10 files changed, 88 insertions, 57 deletions

diff --git a/system-profiles/bcachefs.nix b/system-profiles/bcachefs.nix
index f9f048b9..be12bf20 100644
--- a/system-profiles/bcachefs.nix
+++ b/system-profiles/bcachefs.nix
@@ -1,6 +1,16 @@
-{ pkgs, ... } : {
+{ pkgs, lib, ... } : {
   config = {
     boot.supportedFilesystems.bcachefs = true;
     environment.systemPackages = with pkgs; [ bcachefs-tools ];
+
+    boot.kernelPatches = [
+      {
+        name = "bcachefs-casefold-fix";
+        patch = null;
+        structuredExtraConfig = with lib.kernel; {
+          UNICODE = lib.mkOverride 90 no;
+        };
+      }
+    ];
   };
 }
diff --git a/system-profiles/core/default.nix b/system-profiles/core/default.nix
index 71d0619a..e5f9dc16 100644
--- a/system-profiles/core/default.nix
+++ b/system-profiles/core/default.nix
@@ -127,36 +127,16 @@ in {
 
           flake-registry = "${flakeInputs.flake-registry}/flake-registry.json";
         };
-        nixPath = [
-          "nixpkgs=${pkgs.runCommand "nixpkgs" {} ''
-            mkdir $out
-            ln -s ${./nixpkgs.nix} $out/default.nix
-            ln -s /run/nixpkgs/lib $out/lib
-          ''}"
-        ];
+        nixPath = map (flake: "${flake}=flake:${flake}") (attrNames config.nix.registry);
         registry =
           let override = { self = "nixos"; };
           in mapAttrs' (inpName: inpFlake: nameValuePair
             (override.${inpName} or inpName)
-            { flake = inpFlake; } ) flakeInputs;
+            { to = { type = "path"; path = inpFlake; }; } ) flakeInputs;
       };
 
       systemd.tmpfiles.rules = [
         "L+ /run/nixpkgs - - - - ${flakeInputs.${config.nixpkgs.flakeInput}.outPath}"
-        "L+ /run/nixpkgs-overlays.nix - - - - ${pkgs.writeText "overlays.nix" ''
-          with builtins;
-
-          attrValues (import
-            (
-              let lock = fromJSON (readFile ${flake + "/flake.lock"}); in
-              fetchTarball {
-                url = "https://github.com/edolstra/flake-compat/archive/''${lock.nodes.flake-compat.locked.rev}.tar.gz";
-                sha256 = lock.nodes.flake-compat.locked.narHash;
-              }
-            )
-            { src = ${flake}; }
-          ).defaultNix.overlays
-        ''}"
         "L+ /etc/nixos - - - - ${flake}"
       ] ++ map (input: "L+ /run/flake-inputs/${input} - - - - ${flakeInputs.${input}.outPath}") (attrNames flakeInputs);
 
@@ -177,11 +157,9 @@ in {
           {
             manual.manpages.enable = true;
             systemd.user.startServices = "sd-switch";
-
-            programs.ssh.internallyManaged = mkForce true;
           }
         ];
-        extraSpecialArgs = { inherit flake flakeInputs path; };
+        extraSpecialArgs = { inherit flake flakeInputs path; hostConfig = config; };
       };
 
       sops = mkIf hasSops {
@@ -202,17 +180,22 @@ in {
       };
       environment.systemPackages = with pkgs; [ git-annex scutiger ];
     }
-  ] ++ (optional (options ? system.switch.enableNg) {
-    system.switch = lib.mkDefault {
-      enable = false;
-      enableNg = true;
+  ] ++ (optional (options ? system.rebuild.enableNg) {
+    system.rebuild.enableNg = lib.mkDefault true;
+  })
+  ++ (optional (options ? services.userborn) {
+    services.userborn = {
+      enable = lib.mkDefault true;
+      passwordFilesLocation = lib.mkDefault "/var/lib/nixos";
     };
   })
+  ++ (optional (!(options ? services.userborn) && (options ? system.etc)) {
+    systemd.sysusers.enable = lib.mkDefault true;
+  })
   ++ (optional (options ? system.etc) {
     boot.initrd.systemd.enable = lib.mkDefault true;
     system.etc.overlay.enable = lib.mkDefault true;
     system.etc.overlay.mutable = lib.mkDefault (!config.systemd.sysusers.enable);
-    systemd.sysusers.enable = lib.mkDefault true;
 
     # Random perl remnants
     system.disableInstallerTools = lib.mkDefault true;
diff --git a/system-profiles/default-locale.nix b/system-profiles/default-locale.nix
index 2d483f04..60d338cb 100644
--- a/system-profiles/default-locale.nix
+++ b/system-profiles/default-locale.nix
@@ -1,16 +1,23 @@
-{ lib, ... }:
+{ lib, options, ... }:
 
 with lib;
 
 {
-  i18n = {
-    defaultLocale = "en_DK.UTF-8";
-    extraLocaleSettings = {
-      "TIME_STYLE" = "long-iso";
-    };
-    supportedLocales = [ "C.UTF-8/UTF-8" "en_US.UTF-8/UTF-8" "en_DK.UTF-8/UTF-8" ];
-  };
-  console.keyMap = mkDefault "dvorak-programmer";
+  config = foldr recursiveUpdate {} ([
+    {
+      i18n = {
+        defaultLocale = "en_DK.UTF-8";
+        extraLocaleSettings = {
+          "TIME_STYLE" = "long-iso";
+        };
+      };
+      console.keyMap = mkDefault "dvorak-programmer";
 
-  time.timeZone = mkDefault "Europe/Berlin";
+      time.timeZone = mkDefault "Europe/Berlin";
+    }
+  ] ++ (optional (options ? i18n.extraLocales) {
+    i18n.extraLocales = [ "C.UTF-8" "en_US.UTF-8" "en_DK.UTF-8" ];
+  }) ++ (optional (!(options ? i18n.extraLocales)) {
+    i18n.supportedLocales = [ "C.UTF-8/UTF-8" "en_US.UTF-8/UTF-8" "en_DK.UTF-8/UTF-8" ];
+  }));
 }
diff --git a/system-profiles/initrd-all-crypto-modules.nix b/system-profiles/initrd-all-crypto-modules.nix
index 45cd4b74..da6c781e 100644
--- a/system-profiles/initrd-all-crypto-modules.nix
+++ b/system-profiles/initrd-all-crypto-modules.nix
@@ -18,7 +18,7 @@ in {
     {
       name = "encrypted_key";
       patch = null;
-      extraStructuredConfig.ENCRYPTED_KEYS = lib.kernel.yes;
+      structuredExtraConfig.ENCRYPTED_KEYS = lib.kernel.yes;
     }
   ];
 }
diff --git a/system-profiles/lanzaboote.nix b/system-profiles/lanzaboote.nix
new file mode 100644
index 00000000..f1e179cf
--- /dev/null
+++ b/system-profiles/lanzaboote.nix
@@ -0,0 +1,14 @@
+{ flakeInputs, pkgs, ... }:
+{
+  imports = [
+    flakeInputs.lanzaboote.nixosModules.lanzaboote
+  ];
+
+  config = {
+    environment.systemPackages = [ pkgs.sbctl ];
+    boot.lanzaboote = {
+      enable = true;
+      pkiBundle = "/var/lib/sbctl";
+    };
+  };
+}
diff --git a/system-profiles/nfsroot.nix b/system-profiles/nfsroot.nix
index 1cd930d9..e3dc2d2e 100644
--- a/system-profiles/nfsroot.nix
+++ b/system-profiles/nfsroot.nix
@@ -1,4 +1,4 @@
-{ config, options, pkgs, lib, flake, flakeInputs, ... }:
+{ config, options, pkgs, lib, flake, ... }:
 
 with lib;
 
@@ -48,7 +48,7 @@ in {
       fileSystems."/nix/.ro-store" = mkImageMediaOverride
         { fsType = "nfs4";
           device = cfg.storeDevice;
-          options = [ "ro" ];
+          options = [ "ro" "nfsvers=4.2" ];
           neededForBoot = true;
         };
 
@@ -86,7 +86,7 @@ in {
         mkdir -p /mnt-root/etc/
         cp /etc/resolv.conf /mnt-root/etc/resolv.conf
       '';
-      networking.useDHCP = true;
+      networking.useDHCP = mkImageMediaOverride true;
       networking.resolvconf.enable = false;
       networking.dhcpcd.persistent = true;
 
diff --git a/system-profiles/niri-flake.nix b/system-profiles/niri-flake.nix
new file mode 100644
index 00000000..b28d51ff
--- /dev/null
+++ b/system-profiles/niri-flake.nix
@@ -0,0 +1,4 @@
+{ ... }:
+{
+  config.niri-flake.cache.enable = false;
+}
diff --git a/system-profiles/niri-unstable.nix b/system-profiles/niri-unstable.nix
new file mode 100644
index 00000000..3a8b393d
--- /dev/null
+++ b/system-profiles/niri-unstable.nix
@@ -0,0 +1,11 @@
+{ config, pkgs, lib, ... }:
+{
+  config = {
+    programs.niri.package = lib.mkDefault pkgs.niri-unstable;
+    home-manager.sharedModules = [
+      {
+        programs.niri.package = lib.mkDefault config.programs.niri.package;
+      }
+    ];
+  };
+}
diff --git a/system-profiles/rebuild-machines/default.nix b/system-profiles/rebuild-machines/default.nix
index 544f47e1..de86cd74 100644
--- a/system-profiles/rebuild-machines/default.nix
+++ b/system-profiles/rebuild-machines/default.nix
@@ -25,16 +25,18 @@ let
 
     phases = [ "buildPhase" "installPhase" ];
 
-    inherit (pkgs) zsh coreutils openssh;
-    inherit (cfg) scriptName;
-    inherit (cfg.flake) flakeOutput;
-    flake = cfg.flake.name;
-    nixosRebuild = config.system.build.nixos-rebuild;
-    inherit (config.security) wrapperDir;
-    inherit sshConfig;
-
     buildPhase = ''
-      substituteAll $src rebuild-machine.zsh
+      substitute $src rebuild-machine.zsh \
+        --subst-var-by zsh ${pkgs.zsh} \
+        --subst-var-by coreutils ${pkgs.coreutils} \
+        --subst-var-by openssh ${pkgs.openssh} \
+        --subst-var-by wrapperDir ${config.security.wrapperDir} \
+        --subst-var-by sshConfig ${sshConfig} \
+        --subst-var-by out "$out" \
+        --subst-var-by nixosRebuild ${config.system.build.nixos-rebuild} \
+        --subst-var-by flake ${cfg.flake.name} \
+        --subst-var-by scriptName ${cfg.scriptName} \
+        --subst-var-by flakeOutput ${cfg.flake.flakeOutput}
     '';
 
     installPhase = ''
diff --git a/system-profiles/zfs.nix b/system-profiles/zfs.nix
index 149decee..af9f1c17 100644
--- a/system-profiles/zfs.nix
+++ b/system-profiles/zfs.nix
@@ -1,8 +1,8 @@
-{ pkgs, lib, ... } : {
+{ config, pkgs, lib, ... } : {
   config = {
     boot = {
-      kernelPackages = pkgs.linuxPackages_6_11;
-      zfs.package = pkgs.zfs_unstable;
+      kernelPackages = pkgs.linuxPackages_6_12;
+      zfs.package = pkgs.zfs_2_3;
 
       supportedFilesystems.zfs = true;
     };