summaryrefslogtreecommitdiff
path: root/system-profiles
diff options
context:
space:
mode:
Diffstat (limited to 'system-profiles')
-rw-r--r--system-profiles/bcachefs.nix12
-rw-r--r--system-profiles/core/default.nix43
-rw-r--r--system-profiles/default-locale.nix27
-rw-r--r--system-profiles/initrd-all-crypto-modules.nix2
-rw-r--r--system-profiles/lanzaboote.nix14
-rw-r--r--system-profiles/nfsroot.nix6
-rw-r--r--system-profiles/niri-flake.nix4
-rw-r--r--system-profiles/niri-unstable.nix11
-rw-r--r--system-profiles/openssh/known-hosts/sif/ed25519-cert.pub2
-rw-r--r--system-profiles/openssh/known-hosts/sif/rsa-cert.pub2
-rw-r--r--system-profiles/openssh/known-hosts/surtr/ed25519-cert.pub2
-rw-r--r--system-profiles/openssh/known-hosts/surtr/rsa-cert.pub2
-rw-r--r--system-profiles/openssh/known-hosts/vidhar/ed25519-cert.pub2
-rw-r--r--system-profiles/openssh/known-hosts/vidhar/rsa-cert.pub2
-rw-r--r--system-profiles/openssh/known-hosts/ymir/ed25519-cert.pub2
-rw-r--r--system-profiles/openssh/known-hosts/ymir/rsa-cert.pub2
-rw-r--r--system-profiles/rebuild-machines/default.nix20
-rw-r--r--system-profiles/zfs.nix6
18 files changed, 96 insertions, 65 deletions
diff --git a/system-profiles/bcachefs.nix b/system-profiles/bcachefs.nix
index f9f048b9..be12bf20 100644
--- a/system-profiles/bcachefs.nix
+++ b/system-profiles/bcachefs.nix
@@ -1,6 +1,16 @@
1{ pkgs, ... } : { 1{ pkgs, lib, ... } : {
2 config = { 2 config = {
3 boot.supportedFilesystems.bcachefs = true; 3 boot.supportedFilesystems.bcachefs = true;
4 environment.systemPackages = with pkgs; [ bcachefs-tools ]; 4 environment.systemPackages = with pkgs; [ bcachefs-tools ];
5
6 boot.kernelPatches = [
7 {
8 name = "bcachefs-casefold-fix";
9 patch = null;
10 structuredExtraConfig = with lib.kernel; {
11 UNICODE = lib.mkOverride 90 no;
12 };
13 }
14 ];
5 }; 15 };
6} 16}
diff --git a/system-profiles/core/default.nix b/system-profiles/core/default.nix
index 71d0619a..e5f9dc16 100644
--- a/system-profiles/core/default.nix
+++ b/system-profiles/core/default.nix
@@ -127,36 +127,16 @@ in {
127 127
128 flake-registry = "${flakeInputs.flake-registry}/flake-registry.json"; 128 flake-registry = "${flakeInputs.flake-registry}/flake-registry.json";
129 }; 129 };
130 nixPath = [ 130 nixPath = map (flake: "${flake}=flake:${flake}") (attrNames config.nix.registry);
131 "nixpkgs=${pkgs.runCommand "nixpkgs" {} ''
132 mkdir $out
133 ln -s ${./nixpkgs.nix} $out/default.nix
134 ln -s /run/nixpkgs/lib $out/lib
135 ''}"
136 ];
137 registry = 131 registry =
138 let override = { self = "nixos"; }; 132 let override = { self = "nixos"; };
139 in mapAttrs' (inpName: inpFlake: nameValuePair 133 in mapAttrs' (inpName: inpFlake: nameValuePair
140 (override.${inpName} or inpName) 134 (override.${inpName} or inpName)
141 { flake = inpFlake; } ) flakeInputs; 135 { to = { type = "path"; path = inpFlake; }; } ) flakeInputs;
142 }; 136 };
143 137
144 systemd.tmpfiles.rules = [ 138 systemd.tmpfiles.rules = [
145 "L+ /run/nixpkgs - - - - ${flakeInputs.${config.nixpkgs.flakeInput}.outPath}" 139 "L+ /run/nixpkgs - - - - ${flakeInputs.${config.nixpkgs.flakeInput}.outPath}"
146 "L+ /run/nixpkgs-overlays.nix - - - - ${pkgs.writeText "overlays.nix" ''
147 with builtins;
148
149 attrValues (import
150 (
151 let lock = fromJSON (readFile ${flake + "/flake.lock"}); in
152 fetchTarball {
153 url = "https://github.com/edolstra/flake-compat/archive/''${lock.nodes.flake-compat.locked.rev}.tar.gz";
154 sha256 = lock.nodes.flake-compat.locked.narHash;
155 }
156 )
157 { src = ${flake}; }
158 ).defaultNix.overlays
159 ''}"
160 "L+ /etc/nixos - - - - ${flake}" 140 "L+ /etc/nixos - - - - ${flake}"
161 ] ++ map (input: "L+ /run/flake-inputs/${input} - - - - ${flakeInputs.${input}.outPath}") (attrNames flakeInputs); 141 ] ++ map (input: "L+ /run/flake-inputs/${input} - - - - ${flakeInputs.${input}.outPath}") (attrNames flakeInputs);
162 142
@@ -177,11 +157,9 @@ in {
177 { 157 {
178 manual.manpages.enable = true; 158 manual.manpages.enable = true;
179 systemd.user.startServices = "sd-switch"; 159 systemd.user.startServices = "sd-switch";
180
181 programs.ssh.internallyManaged = mkForce true;
182 } 160 }
183 ]; 161 ];
184 extraSpecialArgs = { inherit flake flakeInputs path; }; 162 extraSpecialArgs = { inherit flake flakeInputs path; hostConfig = config; };
185 }; 163 };
186 164
187 sops = mkIf hasSops { 165 sops = mkIf hasSops {
@@ -202,17 +180,22 @@ in {
202 }; 180 };
203 environment.systemPackages = with pkgs; [ git-annex scutiger ]; 181 environment.systemPackages = with pkgs; [ git-annex scutiger ];
204 } 182 }
205 ] ++ (optional (options ? system.switch.enableNg) { 183 ] ++ (optional (options ? system.rebuild.enableNg) {
206 system.switch = lib.mkDefault { 184 system.rebuild.enableNg = lib.mkDefault true;
207 enable = false; 185 })
208 enableNg = true; 186 ++ (optional (options ? services.userborn) {
187 services.userborn = {
188 enable = lib.mkDefault true;
189 passwordFilesLocation = lib.mkDefault "/var/lib/nixos";
209 }; 190 };
210 }) 191 })
192 ++ (optional (!(options ? services.userborn) && (options ? system.etc)) {
193 systemd.sysusers.enable = lib.mkDefault true;
194 })
211 ++ (optional (options ? system.etc) { 195 ++ (optional (options ? system.etc) {
212 boot.initrd.systemd.enable = lib.mkDefault true; 196 boot.initrd.systemd.enable = lib.mkDefault true;
213 system.etc.overlay.enable = lib.mkDefault true; 197 system.etc.overlay.enable = lib.mkDefault true;
214 system.etc.overlay.mutable = lib.mkDefault (!config.systemd.sysusers.enable); 198 system.etc.overlay.mutable = lib.mkDefault (!config.systemd.sysusers.enable);
215 systemd.sysusers.enable = lib.mkDefault true;
216 199
217 # Random perl remnants 200 # Random perl remnants
218 system.disableInstallerTools = lib.mkDefault true; 201 system.disableInstallerTools = lib.mkDefault true;
diff --git a/system-profiles/default-locale.nix b/system-profiles/default-locale.nix
index 2d483f04..60d338cb 100644
--- a/system-profiles/default-locale.nix
+++ b/system-profiles/default-locale.nix
@@ -1,16 +1,23 @@
1{ lib, ... }: 1{ lib, options, ... }:
2 2
3with lib; 3with lib;
4 4
5{ 5{
6 i18n = { 6 config = foldr recursiveUpdate {} ([
7 defaultLocale = "en_DK.UTF-8"; 7 {
8 extraLocaleSettings = { 8 i18n = {
9 "TIME_STYLE" = "long-iso"; 9 defaultLocale = "en_DK.UTF-8";
10 }; 10 extraLocaleSettings = {
11 supportedLocales = [ "C.UTF-8/UTF-8" "en_US.UTF-8/UTF-8" "en_DK.UTF-8/UTF-8" ]; 11 "TIME_STYLE" = "long-iso";
12 }; 12 };
13 console.keyMap = mkDefault "dvorak-programmer"; 13 };
14 console.keyMap = mkDefault "dvorak-programmer";
14 15
15 time.timeZone = mkDefault "Europe/Berlin"; 16 time.timeZone = mkDefault "Europe/Berlin";
17 }
18 ] ++ (optional (options ? i18n.extraLocales) {
19 i18n.extraLocales = [ "C.UTF-8" "en_US.UTF-8" "en_DK.UTF-8" ];
20 }) ++ (optional (!(options ? i18n.extraLocales)) {
21 i18n.supportedLocales = [ "C.UTF-8/UTF-8" "en_US.UTF-8/UTF-8" "en_DK.UTF-8/UTF-8" ];
22 }));
16} 23}
diff --git a/system-profiles/initrd-all-crypto-modules.nix b/system-profiles/initrd-all-crypto-modules.nix
index 45cd4b74..da6c781e 100644
--- a/system-profiles/initrd-all-crypto-modules.nix
+++ b/system-profiles/initrd-all-crypto-modules.nix
@@ -18,7 +18,7 @@ in {
18 { 18 {
19 name = "encrypted_key"; 19 name = "encrypted_key";
20 patch = null; 20 patch = null;
21 extraStructuredConfig.ENCRYPTED_KEYS = lib.kernel.yes; 21 structuredExtraConfig.ENCRYPTED_KEYS = lib.kernel.yes;
22 } 22 }
23 ]; 23 ];
24} 24}
diff --git a/system-profiles/lanzaboote.nix b/system-profiles/lanzaboote.nix
new file mode 100644
index 00000000..f1e179cf
--- /dev/null
+++ b/system-profiles/lanzaboote.nix
@@ -0,0 +1,14 @@
1{ flakeInputs, pkgs, ... }:
2{
3 imports = [
4 flakeInputs.lanzaboote.nixosModules.lanzaboote
5 ];
6
7 config = {
8 environment.systemPackages = [ pkgs.sbctl ];
9 boot.lanzaboote = {
10 enable = true;
11 pkiBundle = "/var/lib/sbctl";
12 };
13 };
14}
diff --git a/system-profiles/nfsroot.nix b/system-profiles/nfsroot.nix
index 1cd930d9..e3dc2d2e 100644
--- a/system-profiles/nfsroot.nix
+++ b/system-profiles/nfsroot.nix
@@ -1,4 +1,4 @@
1{ config, options, pkgs, lib, flake, flakeInputs, ... }: 1{ config, options, pkgs, lib, flake, ... }:
2 2
3with lib; 3with lib;
4 4
@@ -48,7 +48,7 @@ in {
48 fileSystems."/nix/.ro-store" = mkImageMediaOverride 48 fileSystems."/nix/.ro-store" = mkImageMediaOverride
49 { fsType = "nfs4"; 49 { fsType = "nfs4";
50 device = cfg.storeDevice; 50 device = cfg.storeDevice;
51 options = [ "ro" ]; 51 options = [ "ro" "nfsvers=4.2" ];
52 neededForBoot = true; 52 neededForBoot = true;
53 }; 53 };
54 54
@@ -86,7 +86,7 @@ in {
86 mkdir -p /mnt-root/etc/ 86 mkdir -p /mnt-root/etc/
87 cp /etc/resolv.conf /mnt-root/etc/resolv.conf 87 cp /etc/resolv.conf /mnt-root/etc/resolv.conf
88 ''; 88 '';
89 networking.useDHCP = true; 89 networking.useDHCP = mkImageMediaOverride true;
90 networking.resolvconf.enable = false; 90 networking.resolvconf.enable = false;
91 networking.dhcpcd.persistent = true; 91 networking.dhcpcd.persistent = true;
92 92
diff --git a/system-profiles/niri-flake.nix b/system-profiles/niri-flake.nix
new file mode 100644
index 00000000..b28d51ff
--- /dev/null
+++ b/system-profiles/niri-flake.nix
@@ -0,0 +1,4 @@
1{ ... }:
2{
3 config.niri-flake.cache.enable = false;
4}
diff --git a/system-profiles/niri-unstable.nix b/system-profiles/niri-unstable.nix
new file mode 100644
index 00000000..3a8b393d
--- /dev/null
+++ b/system-profiles/niri-unstable.nix
@@ -0,0 +1,11 @@
1{ config, pkgs, lib, ... }:
2{
3 config = {
4 programs.niri.package = lib.mkDefault pkgs.niri-unstable;
5 home-manager.sharedModules = [
6 {
7 programs.niri.package = lib.mkDefault config.programs.niri.package;
8 }
9 ];
10 };
11}
diff --git a/system-profiles/openssh/known-hosts/sif/ed25519-cert.pub b/system-profiles/openssh/known-hosts/sif/ed25519-cert.pub
index fbe733ad..08e06191 100644
--- a/system-profiles/openssh/known-hosts/sif/ed25519-cert.pub
+++ b/system-profiles/openssh/known-hosts/sif/ed25519-cert.pub
@@ -1 +1 @@
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIGFS3QO9ui8WvwPAzhe5QMeXRRKfUI08UFA8nF4vtpDDAAAAIOfiwlzGcNQjamtIwv7fmXnddjajraeovaM6gRNui1+vQAAAAGdfDRUAAAACAAAAJDIyZTBkYjI0LTQ2NGItNDI4Ny1hNjc1LTBmMGJmOTc0MWM5ZgAAACYAAAANc2lmLnlnZ2RyYXNpbAAAABFzaWYubGFuLnlnZ2RyYXNpbAAAAABnXbtwAAAAAGlVuQAAAAAAAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIC1t7HamptQ49VXtSZyRsaOuja5In1N0U9Ybdiu6ztziAAAAUwAAAAtzc2gtZWQyNTUxOQAAAEBKetJH8/2fTzVqdHKPLYGwDry19o5bacITTEHS5ZoYpuY5ybtQD7OQ2zGzbPl4tBaNEpPMZ2AYA2D2tegyrpgJ sif/ed25519.pub ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIBp/usC8JNYEYLa5aRskvR0FDjoTc0u+XXk6NFgCU7/+AAAAIOfiwlzGcNQjamtIwv7fmXnddjajraeovaM6gRNui1+vQAAAAGktd48AAAACAAAAJGY2N2U0NGNiLWJjYWItNDFlYi05ZGE4LWQ1NmY3MjM4NDRiNgAAACYAAAANc2lmLnlnZ2RyYXNpbAAAABFzaWYubGFuLnlnZ2RyYXNpbAAAAABpLCXrAAAAAGs27IAAAAAAAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIC1t7HamptQ49VXtSZyRsaOuja5In1N0U9Ybdiu6ztziAAAAUwAAAAtzc2gtZWQyNTUxOQAAAEDHDUbj2rciS9HhtumHKqk6M2Ev8x8WnhURpf5cUbKgfrDadi11dDE7awFGIAnkEBrJcr0WbwZy13998LEK8dQO sif/ed25519.pub
diff --git a/system-profiles/openssh/known-hosts/sif/rsa-cert.pub b/system-profiles/openssh/known-hosts/sif/rsa-cert.pub
index f3910f46..9c228cba 100644
--- a/system-profiles/openssh/known-hosts/sif/rsa-cert.pub
+++ b/system-profiles/openssh/known-hosts/sif/rsa-cert.pub
@@ -1 +1 @@
ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgTLH6JBF1fhKZsihW/TUPJ45+eGLQehfZOnPHriIh8H0AAAADAQABAAACAQCeFqJep1CuWakcoiAkz4bSaHbAIwM89Er46o3KUpjCWGTmDmhJyBiG38pupcctH0awwElkX09GsNx230mTtjT6qcxN+vGsGMJIqFD+/7ZobSLJDHYCo6Jx23jZUjg1SqxYjwB5ooWGI61Vh6SaOy8WRrUn0q8rJyd9SEC+3tJlKO5QqRi/Vnwzj47m+YjGz2UlqJ9a4GeRh1O5SiGx5jd4a/VoeK1XJcW94XeWpPQdUGnVYUXZn9cwYVrogmXdr18ImnPxghsQg4xwS2A6KMjUw9m56XkqIq7vTslmL9JaYcjlSCHbsSVq9+Wu1oKxoyndN7Sim7SkAZwHFUEMBNlontBitgYl6z10VdKX739os6h07uXjGEs+mPk4/CkGZhvhnErV2T9FO+65jnU3mZkeX5tfJHqJ8PnDch2JD6O7+Mjpce4zs/x3mwH36peER6iiIBYGlSF0AlUDShdqj+fPWFu6gZ9piOAZ2L3YXDA0ulM6pL69SbulrUNOwtTy6LkBfKDwpaQK1KO1VOYBaKa7s+krOJXW18k+tpfo4aKSeTuwvykMPndKMKvxcsxNymkGo2AzLw017Qgshzv9rRbLNMBFd85S3krakGyBVL0HAVrAdkjvsWqj5FnHAjgBc1AZnZPbJu3g9/wm7k8rPMV0jxKMpW+zxjVFYDhFUWYp90AAAABnXw0XAAAAAgAAACRiMDRmOTI4YS1kZjdlLTQxNGEtYjIyMy03ZTYyM2RjNDllMDUAAAAmAAAADXNpZi55Z2dkcmFzaWwAAAARc2lmLmxhbi55Z2dkcmFzaWwAAAAAZ127cgAAAABpVbkAAAAAAAAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAtbex2pqbUOPVV7UmckbGjro2uSJ9TdFPWG3Yrus7c4gAAAFMAAAALc3NoLWVkMjU1MTkAAABAukvVBkrYktU4OM6O3ocIvgOvQ/LZ1WPh8f0NY/y5WK5aMWi3J3Gi8WgzTosd1XAQVyk8wyrHttBvynrF2jOzCg== sif/rsa.pub ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgY1AoEhqrhSaM/kUs7FsLGIa+2QZZRN0L/MZHpKJF6VsAAAADAQABAAACAQCeFqJep1CuWakcoiAkz4bSaHbAIwM89Er46o3KUpjCWGTmDmhJyBiG38pupcctH0awwElkX09GsNx230mTtjT6qcxN+vGsGMJIqFD+/7ZobSLJDHYCo6Jx23jZUjg1SqxYjwB5ooWGI61Vh6SaOy8WRrUn0q8rJyd9SEC+3tJlKO5QqRi/Vnwzj47m+YjGz2UlqJ9a4GeRh1O5SiGx5jd4a/VoeK1XJcW94XeWpPQdUGnVYUXZn9cwYVrogmXdr18ImnPxghsQg4xwS2A6KMjUw9m56XkqIq7vTslmL9JaYcjlSCHbsSVq9+Wu1oKxoyndN7Sim7SkAZwHFUEMBNlontBitgYl6z10VdKX739os6h07uXjGEs+mPk4/CkGZhvhnErV2T9FO+65jnU3mZkeX5tfJHqJ8PnDch2JD6O7+Mjpce4zs/x3mwH36peER6iiIBYGlSF0AlUDShdqj+fPWFu6gZ9piOAZ2L3YXDA0ulM6pL69SbulrUNOwtTy6LkBfKDwpaQK1KO1VOYBaKa7s+krOJXW18k+tpfo4aKSeTuwvykMPndKMKvxcsxNymkGo2AzLw017Qgshzv9rRbLNMBFd85S3krakGyBVL0HAVrAdkjvsWqj5FnHAjgBc1AZnZPbJu3g9/wm7k8rPMV0jxKMpW+zxjVFYDhFUWYp90AAAABpLXefAAAAAgAAACQ2NTE5MjIyMC01NjY5LTQ4YWYtYmI1OC1iZjUxZmQyZmNkZDYAAAAmAAAADXNpZi55Z2dkcmFzaWwAAAARc2lmLmxhbi55Z2dkcmFzaWwAAAAAaSwl+gAAAABrNuyAAAAAAAAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAtbex2pqbUOPVV7UmckbGjro2uSJ9TdFPWG3Yrus7c4gAAAFMAAAALc3NoLWVkMjU1MTkAAABAxI5ErYlcAfX0DRMDIHIzjNsk85hInZHfi4LxvSOBok8y4XlpYjdKM5kERVhZV1Hi7d64+7uQu8Lghz2pKZ/LBQ== sif/rsa.pub
diff --git a/system-profiles/openssh/known-hosts/surtr/ed25519-cert.pub b/system-profiles/openssh/known-hosts/surtr/ed25519-cert.pub
index 502c7c8f..53ee47d9 100644
--- a/system-profiles/openssh/known-hosts/surtr/ed25519-cert.pub
+++ b/system-profiles/openssh/known-hosts/surtr/ed25519-cert.pub
@@ -1 +1 @@
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIGjiVs6K1essxiBl0pqXAkIqQGVqL+2gDxC0nPwYiDvRAAAAIO2LOAbV3XuAqJpXVY+YUnLIbhRsmAUmVQT3MioXGGgjQAAAAGdfDRsAAAACAAAAJDQ0Y2Q3ZWE0LTM1Y2MtNGI4Yy05NmRhLWUwN2QzMWJjNTYxYwAAACkAAAAPc3VydHIueWdnZHJhc2lsAAAAEnN1cnRyLnlnZ2RyYXNpbC5saQAAAABnXbt2AAAAAGlVuQAAAAAAAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIC1t7HamptQ49VXtSZyRsaOuja5In1N0U9Ybdiu6ztziAAAAUwAAAAtzc2gtZWQyNTUxOQAAAEDXwC9fmwFEbdaghMnBy6B+wNjlDTKSlVZG5xLCYzDB3Eonpi+iliBqFlWQmk1eyFnFotCAuUR63uFba1b0a8ED surtr/ed25519.pub ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIIC06Mm5P6dKTwae83W9gncJmoISKrGeEnXirUMCW8rfAAAAIO2LOAbV3XuAqJpXVY+YUnLIbhRsmAUmVQT3MioXGGgjQAAAAGktd6QAAAACAAAAJGEwZmNmMmQ5LWQ3YWQtNDU0ZS05MGE3LTgyYjFiNTc0YzZmMwAAACkAAAAPc3VydHIueWdnZHJhc2lsAAAAEnN1cnRyLnlnZ2RyYXNpbC5saQAAAABpLCX/AAAAAGs27IAAAAAAAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIC1t7HamptQ49VXtSZyRsaOuja5In1N0U9Ybdiu6ztziAAAAUwAAAAtzc2gtZWQyNTUxOQAAAECi6ZQr+mEfDA7MkXsVaCXZ3VZDaMKXVqHdO4Z4Yap642oeErCWsHn+LgnPSMH3rSRHDOeittKgUSJI/AFJuw8G surtr/ed25519.pub
diff --git a/system-profiles/openssh/known-hosts/surtr/rsa-cert.pub b/system-profiles/openssh/known-hosts/surtr/rsa-cert.pub
index 836b5f0f..f5ea59f2 100644
--- a/system-profiles/openssh/known-hosts/surtr/rsa-cert.pub
+++ b/system-profiles/openssh/known-hosts/surtr/rsa-cert.pub
@@ -1 +1 @@
ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgvFf3el3MnunKnAXBnnpjMSdOMftKzZVb4Hpo+4vb4SAAAAADAQABAAABgQClFn6IDsDjuLXpThBtrRj+HLkNAwuBc4BgNqqIXkSRXy1FhDVgdI2iXKnJJLT/MWBMz73+QEYI+nDV6cxMCu292sZal+EAkyXJG6gQ9/rboucTuMWosrifAYabY4jUY79vYOiQGHG3XMIVjTQE8dRoXASzPKcok7PHftuW2qUu6ti7s3tqxY89Ez0cUz7jIECR7zHpIHZQbPd7z9luWOwZZc/eUGGWSxxz6idSPi/Adjk4FS56kIBk/uq9bZ8ylE/nwuJFUV90GzIr2nIQAcg6UVjYkw22+tA8BKzkS5Kx9ur7jVAhgs1qavKGnkYBuE4MvfjDzrkxRtlIPOjUQ3uuqYXkkkdMCooDl6+oKvN8dug6+cMdXn3/Q63cA0ols5rJz8iAtBoPRI8b835BWZcYHCk2aF2xT5hmB+GVhnFRZP8p9cRlr0jhYRjJKp80gTT7BPlMAQ0Sfmz5jLPd7X9yInKXCXdzxLTWvGqDq4GpunWVR6rgDMq5AswIcNhcwCdAAAAAZ18NHQAAAAIAAAAkYjAxOTgwY2ItZGIyOS00ZDQyLTg3ODAtMTZiYjhiNDU2ODM2AAAAKQAAAA9zdXJ0ci55Z2dkcmFzaWwAAAASc3VydHIueWdnZHJhc2lsLmxpAAAAAGddu3gAAAAAaVW5AAAAAAAAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgLW3sdqam1Dj1Ve1JnJGxo66NrkifU3RT1ht2K7rO3OIAAABTAAAAC3NzaC1lZDI1NTE5AAAAQIOssJDgMJLVaqBwrRIV/B9WTWTCQ/oNqReigzhWmSa5Fwzwoj0voNbE4lbnvHOP3hfZFx+Ja2kFXZLKk/ptgg8= surtr/rsa.pub ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg5cjCqeIKqQMB4AONmupxfkZMloMDSbg8Ekg/KY+OJPEAAAADAQABAAABgQClFn6IDsDjuLXpThBtrRj+HLkNAwuBc4BgNqqIXkSRXy1FhDVgdI2iXKnJJLT/MWBMz73+QEYI+nDV6cxMCu292sZal+EAkyXJG6gQ9/rboucTuMWosrifAYabY4jUY79vYOiQGHG3XMIVjTQE8dRoXASzPKcok7PHftuW2qUu6ti7s3tqxY89Ez0cUz7jIECR7zHpIHZQbPd7z9luWOwZZc/eUGGWSxxz6idSPi/Adjk4FS56kIBk/uq9bZ8ylE/nwuJFUV90GzIr2nIQAcg6UVjYkw22+tA8BKzkS5Kx9ur7jVAhgs1qavKGnkYBuE4MvfjDzrkxRtlIPOjUQ3uuqYXkkkdMCooDl6+oKvN8dug6+cMdXn3/Q63cA0ols5rJz8iAtBoPRI8b835BWZcYHCk2aF2xT5hmB+GVhnFRZP8p9cRlr0jhYRjJKp80gTT7BPlMAQ0Sfmz5jLPd7X9yInKXCXdzxLTWvGqDq4GpunWVR6rgDMq5AswIcNhcwCdAAAAAaS13pwAAAAIAAAAkYzViZTAwYmYtOGQ0Ni00Yzg5LThmM2MtZGQzM2ZmYWY2NmJmAAAAKQAAAA9zdXJ0ci55Z2dkcmFzaWwAAAASc3VydHIueWdnZHJhc2lsLmxpAAAAAGksJgIAAAAAazbsgAAAAAAAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgLW3sdqam1Dj1Ve1JnJGxo66NrkifU3RT1ht2K7rO3OIAAABTAAAAC3NzaC1lZDI1NTE5AAAAQLR4E5g/dbhvevMd3xXIOsL5UEuVDoGOk5J1dZtea8uaERyg2J1//FPS/QDdc0k8MQBbW9e1W478VMhBTqE3FAA= surtr/rsa.pub
diff --git a/system-profiles/openssh/known-hosts/vidhar/ed25519-cert.pub b/system-profiles/openssh/known-hosts/vidhar/ed25519-cert.pub
index 6e9f88c3..4f3b8537 100644
--- a/system-profiles/openssh/known-hosts/vidhar/ed25519-cert.pub
+++ b/system-profiles/openssh/known-hosts/vidhar/ed25519-cert.pub
@@ -1 +1 @@
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIPKvnLMZmubA5lu72Vmdgwurf/VvSnc8yybtDjHBpTqeAAAAIKHGEME8AQDpXnDuI2G4aruVnz3of37+ZgXJh85h8FrqQAAAAGdfDQYAAAACAAAAJDQ5NDg1NTMyLWNkMWMtNDc4ZC1iMWExLTEyZWExNTdmYjQ5ZQAAACsAAAATdmlkaGFyLnlnZ2RyYXNpbC5saQAAABB2aWRoYXIueWdnZHJhc2lsAAAAAGddu2EAAAAAaVW5AAAAAAAAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgLW3sdqam1Dj1Ve1JnJGxo66NrkifU3RT1ht2K7rO3OIAAABTAAAAC3NzaC1lZDI1NTE5AAAAQAu3S6rmmflGBF4Z3EgwIyZV/FF9YMbCFjgx2RvpX8jU7yqfwqdqp+wmTwZFL8C3bn5Di+Wj7RmSrYeZ64yw2QI= vidhar/ed25519.pub ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAILRyTtolV3yNKvQIPY9g4aWgy2K3s6LRDy8rUfwvoNIFAAAAIKHGEME8AQDpXnDuI2G4aruVnz3of37+ZgXJh85h8FrqQAAAAGktd6kAAAACAAAAJGU1MmFiMDFkLTA2NmEtNDAyOC1iNDJmLWFlMjZiNDQ5NmFiNwAAACsAAAATdmlkaGFyLnlnZ2RyYXNpbC5saQAAABB2aWRoYXIueWdnZHJhc2lsAAAAAGksJgQAAAAAazbsgAAAAAAAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgLW3sdqam1Dj1Ve1JnJGxo66NrkifU3RT1ht2K7rO3OIAAABTAAAAC3NzaC1lZDI1NTE5AAAAQHsd6gJMFIG6sfEtgYmQQpjAuQczbqxf8zLan/O1FMkQ0r44s4iCeHrgueCD8sMeZcynmvxtGEuWFg1lksuH2A4= vidhar/ed25519.pub
diff --git a/system-profiles/openssh/known-hosts/vidhar/rsa-cert.pub b/system-profiles/openssh/known-hosts/vidhar/rsa-cert.pub
index e3591c6a..d57b79b9 100644
--- a/system-profiles/openssh/known-hosts/vidhar/rsa-cert.pub
+++ b/system-profiles/openssh/known-hosts/vidhar/rsa-cert.pub
@@ -1 +1 @@
ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgrM1+jWFSNKzUeXAvn+FQNW9SZAiiAoBInTbwWNMoXcMAAAADAQABAAABgQCopJQaFGSf5/FioXnjppVvzqAxW8/Hcr9xpCpj1WDn5hZoKCzyPmZet43ATG7IxHtEXK1O+FfIN7HUDlPrfOEiw/1W8j/fzFCsjXC/c5031wBaPmBpf0uXOGjuJ2INps7qPfOUqfWKYIKgmdk4Sr2vjRxpSoO08mPgECVwWYDBfRrZD3RYVls9NSW3GZFsCOHNUVxV1O112EFbwzyJUDVpTWqF5uSmW5HD7zAhHRs96q1AiOo7rQ9LfYD51Hc/0XkbUQ+wi9jxZwhwsBmEMMGFVRPGBOXqN5x4DItY8hpzq3h4WJEHvGdtRg89TxBeRIV96six0ThA9aS5JrND6DWOgEueoOv0WnLPswUh/+jg6hnECYW0mg7SbxInU/qESFxYp9jRjErQxThwM4u0fuE2+8LR3cB7Ui2GkjuQvvgI/LTHXucy7nTK9Fm87NDSx7oMyCBu8+I/8wntHD4s2SMvGi+BBI5i2dH+VBEoZEbi58DLZa+bwzfuAj+h46DNdR9AAAAAZ18NEQAAAAIAAAAkMDczOWNkNmQtOGM3Yi00ZTM1LTkxMmYtMWI4NzlhODdlYWQ2AAAAKwAAABN2aWRoYXIueWdnZHJhc2lsLmxpAAAAEHZpZGhhci55Z2dkcmFzaWwAAAAAZ127bAAAAABpVbkAAAAAAAAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAtbex2pqbUOPVV7UmckbGjro2uSJ9TdFPWG3Yrus7c4gAAAFMAAAALc3NoLWVkMjU1MTkAAABAB95Kngterh6S0v9cOEZWWexYQ8rUAm3uvjXh6TkE2vbmEHLRr+/RaLupJJyestvjRSpGtoUSZYnnRD33CH4XDg== vidhar/rsa.pub ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgbBxsZVwt6wIw0h2zyYLWo8RmVWjoza2Bre3vFBXc7ZUAAAADAQABAAABgQCopJQaFGSf5/FioXnjppVvzqAxW8/Hcr9xpCpj1WDn5hZoKCzyPmZet43ATG7IxHtEXK1O+FfIN7HUDlPrfOEiw/1W8j/fzFCsjXC/c5031wBaPmBpf0uXOGjuJ2INps7qPfOUqfWKYIKgmdk4Sr2vjRxpSoO08mPgECVwWYDBfRrZD3RYVls9NSW3GZFsCOHNUVxV1O112EFbwzyJUDVpTWqF5uSmW5HD7zAhHRs96q1AiOo7rQ9LfYD51Hc/0XkbUQ+wi9jxZwhwsBmEMMGFVRPGBOXqN5x4DItY8hpzq3h4WJEHvGdtRg89TxBeRIV96six0ThA9aS5JrND6DWOgEueoOv0WnLPswUh/+jg6hnECYW0mg7SbxInU/qESFxYp9jRjErQxThwM4u0fuE2+8LR3cB7Ui2GkjuQvvgI/LTHXucy7nTK9Fm87NDSx7oMyCBu8+I/8wntHD4s2SMvGi+BBI5i2dH+VBEoZEbi58DLZa+bwzfuAj+h46DNdR9AAAAAaS13rAAAAAIAAAAkZWMyMDI4MzUtYTgwMS00ZmNhLTkzYjEtM2JhYjZmMzBhYWZhAAAAKwAAABN2aWRoYXIueWdnZHJhc2lsLmxpAAAAEHZpZGhhci55Z2dkcmFzaWwAAAAAaSwmBwAAAABrNuyAAAAAAAAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAtbex2pqbUOPVV7UmckbGjro2uSJ9TdFPWG3Yrus7c4gAAAFMAAAALc3NoLWVkMjU1MTkAAABAsZ8b6NOryfF2RnktAPnLC6+eyTkc7AYVk7ej4Mj+ipZEL4+lqtf6CwQn3xsu1ANyqiTma7XP+BuBqq1IWX1bBw== vidhar/rsa.pub
diff --git a/system-profiles/openssh/known-hosts/ymir/ed25519-cert.pub b/system-profiles/openssh/known-hosts/ymir/ed25519-cert.pub
index f618287f..3d5b49d7 100644
--- a/system-profiles/openssh/known-hosts/ymir/ed25519-cert.pub
+++ b/system-profiles/openssh/known-hosts/ymir/ed25519-cert.pub
@@ -1 +1 @@
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIL5lX2daZQbuBqERwF2GmrvOBH8BXki1daPIPhNdRwS/AAAAIDeBBux2bIXnS/RUv+Y/NCpzI/SCW0KOJSzf48KDiEZDQAAAAGdfDSEAAAACAAAAJGI5NTQ5ZTE4LWIxN2ItNGNkYS1iZDkyLWU0NTgzNmFhZjhkYQAAACkAAAAReW1pci55Z2dkcmFzaWwubGkAAAAQZ2l0LnlnZ2RyYXNpbC5saQAAAABnXbt8AAAAAGlVuQAAAAAAAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIC1t7HamptQ49VXtSZyRsaOuja5In1N0U9Ybdiu6ztziAAAAUwAAAAtzc2gtZWQyNTUxOQAAAEADKjqTTYesSH+7ZAWLcudmW83vwHFSz/i0lXH906lDB9Bqg/q2RLQ2sCdLvg7CrP7Dy2ReX49IXCfep2EU97IE ymir/ed25519.pub ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIMv3cC/gw6cWqvDkH6Ikjw+5P1Vf+Y2lU4qQ32g40ksVAAAAIDeBBux2bIXnS/RUv+Y/NCpzI/SCW0KOJSzf48KDiEZDQAAAAGktd64AAAACAAAAJGJjZGJhYzViLTY1NjktNGI0Yi04M2IxLTE4ODkyOTQ0ZDIwNQAAACkAAAAReW1pci55Z2dkcmFzaWwubGkAAAAQZ2l0LnlnZ2RyYXNpbC5saQAAAABpLCYJAAAAAGs27IAAAAAAAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIC1t7HamptQ49VXtSZyRsaOuja5In1N0U9Ybdiu6ztziAAAAUwAAAAtzc2gtZWQyNTUxOQAAAECWeRpO9LBadeudAnf2FOZdMsDTdx/Z9qnoXFeBPw9/DdNfR2/BWSn9kqQZcuGKAjrnZvuaRDhpK6tq5Efa97cI ymir/ed25519.pub
diff --git a/system-profiles/openssh/known-hosts/ymir/rsa-cert.pub b/system-profiles/openssh/known-hosts/ymir/rsa-cert.pub
index e817d98b..39213ca3 100644
--- a/system-profiles/openssh/known-hosts/ymir/rsa-cert.pub
+++ b/system-profiles/openssh/known-hosts/ymir/rsa-cert.pub
@@ -1 +1 @@
ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgQPJU/64dBpMx7Z6MSJ/q5gpEsjbJZwCw7HqvR/JFWYYAAAADAQABAAACAQDNr7oFNneR3sVuAhdbnU83PuG6gTU6rDmiz+qykkRUr5Qdtm0NIr9lI7nhoO/MaALWmkMXsBGjvJ2UxvY959g0wQRHJZnuJDwOMo3YJjfuDGMTtp8ikzd646uMHQB+y/xb4dou6f0INr94eRsZcji7AQgZQnyWVV3DZuSADBfNK0Tx6sT6IdbJXaCwYoexnfSfzDdu3i5zMuReF4zdkFUEfAdcbOM8Cr0Abnn4+iLVrof/QaOEuZDC+Pf5QUhkAArETdavSCUIbV6+1md0jz/T8yalgrTCsYOoEUbSPwM/8vmiYDWSo/tvAf3KnVIPjjK2UFz7Qu0HyK0y1dBEXoYLGZ1ep4x67aE4zy7GlR2GZdAYilHknugZB+/kvYGDEixHFfcUh/uvF5PY8sm63C6HUBT1s/aQHXGHgE4uUru6YvbU3UW3fRdslABY/atZ9gc3MuKu9Zk27b1SYfAAoK1R8rKsOKWqUWvvMVCfKBNKqqb7+30q75iGeneB8Tb1C9lToyDG2Yl5p+Gpfnj8YmaU/xFm0HFEC42crRbaQyz01LmupHWf8VwH/O2LsjztAF9b4Oe2q/NwqQAF+h5hIm2tfM2fzxHGCmw1sFYf6dEdkyV5pge/IJrnuQn27iO06tRC6tvrt/ocbpwEEOk/3WWpAWW4oT8L5ceh7iAXrCRWp0AAAABnXw0jAAAAAgAAACQ5ZTMyY2VkZS01N2YyLTRjNDYtODE4My1kZTU0NTA2NWJiNmIAAAApAAAAEXltaXIueWdnZHJhc2lsLmxpAAAAEGdpdC55Z2dkcmFzaWwubGkAAAAAZ127fgAAAABpVbkAAAAAAAAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAtbex2pqbUOPVV7UmckbGjro2uSJ9TdFPWG3Yrus7c4gAAAFMAAAALc3NoLWVkMjU1MTkAAABA82VUT3rNnlFErsDeAXD4VTqADhSD62qwgYLl6tDc4JfEbsRxQbQu6dlCi4ALDT+zrhoH003JCSSN9yO5Gz0sDA== ymir/rsa.pub ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgIc5vGlvWLdc4byp3itEtR5/MD29kg7gj5ma4sotjHtoAAAADAQABAAACAQDNr7oFNneR3sVuAhdbnU83PuG6gTU6rDmiz+qykkRUr5Qdtm0NIr9lI7nhoO/MaALWmkMXsBGjvJ2UxvY959g0wQRHJZnuJDwOMo3YJjfuDGMTtp8ikzd646uMHQB+y/xb4dou6f0INr94eRsZcji7AQgZQnyWVV3DZuSADBfNK0Tx6sT6IdbJXaCwYoexnfSfzDdu3i5zMuReF4zdkFUEfAdcbOM8Cr0Abnn4+iLVrof/QaOEuZDC+Pf5QUhkAArETdavSCUIbV6+1md0jz/T8yalgrTCsYOoEUbSPwM/8vmiYDWSo/tvAf3KnVIPjjK2UFz7Qu0HyK0y1dBEXoYLGZ1ep4x67aE4zy7GlR2GZdAYilHknugZB+/kvYGDEixHFfcUh/uvF5PY8sm63C6HUBT1s/aQHXGHgE4uUru6YvbU3UW3fRdslABY/atZ9gc3MuKu9Zk27b1SYfAAoK1R8rKsOKWqUWvvMVCfKBNKqqb7+30q75iGeneB8Tb1C9lToyDG2Yl5p+Gpfnj8YmaU/xFm0HFEC42crRbaQyz01LmupHWf8VwH/O2LsjztAF9b4Oe2q/NwqQAF+h5hIm2tfM2fzxHGCmw1sFYf6dEdkyV5pge/IJrnuQn27iO06tRC6tvrt/ocbpwEEOk/3WWpAWW4oT8L5ceh7iAXrCRWp0AAAABpLXexAAAAAgAAACRkZDhkNjliYS0yMDc1LTQzYjQtYmVmYy0wODg3NzYwMzkzYTUAAAApAAAAEXltaXIueWdnZHJhc2lsLmxpAAAAEGdpdC55Z2dkcmFzaWwubGkAAAAAaSwmDAAAAABrNuyAAAAAAAAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAtbex2pqbUOPVV7UmckbGjro2uSJ9TdFPWG3Yrus7c4gAAAFMAAAALc3NoLWVkMjU1MTkAAABAW//V9PUjnzyj7DQqYBbJzLEfS1OvED0v1ys3KeaaApd6QhsxxBfYosX/v/zwXf3PNnY6TptPaFj+iaJShwRvCg== ymir/rsa.pub
diff --git a/system-profiles/rebuild-machines/default.nix b/system-profiles/rebuild-machines/default.nix
index 544f47e1..de86cd74 100644
--- a/system-profiles/rebuild-machines/default.nix
+++ b/system-profiles/rebuild-machines/default.nix
@@ -25,16 +25,18 @@ let
25 25
26 phases = [ "buildPhase" "installPhase" ]; 26 phases = [ "buildPhase" "installPhase" ];
27 27
28 inherit (pkgs) zsh coreutils openssh;
29 inherit (cfg) scriptName;
30 inherit (cfg.flake) flakeOutput;
31 flake = cfg.flake.name;
32 nixosRebuild = config.system.build.nixos-rebuild;
33 inherit (config.security) wrapperDir;
34 inherit sshConfig;
35
36 buildPhase = '' 28 buildPhase = ''
37 substituteAll $src rebuild-machine.zsh 29 substitute $src rebuild-machine.zsh \
30 --subst-var-by zsh ${pkgs.zsh} \
31 --subst-var-by coreutils ${pkgs.coreutils} \
32 --subst-var-by openssh ${pkgs.openssh} \
33 --subst-var-by wrapperDir ${config.security.wrapperDir} \
34 --subst-var-by sshConfig ${sshConfig} \
35 --subst-var-by out "$out" \
36 --subst-var-by nixosRebuild ${config.system.build.nixos-rebuild} \
37 --subst-var-by flake ${cfg.flake.name} \
38 --subst-var-by scriptName ${cfg.scriptName} \
39 --subst-var-by flakeOutput ${cfg.flake.flakeOutput}
38 ''; 40 '';
39 41
40 installPhase = '' 42 installPhase = ''
diff --git a/system-profiles/zfs.nix b/system-profiles/zfs.nix
index 149decee..d4a2175f 100644
--- a/system-profiles/zfs.nix
+++ b/system-profiles/zfs.nix
@@ -1,8 +1,8 @@
1{ pkgs, lib, ... } : { 1{ config, pkgs, lib, ... } : {
2 config = { 2 config = {
3 boot = { 3 boot = {
4 kernelPackages = pkgs.linuxPackages_6_11; 4 kernelPackages = lib.mkDefault pkgs.linuxPackages_6_12;
5 zfs.package = pkgs.zfs_unstable; 5 zfs.package = lib.mkDefault pkgs.zfs_2_3;
6 6
7 supportedFilesystems.zfs = true; 7 supportedFilesystems.zfs = true;
8 }; 8 };
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-15 05:08:59 +0000