8 files changed, 63 insertions, 58 deletions
diff --git a/system-profiles/bcachefs.nix b/system-profiles/bcachefs.nix
index f9f048b9..be12bf20 100644
--- a/system-profiles/bcachefs.nix
+++ b/system-profiles/bcachefs.nix
@@ -1,6 +1,16 @@
-{ pkgs, ... } : {
+{ pkgs, lib, ... } : {
  config = {
    boot.supportedFilesystems.bcachefs = true;
    environment.systemPackages = with pkgs; [ bcachefs-tools ];
+    boot.kernelPatches = [
+      {
+        name = "bcachefs-casefold-fix";
+        patch = null;
+        structuredExtraConfig = with lib.kernel; {
+          UNICODE = lib.mkOverride 90 no;
+        };
+      }
+    ];
  };
 }
diff --git a/system-profiles/core/default.nix b/system-profiles/core/default.nix
index b85aea4e..e5f9dc16 100644
--- a/system-profiles/core/default.nix
+++ b/system-profiles/core/default.nix
@@ -127,36 +127,16 @@ in {
          flake-registry = "${flakeInputs.flake-registry}/flake-registry.json";
        };
-        nixPath = [
+        nixPath = map (flake: "${flake}=flake:${flake}") (attrNames config.nix.registry);
-          "nixpkgs=${pkgs.runCommand "nixpkgs" {} ''
-            mkdir $out
-            ln -s ${./nixpkgs.nix} $out/default.nix
-            ln -s /run/nixpkgs/lib $out/lib
-          ''}"
-        ];
        registry =
          let override = { self = "nixos"; };
          in mapAttrs' (inpName: inpFlake: nameValuePair
            (override.${inpName} or inpName)
-            { flake = inpFlake; } ) flakeInputs;
+            { to = { type = "path"; path = inpFlake; }; } ) flakeInputs;
      };
      systemd.tmpfiles.rules = [
        "L+ /run/nixpkgs - - - - ${flakeInputs.${config.nixpkgs.flakeInput}.outPath}"
-        "L+ /run/nixpkgs-overlays.nix - - - - ${pkgs.writeText "overlays.nix" ''
-          with builtins;
-          attrValues (import
-            (
-              let lock = fromJSON (readFile ${flake + "/flake.lock"}); in
-              fetchTarball {
-                url = "https://github.com/edolstra/flake-compat/archive/''${lock.nodes.flake-compat.locked.rev}.tar.gz";
-                sha256 = lock.nodes.flake-compat.locked.narHash;
-              }
-            )
-            { src = ${flake}; }
-          ).defaultNix.overlays
-        ''}"
        "L+ /etc/nixos - - - - ${flake}"
      ] ++ map (input: "L+ /run/flake-inputs/${input} - - - - ${flakeInputs.${input}.outPath}") (attrNames flakeInputs);
@@ -177,8 +157,6 @@ in {
          {
            manual.manpages.enable = true;
            systemd.user.startServices = "sd-switch";
-            programs.ssh.internallyManaged = mkForce true;
          }
        ];
        extraSpecialArgs = { inherit flake flakeInputs path; hostConfig = config; };
@@ -202,13 +180,7 @@ in {
      };
      environment.systemPackages = with pkgs; [ git-annex scutiger ];
    }
-  ] ++ (optional (options ? system.switch.enableNg) {
+  ] ++ (optional (options ? system.rebuild.enableNg) {
-    system.switch = lib.mkDefault {
-      enable = false;
-      enableNg = true;
-    };
-  })
-  ++ (optional (options ? system.rebuild.enableNg) {
    system.rebuild.enableNg = lib.mkDefault true;
  })
  ++ (optional (options ? services.userborn) {
diff --git a/system-profiles/default-locale.nix b/system-profiles/default-locale.nix
index 2d483f04..60d338cb 100644
--- a/system-profiles/default-locale.nix
+++ b/system-profiles/default-locale.nix
@@ -1,16 +1,23 @@
-{ lib, ... }:
+{ lib, options, ... }:
 with lib;
 {
-  i18n = {
+  config = foldr recursiveUpdate {} ([
-    defaultLocale = "en_DK.UTF-8";
+    {
-    extraLocaleSettings = {
+      i18n = {
-      "TIME_STYLE" = "long-iso";
+        defaultLocale = "en_DK.UTF-8";
-    };
+        extraLocaleSettings = {
-    supportedLocales = [ "C.UTF-8/UTF-8" "en_US.UTF-8/UTF-8" "en_DK.UTF-8/UTF-8" ];
+          "TIME_STYLE" = "long-iso";
-  };
+        };
-  console.keyMap = mkDefault "dvorak-programmer";
+      };
+      console.keyMap = mkDefault "dvorak-programmer";
-  time.timeZone = mkDefault "Europe/Berlin";
+      time.timeZone = mkDefault "Europe/Berlin";
+    }
+  ] ++ (optional (options ? i18n.extraLocales) {
+    i18n.extraLocales = [ "C.UTF-8" "en_US.UTF-8" "en_DK.UTF-8" ];
+  }) ++ (optional (!(options ? i18n.extraLocales)) {
+    i18n.supportedLocales = [ "C.UTF-8/UTF-8" "en_US.UTF-8/UTF-8" "en_DK.UTF-8/UTF-8" ];
+  }));
 }
diff --git a/system-profiles/initrd-all-crypto-modules.nix b/system-profiles/initrd-all-crypto-modules.nix
index 45cd4b74..da6c781e 100644
--- a/system-profiles/initrd-all-crypto-modules.nix
+++ b/system-profiles/initrd-all-crypto-modules.nix
@@ -18,7 +18,7 @@ in {
    {
      name = "encrypted_key";
      patch = null;
-      extraStructuredConfig.ENCRYPTED_KEYS = lib.kernel.yes;
+      structuredExtraConfig.ENCRYPTED_KEYS = lib.kernel.yes;
    }
  ];
 }
diff --git a/system-profiles/lanzaboote.nix b/system-profiles/lanzaboote.nix
new file mode 100644
index 00000000..f1e179cf
--- /dev/null
+++ b/system-profiles/lanzaboote.nix
@@ -0,0 +1,14 @@
+{ flakeInputs, pkgs, ... }:
+{
+  imports = [
+    flakeInputs.lanzaboote.nixosModules.lanzaboote
+  ];
+  config = {
+    environment.systemPackages = [ pkgs.sbctl ];
+    boot.lanzaboote = {
+      enable = true;
+      pkiBundle = "/var/lib/sbctl";
+    };
+  };
+}
diff --git a/system-profiles/nfsroot.nix b/system-profiles/nfsroot.nix
index 1cd930d9..e3dc2d2e 100644
--- a/system-profiles/nfsroot.nix
+++ b/system-profiles/nfsroot.nix
@@ -1,4 +1,4 @@
-{ config, options, pkgs, lib, flake, flakeInputs, ... }:
+{ config, options, pkgs, lib, flake, ... }:
 with lib;
@@ -48,7 +48,7 @@ in {
      fileSystems."/nix/.ro-store" = mkImageMediaOverride
        { fsType = "nfs4";
          device = cfg.storeDevice;
-          options = [ "ro" ];
+          options = [ "ro" "nfsvers=4.2" ];
          neededForBoot = true;
        };
@@ -86,7 +86,7 @@ in {
        mkdir -p /mnt-root/etc/
        cp /etc/resolv.conf /mnt-root/etc/resolv.conf
      '';
-      networking.useDHCP = true;
+      networking.useDHCP = mkImageMediaOverride true;
      networking.resolvconf.enable = false;
      networking.dhcpcd.persistent = true;
diff --git a/system-profiles/rebuild-machines/default.nix b/system-profiles/rebuild-machines/default.nix
index 544f47e1..de86cd74 100644
--- a/system-profiles/rebuild-machines/default.nix
+++ b/system-profiles/rebuild-machines/default.nix
@@ -25,16 +25,18 @@ let
    phases = [ "buildPhase" "installPhase" ];
-    inherit (pkgs) zsh coreutils openssh;
-    inherit (cfg) scriptName;
-    inherit (cfg.flake) flakeOutput;
-    flake = cfg.flake.name;
-    nixosRebuild = config.system.build.nixos-rebuild;
-    inherit (config.security) wrapperDir;
-    inherit sshConfig;
    buildPhase = ''
-      substituteAll $src rebuild-machine.zsh
+      substitute $src rebuild-machine.zsh \
+        --subst-var-by zsh ${pkgs.zsh} \
+        --subst-var-by coreutils ${pkgs.coreutils} \
+        --subst-var-by openssh ${pkgs.openssh} \
+        --subst-var-by wrapperDir ${config.security.wrapperDir} \
+        --subst-var-by sshConfig ${sshConfig} \
+        --subst-var-by out "$out" \
+        --subst-var-by nixosRebuild ${config.system.build.nixos-rebuild} \
+        --subst-var-by flake ${cfg.flake.name} \
+        --subst-var-by scriptName ${cfg.scriptName} \
+        --subst-var-by flakeOutput ${cfg.flake.flakeOutput}
    '';
    installPhase = ''
diff --git a/system-profiles/zfs.nix b/system-profiles/zfs.nix
index 149decee..af9f1c17 100644
--- a/system-profiles/zfs.nix
+++ b/system-profiles/zfs.nix
@@ -1,8 +1,8 @@
-{ pkgs, lib, ... } : {
+{ config, pkgs, lib, ... } : {
  config = {
    boot = {
-      kernelPackages = pkgs.linuxPackages_6_11;
+      kernelPackages = pkgs.linuxPackages_6_12;
-      zfs.package = pkgs.zfs_unstable;
+      zfs.package = pkgs.zfs_2_3;
      supportedFilesystems.zfs = true;
    };