake.nixosConfigurations.installer-x86_64-linux-netboot.config.system.build;
         ipxe = pkgs.ipxe.override {
           additionalTargets = {
             "bin-i386-efi/ipxe.efi" = "i386-ipxe.efi";
           };
         };
-        tftpRoot = pkgs.runCommandLocal "installer-netboot" {} ''
+        tftpRoot = pkgs.runCommandLocal "netboot" {} ''
           mkdir -p $out
           install -m 0444 -t $out \
-            ${installerBuild.netbootRamdisk}/initrd \
-            ${installerBuild.kernel}/bzImage \
-            ${installerBuild.netbootIpxeScript}/netboot.ipxe \
             ${ipxe}/ipxe.efi ${ipxe}/i386-ipxe.efi ${ipxe}/undionly.kpxe
+
+          ${concatMapStringsSep "\n" (system:
+            let
+              installerBuild = (flake.nixosConfigurations.${"installer-${system}-nfsroot"}.extendModules {
+                modules = [
+                  ({ ... }: { config.nfsroot.storeDevice = "vidhar:nix-store"; })
+                ];
+              }).config.system.build;
+            in ''
+              mkdir -p $out/installer-${system}
+              install -m 0444 -t $out/installer-${system} \
+                ${installerBuild.initialRamdisk}/initrd \
+                ${installerBuild.kernel}/bzImage \
+                ${installerBuild.netbootIpxeScript}/netboot.ipxe
+            ''
+          ) ["x86_64-linux"]}
         '';
       in "${pkgs.atftp}/sbin/atftpd --daemon --no-fork --bind-address=10.141.0.1 ${tftpRoot}";
     };
+
+    services.nfs.server = {
+      enable = true;
+      createMountPoints = true;
+      exports = ''
+        /export/nix-root 10.141.0.0/24(ro)
+      '';
+    };
+
+    fileSystems = {
+      "/export/nix-root" = {
+        device = "/nix/store";
+        options = [ "bind" ];
+      };
+    };
   };
 }
diff --git a/hosts/vidhar/network/dsl.nix b/hosts/vidhar/network/dsl.nix
index a5f4daf2..461e74d2 100644
--- a/hosts/vidhar/network/dsl.nix
+++ b/hosts/vidhar/network/dsl.nix
@@ -11,7 +11,7 @@ in {
       default = "dsl";
     };
   };
-  
+
   config = {
     networking.vlans = {
       telekom = {
@@ -19,7 +19,7 @@ in {
         interface = "eno2";
       };
     };
-    
+
     services.pppd = {
       enable = true;
       peers.telekom.config = ''
@@ -40,7 +40,7 @@ in {
     };
     systemd.services."pppd-telekom" = {
       stopIfChanged = true;
-      
+
       serviceConfig = lib.mkForce {
         Type = "notify";
         PIDFile = "/run/pppd/${pppInterface}.pid";
@@ -62,7 +62,7 @@ in {
       "ppp/ip-up" = {
         text = ''
           #!${pkgs.runtimeShell}
-          ${pkgs.iproute}/bin/ip route add default via "$5" dev "${pppInterface}" metric 512
+          ${pkgs.iproute2}/bin/ip route add default via "$5" dev "${pppInterface}" metric 512
         '';
         mode = "0555";
       };
diff --git a/hosts/vidhar/prometheus/default.nix b/hosts/vidhar/prometheus/default.nix
index 7ac86c30..8e5ff0ea 100644
--- a/hosts/vidhar/prometheus/default.nix
+++ b/hosts/vidhar/prometheus/default.nix
@@ -61,9 +61,12 @@ in {
         };
         apcupsd.enable = true;
         systemd = {
-          enable = true;
+          enable = false; # TODO
           extraFlags = [
-            "--collector.unit-whitelist=(dhcpcd-dsl|pppd-telekom|corerad|ndppd)\.service"
+            "--systemd.collector.unit-include=(dhcpcd-dsl|pppd-telekom|corerad|ndppd)\.service"
+            "--systemd.collector.enable-restart-count"
+            "--systemd.collector.enable-file-descriptor-size"
+            "--systemd.collector.enable-ip-accounting"
           ];
         };
         blackbox = {
diff --git a/installer-profiles/cd-dvd.nix b/installer-profiles/cd-dvd.nix
new file mode 100644
index 00000000..45291bad
--- /dev/null
+++ b/installer-profiles/cd-dvd.nix
@@ -0,0 +1,7 @@
+{ flakeInputs, ... }:
+
+{
+  imports = [
+    "${flakeInputs.nixpkgs.outPath}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix"
+  ];
+}
diff --git a/installer-profiles/netboot.nix b/installer-profiles/netboot.nix
new file mode 100644
index 00000000..28e8084d
--- /dev/null
+++ b/installer-profiles/netboot.nix
@@ -0,0 +1,7 @@
+{ flakeInputs, ... }:
+
+{
+  imports = [
+    "${flakeInputs.nixpkgs.outPath}/nixos/modules/installer/netboot/netboot-minimal.nix"
+  ];
+}
diff --git a/installer-profiles/nfsroot.nix b/installer-profiles/nfsroot.nix
new file mode 100644
index 00000000..9db415a8
--- /dev/null
+++ b/installer-profiles/nfsroot.nix
@@ -0,0 +1,95 @@
+{ config, pkgs, lib, flakeInputs, ... }:
+
+with lib;
+
+let
+  cfg = config.nfsroot;
+in {
+  imports = [
+    "${flakeInputs.nixpkgs.outPath}/nixos/modules/profiles/minimal.nix"
+    "${flakeInputs.nixpkgs.outPath}/nixos/modules/profiles/all-hardware.nix"
+    "${flakeInputs.nixpkgs.outPath}/nixos/modules/profiles/base.nix"
+    "${flakeInputs.nixpkgs.outPath}/nixos/modules/profiles/installation-device.nix"
+  ];
+
+  options = {
+    nfsroot = {
+      storeDevice = mkOption {
+        type = types.str;
+      };
+    };
+  };
+
+  config = {
+    # Don't build the GRUB menu builder script, since we don't need it
+    # here and it causes a cyclic dependency.
+    boot.loader.grub.enable = false;
+
+    # !!! Hack - attributes expected by other modules.
+    environment.systemPackages = [ pkgs.grub2_efi ]
+      ++ (if pkgs.stdenv.hostPlatform.system == "aarch64-linux"
+          then []
+          else [ pkgs.grub2 pkgs.syslinux ]);
+
+    fileSystems."/" = mkImageMediaOverride
+      { fsType = "tmpfs";
+        options = [ "mode=0755" ];
+      };
+
+    # In stage 1, mount a tmpfs on top of /nix/store (the squashfs
+    # image) to make this a live CD.
+    fileSystems."/nix/.ro-store" = mkImageMediaOverride
+      { fsType = "nfs4";
+        device = cfg.storeDevice;
+        options = [ "ro" ];
+        neededForBoot = true;
+      };
+
+    fileSystems."/nix/.rw-store" = mkImageMediaOverride
+      { fsType = "tmpfs";
+        options = [ "mode=0755" ];
+        neededForBoot = true;
+      };
+
+    fileSystems."/nix/store" = mkImageMediaOverride
+      { fsType = "overlay";
+        device = "overlay";
+        options = [
+          "lowerdir=/nix/.ro-store"
+          "upperdir=/nix/.rw-store/store"
+          "workdir=/nix/.rw-store/work"
+        ];
+
+        depends = [
+          "/nix/.ro-store"
+          "/nix/.rw-store/store"
+          "/nix/.rw-store/work"
+        ];
+      };
+
+    boot.initrd.availableKernelModules = [ "nfs" "nfsv4" "overlay" ];
+    boot.initrd.supportedFilesystems = [ "nfs" "nfsv4" "overlay" ];
+
+    boot.initrd.network.enable = true;
+    boot.initrd.network.flushBeforeStage2 = false; # otherwise nfs dosen't work
+    networking.useDHCP = true;
+
+
+    system.build.netbootIpxeScript = pkgs.writeTextDir "netboot.ipxe" ''
+      #!ipxe
+      # Use the cmdline variable to allow the user to specify custom kernel params
+      # when chainloading this script from other iPXE scripts like netboot.xyz
+      kernel ${pkgs.stdenv.hostPlatform.linux-kernel.target} init=${config.system.build.toplevel}/init initrd=initrd ${toString config.boot.kernelParams} ''${cmdline}
+      initrd initrd
+      boot
+    '';
+
+    boot.postBootCommands =
+      ''
+        # nixos-rebuild also requires a "system" profile and an
+        # /etc/NIXOS tag.
+        touch /etc/NIXOS
+        ${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
+      '';
+  };
+}
diff --git a/installer/default.nix b/installer/default.nix
index d77266ca..f882b22d 100644
--- a/installer/default.nix
+++ b/installer/default.nix
@@ -11,7 +11,7 @@
         rulesetFile = ./ruleset.nft;
       };
     };
-     
+
     services.openssh = {
       enable = true;
       staticHostKeys = false;
diff --git a/modules/netns.nix b/modules/netns.nix
index d4f07feb..dca3c0db 100644
--- a/modules/netns.nix
+++ b/modules/netns.nix
@@ -1,6 +1,6 @@
 { pkgs, config, lib, ... }:
 
-with lib; 
+with lib;
 
 let
   cfg = config.networking.namespaces;
@@ -56,12 +56,12 @@ let
     wants = ["network.target"];
     conflicts = ["shutdown.target"];
 
-    path = with pkgs; [ iproute config.systemd.package ];
+    path = with pkgs; [ iproute2 config.systemd.package ];
 
     serviceConfig = {
       SyslogIdentifier = "netns container ${containerName}";
       Type = "notify";
-      
+
       RestartForceExitStatus = "133";
       SuccessExitStatus = "133";
 
@@ -114,7 +114,7 @@ let
         --capability=CAP_SYS_TTY_CONFIG,CAP_NET_ADMIN,CAP_NET_RAW,CAP_SYS_ADMIN \
         --ephemeral \
         --network-namespace-path=/run/netns/${containerCfg.netns} \
-        ${containerInit} "${containerCfg.config.system.build.toplevel}/init"      
+        ${containerInit} "${containerCfg.config.system.build.toplevel}/init"
     '';
   };
 in {
@@ -133,13 +133,13 @@ in {
     assertions = [
       { assertion = cfg.containers != {} -> cfg.enable; message = "netns containers require netns@ service template"; }
     ];
-    
+
     systemd.services = {
       "netns@" = mkIf cfg.enable {
         description = "%I network namspace";
         before = [ "network-pre.target" ];
         wants = [ "network-pre.target" ];
-        path = with pkgs; [ iproute utillinux ];
+        path = with pkgs; [ iproute2 util-linux ];
         serviceConfig = {
           Type = "oneshot";
           RemainAfterExit = true;
@@ -149,7 +149,7 @@ in {
             umount /var/run/netns/"$1"
             mount --bind /proc/self/ns/net /var/run/netns/"$1"
           ''} %I";
-          ExecStop = "${pkgs.iproute}/bin/ip netns del %I";
+          ExecStop = "${pkgs.iproute2}/bin/ip netns del %I";
         };
       };
     } // mapAttrs' mkContainerService cfg.containers;
diff --git a/modules/zfssnap/default.nix b/modules/zfssnap/default.nix
index f3e2f9c2..42cdf46f 100644
--- a/modules/zfssnap/default.nix
+++ b/modules/zfssnap/default.nix
@@ -11,7 +11,7 @@ let
 
     buildInputs = with pkgs; [makeWrapper];
 
-    python = pkgs.python39.withPackages (ps: with ps; [pyxdg pytimeparse dateutil]);
+    python = pkgs.python39.withPackages (ps: with ps; [pyxdg pytimeparse python-dateutil]);
 
     buildPhase = ''
       substitute $src zfssnap \
diff --git a/nvfetcher.toml b/nvfetcher.toml
index cb460076..ccdd78dd 100644
--- a/nvfetcher.toml
+++ b/nvfetcher.toml
@@ -34,10 +34,6 @@ src.git = "https://github.com/umlaeute/v4l2loopback"
 fetch.github = "umlaeute/v4l2loopback"
 git.fetchSubmodules = true
 
-[fast-cli]
-src.github = "gesquive/fast-cli"
-fetch.github = "gesquive/fast-cli"
-
 [xcompose]
 src.git = "https://github.com/kragen/xcompose"
 fetch.github = "kragen/xcompose"
diff --git a/overlays/fast-cli.nix b/overlays/fast-cli.nix
deleted file mode 100644
index a318eada..00000000
--- a/overlays/fast-cli.nix
+++ /dev/null
@@ -1,34 +0,0 @@
-{ prev, sources, ... }: {
-  fast-cli = prev.buildGoModule rec {
-    pname = "fast-cli";
-
-    inherit (sources.fast-cli) version src;
-    vendorSha256 = "sha256-XM/5kUau0JBMxN0UpX6QNI31i8/+HNFvgFUFtlJsBh0=";
-
-    preBuild = let
-      goMod = prev.writeText "go.mod" ''
-        module github.com/gesquive/fast-cli
-
-        go 1.17
-
-        require (
-                github.com/dustin/go-humanize v0.0.0-20170228161531-259d2a102b87
-                github.com/fatih/color v1.4.1
-                github.com/gesquive/cli v0.2.0
-                github.com/inconshreveable/mousetrap v1.0.0
-                github.com/mattn/go-colorable v0.0.8-0.20170210172801-5411d3eea597
-                github.com/mattn/go-isatty v0.0.2-0.20170307163044-57fdcb988a5c
-                github.com/spf13/cobra v0.0.0-20170531045452-8d4ce3549a0b
-                github.com/spf13/pflag v1.0.0
-                golang.org/x/sys v0.0.0-20170213225739-e24f485414ae
-        )
-      '';
-    in ''
-      install -v -m 0644 ${goMod} ./go.mod
-    '';
-
-    ldflags = [
-      "-X main.version=${prev.lib.removePrefix "v" version}"
-    ];
-  };
-}
diff --git a/overlays/postfix-mta-sts-resolver.nix b/overlays/postfix-mta-sts-resolver.nix
index a06dace5..d8b1ff00 100644
--- a/overlays/postfix-mta-sts-resolver.nix
+++ b/overlays/postfix-mta-sts-resolver.nix
@@ -24,5 +24,6 @@
     ];
 
     _.pyparsing.buildInputs.add = with final.python310Packages; [ flit-core ];
+    _.idna.buildInputs.add = with final.python310Packages; [ flit-core ];
   };
 }
diff --git a/overlays/urxvt/52-osc.pl b/overlays/urxvt/52-osc.pl
deleted file mode 100644
index 3292e8c4..00000000
--- a/overlays/urxvt/52-osc.pl
+++ /dev/null
@@ -1,41 +0,0 @@
-#! perl
-
-=head1 NAME
-
-52-osc - Implement OSC 32 ; Interact with X11 clipboard
-
-=head1 SYNOPSIS
-
-   urxvt -pe 52-osc
-
-=head1 DESCRIPTION
-
-This extension implements OSC 52 for interacting with system clipboard
-
-Most code stolen from:
-http://ailin.tucana.uberspace.de/static/nei/*/Code/urxvt/
-
-=cut
-
-use MIME::Base64;
-use Encode;
-
-sub on_osc_seq {
-    my ($term, $op, $args) = @_;
-    return () unless $op eq 52;
-
-    my ($clip, $data) = split ';', $args, 2;
-    if ($data eq '?') {
-        # my $data_free = $term->selection();
-        # Encode::_utf8_off($data_free); # XXX
-        # $term->tt_write("\e]52;$clip;".encode_base64($data_free, '')."\a");
-    }
-    else {
-        my $data_decoded = decode_base64($data);
-        Encode::_utf8_on($data_decoded); # XXX
-        $term->selection($data_decoded, $clip =~ /c|^$/);
-        $term->selection_grab(urxvt::CurrentTime, $clip =~ /c|^$/);
-    }
-
-    ()
-}
diff --git a/overlays/urxvt/default.nix b/overlays/urxvt/default.nix
deleted file mode 100644
index 77a2c51f..00000000
--- a/overlays/urxvt/default.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ final, prev, ... }: {
-  rxvt_unicode-with-plugins = prev.rxvt-unicode.override {
-    configure = { availablePlugins, ... }: {
-        plugins = [ final.urxvt_osc_52 ] ++ builtins.attrValues availablePlugins;
-      };
-    };
-  urxvt_osc_52 = prev.stdenv.mkDerivation {
-    name = "rxvt_unicode-osc_52-0";
-    src = ./52-osc.pl;
-    unpackPhase = ''
-      cp $src 52-osc
-    '';
-    buildPhase = ''
-      sed -i 's|#! perl|#! ${final.perl}/bin/perl|g' 52-osc
-    '';
-    installPhase = ''
-      mkdir -p $out/lib/urxvt/perl
-      cp 52-osc $out/lib/urxvt/perl 
-    '';
-  };
-}
diff --git a/overlays/worktime/default.nix b/overlays/worktime/default.nix
index a8ee15e3..20c0b90f 100644
--- a/overlays/worktime/default.nix
+++ b/overlays/worktime/default.nix
@@ -5,7 +5,7 @@
 
     phases = [ "buildPhase" "checkPhase" "installPhase" ];
 
-    python = prev.python39.withPackages (ps: with ps; [pyxdg dateutil uritools requests configparser tabulate]);
+    python = prev.python39.withPackages (ps: with ps; [pyxdg python-dateutil uritools requests configparser tabulate]);
     buildInputs = [ python ];
 
     buildPhase = ''
diff --git a/shell.nix b/shell.nix
index 05ba992b..6ada761e 100644
--- a/shell.nix
+++ b/shell.nix
@@ -1,21 +1,11 @@
 { pkgs ? import <nixpkgs> {}, deploy-rs, nvfetcher }:
 let
-  nixWithFlakes = pkgs.symlinkJoin {
-    name = "nix-with-flakes";
-    paths = [ pkgs.nixFlakes ];
-    buildInputs = [ pkgs.makeWrapper ];
-    postBuild = ''
-      wrapProgram $out/bin/nix --add-flags '--option experimental-features "nix-command flakes"'
-    '';
-  };
-
   tai64dec = pkgs.writeShellScriptBin "tai64dec" ''
     echo $((16#$(${pkgs.daemontools}/bin/tai64n <<<"" | ${pkgs.coreutils}/bin/tail -c +2 | ${pkgs.coreutils}/bin/head -c 16)))
   '';
 in pkgs.mkShell {
   name = "nixos";
   nativeBuildInputs = with pkgs; [
-    nixWithFlakes
     sops
     wireguard-tools
     gup
diff --git a/system-profiles/build-server/default.nix b/system-profiles/build-server/default.nix
index 20b23a31..ee99e02f 100644
--- a/system-profiles/build-server/default.nix
+++ b/system-profiles/build-server/default.nix
@@ -1,8 +1,12 @@
-{ customUtils, flake, config, lib, ... }:
+{ customUtils, flake, config, lib, pkgs, ... }:
 
-{
+with lib;
+
+let
+  disallowedSystems = ["armv5tel-linux" config.nixpkgs.system] ++ optional (systems.elaborate config.nixpkgs.system).isx86_64 "i686-linux";
+in {
   imports = with flake.nixosModules.systemProfiles; [ openssh ];
-  
+
   config = {
     users.groups.nix-ssh-builder = {};
     users.users.nix-ssh-builder = {
@@ -30,8 +34,10 @@
 
     users.users.nix-ssh-builder.openssh.authorizedKeys.keys =
       let
-        importKeys = dir: lib.attrValues (customUtils.mapFilterAttrs (_: v: v != null) (n: v: lib.nameValuePair n (if v == "directory" then importKeys' dir n else null)) (builtins.readDir dir));
+        importKeys = dir: attrValues (customUtils.mapFilterAttrs (_: v: v != null) (n: v: nameValuePair n (if v == "directory" then importKeys' dir n else null)) (builtins.readDir dir));
         importKeys' = dir: host: builtins.readFile (dir + "/${host}/public");
       in importKeys ./clients;
+
+    boot.binfmt.emulatedSystems = mkDefault (filter (system: (systems.elaborate system).emulatorAvailable pkgs && !(elem system disallowedSystems)) systems.flakeExposed);
   };
 }
diff --git a/system-profiles/openssh/default.nix b/system-profiles/openssh/default.nix
index 47908682..3d04d9b5 100644
--- a/system-profiles/openssh/default.nix
+++ b/system-profiles/openssh/default.nix
@@ -88,7 +88,7 @@ in {
     };
 
     environment.systemPackages = mkIf cfg.enable (with pkgs; [
-      rxvt_unicode.terminfo alacritty.terminfo
+      alacritty.terminfo
     ]);
   };
 }
diff --git a/user-profiles/feeds/module.nix b/user-profiles/feeds/module.nix
index 9b1ef594..63e827eb 100644
--- a/user-profiles/feeds/module.nix
+++ b/user-profiles/feeds/module.nix
@@ -75,7 +75,7 @@ let
 
     phases = [ "buildPhase" "checkPhase" "installPhase" "fixupPhase" ];
 
-    python = pkgs.python39.withPackages (ps: with ps; [ configparser dateutil html2text ]);
+    python = pkgs.python39.withPackages (ps: with ps; [ configparser python-dateutil html2text ]);
 
     nativeBuildInputs = with pkgs; [ makeWrapper ];
 
diff --git a/user-profiles/mpv/default.nix b/user-profiles/mpv/default.nix
index 33b0ffaf..0c87b6e7 100644
--- a/user-profiles/mpv/default.nix
+++ b/user-profiles/mpv/default.nix
@@ -53,7 +53,7 @@
           install -m 0644 mpris.so $out/share/mpv/scripts/${passthru.scriptName}
         '';
 
-        nativeBuildInputs = with pkgs; [ pkgconfig glib mpv ];
+        nativeBuildInputs = with pkgs; [ pkg-config glib mpv ];
 
         passthru.scriptName = "mpris.so";
       }))
diff --git a/user-profiles/utils.nix b/user-profiles/utils.nix
index c5042d41..41fb312b 100644
--- a/user-profiles/utils.nix
+++ b/user-profiles/utils.nix
@@ -21,7 +21,7 @@
     home.packages = with pkgs; [
       autossh usbutils pciutils exa silver-searcher pwgen unzip
       magic-wormhole qrencode tty-clock dnsutils openssl sshfs psmisc
-      mosh tree vnstat file pv bc fast-cli zip nmap aspell
+      mosh tree vnstat file pv bc zip nmap aspell
       aspellDicts.de aspellDicts.en borgbackup man-pages rsync socat
       inetutils yq cached-nix-shell persistent-nix-shell rage
       smartmontools hdparm