...

6 files changed, 68 insertions, 33 deletions

diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix
index b4713736..b38a387c 100644
--- a/hosts/sif/default.nix
+++ b/hosts/sif/default.nix
@@ -290,7 +290,7 @@ in {
 
     services = {
       udev.packages = with pkgs; [ uhk-agent ];
-      
+
       # tinc.yggdrasil.enable = true;
 
       uucp = {
@@ -313,9 +313,9 @@ in {
       fprintd.enable = true;
 
       blueman.enable = true;
-    
+
       colord.enable = true;
-    
+
       vnstat.enable = true;
 
       upower.enable = true;
@@ -468,8 +468,8 @@ in {
 
     hardware = {
       bluetooth = {
-        enable = true;   
-        package = pkgs.bluezFull;
+        enable = true;
+        package = pkgs.bluez;
         settings = {
           General = {
             Enable = "Source,Sink,Media,Socket";
@@ -510,12 +510,14 @@ in {
       daemonCPUSchedPolicy = "idle";
       daemonIOSchedClass = "idle";
 
-      buildServers.vidhar = {
+      buildServers.vidhar = let
+        vidhar = flake.nixosConfigurations.vidhar;
+      in {
         address = "vidhar.yggdrasil";
-        systems = ["x86_64-linux" "i686-linux"];
+        systems = [vidhar.config.nixpkgs.system] ++ vidhar.config.nix.settings.extra-platforms;
+        supportedFeatures = vidhar.config.nix.settings.system-features;
         maxJobs = 12;
         speedFactor = 4;
-        supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"];
       };
     };
 
diff --git a/hosts/surtr/vpn/default.nix b/hosts/surtr/vpn/default.nix
index cad3b5b4..7f3065f7 100644
--- a/hosts/surtr/vpn/default.nix
+++ b/hosts/surtr/vpn/default.nix
@@ -143,9 +143,9 @@ in {
         serviceConfig = {
           Type = "oneshot";
           RemainAfterExit = true;
-          ExecStop = "${pkgs.iproute}/bin/ip netns exec vpn ip link delete upstream";
+          ExecStop = "${pkgs.iproute2}/bin/ip netns exec vpn ip link delete upstream";
         };
-        path = with pkgs; [ iproute procps ];
+        path = with pkgs; [ iproute2 procps ];
         script = ''
           ip netns exec vpn sysctl \
             net.ipv6.conf.all.forwarding=1 \
diff --git a/hosts/vidhar/borg/default.nix b/hosts/vidhar/borg/default.nix
index 650c91ee..79c75c4d 100644
--- a/hosts/vidhar/borg/default.nix
+++ b/hosts/vidhar/borg/default.nix
@@ -57,7 +57,7 @@ let
 
     buildInputs = with pkgs; [makeWrapper];
 
-    python = inpPython.withPackages (ps: with ps; [humanize tqdm dateutil xdg python-unshare pyprctl halo]);
+    python = inpPython.withPackages (ps: with ps; [humanize tqdm python-dateutil xdg python-unshare pyprctl halo]);
 
     buildPhase = ''
       substitute $src copy \
@@ -74,7 +74,7 @@ let
         copy
 
       wrapProgram $out/bin/copy \
-        --prefix PATH : ${makeBinPath (with pkgs; [utillinux borgbackup])}:${config.security.wrapperDir}
+        --prefix PATH : ${makeBinPath (with pkgs; [util-linux borgbackup])}:${config.security.wrapperDir}
     '';
   });
 
@@ -93,7 +93,7 @@ let
     '';
     postInstall = ''
       wrapProgram $out/bin/borgsnap \
-        --prefix PATH : ${makeBinPath (with pkgs; [utillinux borgbackup])}:${config.security.wrapperDir}
+        --prefix PATH : ${makeBinPath (with pkgs; [util-linux borgbackup])}:${config.security.wrapperDir}
     '';
 
     providers.python-unshare = "nixpkgs";
diff --git a/hosts/vidhar/network/dhcp/default.nix b/hosts/vidhar/network/dhcp/default.nix
index 067dc6d6..e14b15ac 100644
--- a/hosts/vidhar/network/dhcp/default.nix
+++ b/hosts/vidhar/network/dhcp/default.nix
@@ -1,4 +1,7 @@
 { flake, config, pkgs, lib, ... }:
+
+with lib;
+
 {
   config = {
     services.kea = {
@@ -23,7 +26,7 @@
             { name = "ipxe";
               test = "option[77].hex == 'iPXE'";
               next-server = "10.141.0.1";
-              boot-file-name = "netboot.ipxe";
+              boot-file-name = "installer-x86_64-linux/netboot.ipxe";
               only-if-required = true;
             }
             { name = "uefi-64";
@@ -146,7 +149,7 @@
               pools = [ { pool = "10.141.2.128 - 10.141.2.254"; } ];
               reservations = [];
             }
-          ]; 
+          ];
         };
       };
       # dhcp6 = {
@@ -195,16 +198,16 @@
     };
 
     systemd.services.kea-dhcp-ddns-server = {
-      preStart = let 
+      preStart = let
         configLines = [
           "<?include \"\${CREDENTIALS_DIRECTORY}/knot-tsig.json.frag\"?>"
-        ] ++ lib.mapAttrsToList (k: v:
+        ] ++ mapAttrsToList (k: v:
           "\"${k}\": ${builtins.toJSON v}"
         ) config.services.kea.dhcp-ddns.settings;
 
         config-template = pkgs.writeText "dhcp-ddns.conf" ''
           {"DhcpDdns": {
-            ${lib.concatStringsSep ",\n  " configLines}
+            ${concatStringsSep ",\n  " configLines}
           }}
         '';
       in ''
@@ -212,8 +215,8 @@
       '';
 
       serviceConfig = {
-        ExecStart = lib.mkForce ''
-          ${pkgs.kea}/bin/kea-dhcp-ddns -c "''${RUNTIME_DIRECTORY}/dhcp-ddns.conf" ${lib.escapeShellArgs config.services.kea.dhcp-ddns.extraArgs}
+        ExecStart = mkForce ''
+          ${pkgs.kea}/bin/kea-dhcp-ddns -c "''${RUNTIME_DIRECTORY}/dhcp-ddns.conf" ${escapeShellArgs config.services.kea.dhcp-ddns.extraArgs}
         '';
         LoadCredential = [
           "knot-tsig.json.frag:${config.sops.secrets."kea-knot-tsig.json.frag".path}"
@@ -226,26 +229,53 @@
       sopsFile = ./knot-tsig.json.frag;
     };
 
-    systemd.services."installer-atftpd" = {
-      description = "TFTP Server for PXE Booting NixOS Installer";
+    systemd.services."pxe-atftpd" = {
+      description = "TFTP Server for PXE Booting";
       after = [ "network.target" ];
       wantedBy = [ "multi-user.target" ];
       serviceConfig.ExecStart = let
-        installerBuild = flake.nixosConfigurations.installer-x86_64-linux-netboot.config.system.build;
         ipxe = pkgs.ipxe.override {
           additionalTargets = {
             "bin-i386-efi/ipxe.efi" = "i386-ipxe.efi";
           };
         };
-        tftpRoot = pkgs.runCommandLocal "installer-netboot" {} ''
+        tftpRoot = pkgs.runCommandLocal "netboot" {} ''
           mkdir -p $out
           install -m 0444 -t $out \
-            ${installerBuild.netbootRamdisk}/initrd \
-            ${installerBuild.kernel}/bzImage \
-            ${installerBuild.netbootIpxeScript}/netboot.ipxe \
             ${ipxe}/ipxe.efi ${ipxe}/i386-ipxe.efi ${ipxe}/undionly.kpxe
+
+          ${concatMapStringsSep "\n" (system:
+            let
+              installerBuild = (flake.nixosConfigurations.${"installer-${system}-nfsroot"}.extendModules {
+                modules = [
+                  ({ ... }: { config.nfsroot.storeDevice = "vidhar:nix-store"; })
+                ];
+              }).config.system.build;
+            in ''
+              mkdir -p $out/installer-${system}
+              install -m 0444 -t $out/installer-${system} \
+                ${installerBuild.initialRamdisk}/initrd \
+                ${installerBuild.kernel}/bzImage \
+                ${installerBuild.netbootIpxeScript}/netboot.ipxe
+            ''
+          ) ["x86_64-linux"]}
         '';
       in "${pkgs.atftp}/sbin/atftpd --daemon --no-fork --bind-address=10.141.0.1 ${tftpRoot}";
     };
+
+    services.nfs.server = {
+      enable = true;
+      createMountPoints = true;
+      exports = ''
+        /export/nix-root 10.141.0.0/24(ro)
+      '';
+    };
+
+    fileSystems = {
+      "/export/nix-root" = {
+        device = "/nix/store";
+        options = [ "bind" ];
+      };
+    };
   };
 }
diff --git a/hosts/vidhar/network/dsl.nix b/hosts/vidhar/network/dsl.nix
index a5f4daf2..461e74d2 100644
--- a/hosts/vidhar/network/dsl.nix
+++ b/hosts/vidhar/network/dsl.nix
@@ -11,7 +11,7 @@ in {
       default = "dsl";
     };
   };
-  
+
   config = {
     networking.vlans = {
       telekom = {
@@ -19,7 +19,7 @@ in {
         interface = "eno2";
       };
     };
-    
+
     services.pppd = {
       enable = true;
       peers.telekom.config = ''
@@ -40,7 +40,7 @@ in {
     };
     systemd.services."pppd-telekom" = {
       stopIfChanged = true;
-      
+
       serviceConfig = lib.mkForce {
         Type = "notify";
         PIDFile = "/run/pppd/${pppInterface}.pid";
@@ -62,7 +62,7 @@ in {
       "ppp/ip-up" = {
         text = ''
           #!${pkgs.runtimeShell}
-          ${pkgs.iproute}/bin/ip route add default via "$5" dev "${pppInterface}" metric 512
+          ${pkgs.iproute2}/bin/ip route add default via "$5" dev "${pppInterface}" metric 512
         '';
         mode = "0555";
       };
diff --git a/hosts/vidhar/prometheus/default.nix b/hosts/vidhar/prometheus/default.nix
index 7ac86c30..8e5ff0ea 100644
--- a/hosts/vidhar/prometheus/default.nix
+++ b/hosts/vidhar/prometheus/default.nix
@@ -61,9 +61,12 @@ in {
         };
         apcupsd.enable = true;
         systemd = {
-          enable = true;
+          enable = false; # TODO
           extraFlags = [
-            "--collector.unit-whitelist=(dhcpcd-dsl|pppd-telekom|corerad|ndppd)\.service"
+            "--systemd.collector.unit-include=(dhcpcd-dsl|pppd-telekom|corerad|ndppd)\.service"
+            "--systemd.collector.enable-restart-count"
+            "--systemd.collector.enable-file-descriptor-size"
+            "--systemd.collector.enable-ip-accounting"
           ];
         };
         blackbox = {