intermediate commit

flake.lock

@@ -139,15 +139,15 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1748615477,
-        "narHash": "sha256-8sjG4sNIonQPK2olCGvq3/j1qtjwPaTOFU5nkz1gj2Q=",
-        "rev": "97d3ce1ceb663a24184aac92b7e9e8f5452111c1",
+        "lastModified": 1752247770,
+        "narHash": "sha256-WDk5Sx9JWr8A+EPfkTLEcVNrBlY700rSNH8nm/oaVGY=",
+        "rev": "739c8f530a2c5e0b9eefc8019d201654264cb974",
         "type": "tarball",
-        "url": "https://releases.nixos.org/nixos/24.11-small/nixos-24.11.718472.97d3ce1ceb66/nixexprs.tar.xz?rev=97d3ce1ceb663a24184aac92b7e9e8f5452111c1"
+        "url": "https://releases.nixos.org/nixos/25.05-small/nixos-25.05.806236.739c8f530a2c/nixexprs.tar.xz"
       },
       "original": {
         "type": "tarball",
-        "url": "https://nixos.org/channels/nixos-24.11-small/nixexprs.tar.xz"
+        "url": "https://nixos.org/channels/nixos-25.05-small/nixexprs.tar.xz"
       }
     },
     "nixpkgs-unstable": {

flake.nix

@@ -2,7 +2,7 @@
   description = "PVV System flake";
 
   inputs = {
-    nixpkgs.url = "https://nixos.org/channels/nixos-24.11-small/nixexprs.tar.xz";
+    nixpkgs.url = "https://nixos.org/channels/nixos-25.05-small/nixexprs.tar.xz";
     nixpkgs-unstable.url = "https://nixos.org/channels/nixos-unstable-small/nixexprs.tar.xz";
 
     sops-nix.url = "github:Mic92/sops-nix";
@@ -55,7 +55,7 @@
 
     nixosConfigurations = let
       unstablePkgs = nixpkgs-unstable.legacyPackages.x86_64-linux;
-      nixosConfig = nixpkgs: name: config: lib.nixosSystem (lib.recursiveUpdate
+      nixosConfig = nixpkgs: name: configurationPath: config: lib.nixosSystem (lib.recursiveUpdate
         rec {
           system = "x86_64-linux";
           specialArgs = {
@@ -65,7 +65,7 @@
           };
 
           modules = [
-            ./hosts/${name}/configuration.nix
+            configurationPath
             sops-nix.nixosModules.sops
           ] ++ config.modules or [];
 
@@ -84,8 +84,8 @@
         (removeAttrs config [ "modules" "overlays" ])
       );
 
-      stableNixosConfig = nixosConfig nixpkgs;
-      unstableNixosConfig = nixosConfig nixpkgs-unstable;
+      stableNixosConfig = name: config:
+          nixosConfig nixpkgs name ./hosts/${name}/configuration.nix config;
     in {
       bicep = stableNixosConfig "bicep" {
         modules = [
@@ -163,7 +163,16 @@
           inputs.gergle.overlays.default
         ];
       };
-    };
+    } //
+    (let
+      machineNames = map (i: "lupine-${toString i}") (lib.range 1 5);
+      stableLupineNixosConfig = name: config:
+          nixosConfig nixpkgs name ./hosts/lupine/configuration.nix config;
+    in lib.genAttrs machineNames (name: stableLupineNixosConfig name {
+      modules = [
+        { networking.hostname = name; }
+      ];
+    }));
 
     nixosModules = {
       snakeoil-certs = ./modules/snakeoil-certs.nix;

hosts/lupine/configuration.nix

@@ -0,0 +1,33 @@
+{ config, fp, pkgs, values, ... }:
+{
+  imports = [
+    ./hardware/${config.networking.hostname}.nix
+
+    (fp /base)
+    (fp /misc/metrics-exporters.nix)
+  ];
+
+  sops.defaultSopsFile = fp /secrets/lupine/lupine.yaml;
+  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+  sops.age.keyFile = "/var/lib/sops-nix/key.txt";
+  sops.age.generateKey = true;
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  systemd.network.networks."30-enp6s0f0" = values.defaultNetworkConfig // {
+    matchConfig.Name = "enp6s0f0";
+    address = with values.hosts.lupine; [ (ipv4 + "/25") (ipv6 + "/64") ]
+      ++ (with values.services.turn; [ (ipv4 + "/25") (ipv6 + "/64") ]);
+  };
+  systemd.network.wait-online = {
+    anyInterface = true;
+  };
+
+  # There are no smart devices
+  services.smartd.enable = false;
+
+  # Do not change, even during upgrades.
+  # See https://search.nixos.org/options?show=system.stateVersion
+  system.stateVersion = "24.11";
+}

hosts/lupine/hardware/lupine_1.nix

@@ -0,0 +1,40 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/a949e2e8-d973-4925-83e4-bcd815e65af7";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/81D6-38D3";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/82c2d7fa-7cd0-4398-8cf6-c892bc56264b"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/lupine/hardware/lupine_2.nix

@@ -0,0 +1,41 @@
+# IKKE EKTE BARE EN TEST
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/a949e2e8-d973-4925-83e4-bcd815e65af7";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/81D6-38D3";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/82c2d7fa-7cd0-4398-8cf6-c892bc56264b"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/lupine/services/gitea-runners.nix

@@ -0,0 +1,4 @@
+{ config, lib, values, ... }:
+{
+  nameList = builtins.attrNames (builtins.readDir ../hardware);
+}

packages/out-of-your-element.nix

@@ -7,11 +7,11 @@
 }:
 buildNpmPackage {
   pname = "delete-your-element";
-  version = "3.1-unstable-2025-06-22";
+  version = "3.1-unstable-2025-06-23";
   src = fetchgit {
     url = "https://git.pvv.ntnu.no/Drift/delete-your-element.git";
-    rev = "cdc3b95858419568c7058d4f0056b14dbbf1152b";
-    sha256 = "sha256-v6PFyduwve6uwqBB5mzXMP09GwaxGjv1xIzgs/Eeolc=";
+    rev = "67658bf68026918163a2e5c2a30007364c9b2d2d";
+    sha256 = "sha256-jSQ588kwvAYCe6ogmO+jDB6Hi3ACJ/3+rC8M94OVMNw=";
   };
   npmDepsHash = "sha256-HNHEGez8X7CsoGYXqzB49o1pcCImfmGYIw9QKF2SbHo=";
   dontNpmBuild = true;