From e4dc3bdc1fd62a024209fd7c481c49cd0daa1f7d Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Thu, 13 Mar 2025 17:42:16 +0100
Subject: [PATCH 1/5] hosts/porter: Migrate to systemd-networkd

---
 hosts/porter/configuration.nix | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/hosts/porter/configuration.nix b/hosts/porter/configuration.nix
index 25ccad4..a0b06c8 100644
--- a/hosts/porter/configuration.nix
+++ b/hosts/porter/configuration.nix
@@ -11,11 +11,20 @@
   boot.loader.grub.device = "/dev/sda";
 
   networking.useDHCP = false;
-  # Network
-  networking.interfaces.ens3.ipv4.addresses = [ { address = "5.45.100.191"; prefixLength = 22; } ];
-  networking.interfaces.ens3.ipv6.addresses = [ { address = "2a03:4000:6:48d::1"; prefixLength = 64; } ];
-  networking.defaultGateway = { address = "5.45.100.1"; interface = "ens3"; };
-  networking.defaultGateway6 = { address = "fe80::1"; interface = "ens3"; };
+  systemd.network.enable = true;
+  systemd.network.networks."10-wan" = {
+    matchConfig.Name = "ens3";
+    address = [
+      "2a03:4000:6:48d::1/64"
+      "5.45.100.191/22"
+    ];
+    routes = [
+      { Gateway = "fe80::1"; }
+      { Gateway = "5.45.100.1"; }
+    ];
+    linkConfig.RequiredForOnline = "routable";
+  };
+
   networking.nameservers = [ "46.38.255.230" "46.38.252.230" ];
 
   clerie.nginx-port-forward = {

From ec6390be3ffcfe4f1a39d5abb419ff3ea30c1cc4 Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Thu, 13 Mar 2025 18:04:19 +0100
Subject: [PATCH 2/5] profiles/netcup: Add profile for Netcup VM

---
 flake.nix                      |  1 +
 flake/nixosConfigurations.nix  |  1 +
 hosts/porter/configuration.nix |  4 ++--
 profiles/default.nix           |  9 +++++++++
 profiles/netcup/default.nix    | 20 ++++++++++++++++++++
 5 files changed, 33 insertions(+), 2 deletions(-)
 create mode 100644 profiles/default.nix
 create mode 100644 profiles/netcup/default.nix

diff --git a/flake.nix b/flake.nix
index a5ce04f..0a2791a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -120,6 +120,7 @@
     nixosModules = {
       nixfilesInputs = import ./flake/modules.nix inputs;
       clerie = import ./modules;
+      profiles = import ./profiles;
       default = self.nixosModules.clerie;
     };
 
diff --git a/flake/nixosConfigurations.nix b/flake/nixosConfigurations.nix
index dd969aa..be4df26 100644
--- a/flake/nixosConfigurations.nix
+++ b/flake/nixosConfigurations.nix
@@ -16,6 +16,7 @@ let
     modules = modules ++ [
       self.nixosModules.nixfilesInputs
       self.nixosModules.clerie
+      self.nixosModules.profiles
 
       ({ config, lib, ... }: {
         # Set hostname
diff --git a/hosts/porter/configuration.nix b/hosts/porter/configuration.nix
index a0b06c8..7974fb1 100644
--- a/hosts/porter/configuration.nix
+++ b/hosts/porter/configuration.nix
@@ -7,6 +7,8 @@
       ../../configuration/router
     ];
 
+  profiles.clerie.netcup.enable = true;
+
   boot.loader.grub.enable = true;
   boot.loader.grub.device = "/dev/sda";
 
@@ -25,8 +27,6 @@
     linkConfig.RequiredForOnline = "routable";
   };
 
-  networking.nameservers = [ "46.38.255.230" "46.38.252.230" ];
-
   clerie.nginx-port-forward = {
     enable = true;
     tcpPorts."2022" = {
diff --git a/profiles/default.nix b/profiles/default.nix
new file mode 100644
index 0000000..3f4c91f
--- /dev/null
+++ b/profiles/default.nix
@@ -0,0 +1,9 @@
+{ ... }:
+
+{
+
+  imports = [
+    ./netcup
+  ];
+
+}
diff --git a/profiles/netcup/default.nix b/profiles/netcup/default.nix
new file mode 100644
index 0000000..abc7e39
--- /dev/null
+++ b/profiles/netcup/default.nix
@@ -0,0 +1,20 @@
+{ config, lib, ... }:
+
+with lib;
+
+{
+
+  options.profiles.clerie.netcup = {
+    enable = mkEnableOption "Profile for Netcup VM";
+  };
+
+  config = mkIf config.profiles.clerie.netcup.enable {
+
+    services.qemuGuest.enable = true;
+
+    # https://helpcenter.netcup.com/de/wiki/server/nameserver/
+    networking.nameservers = [ "2a03:4000:0:1::e1e6" "2a03:4000:8000::fce6" "46.38.255.230" "46.38.252.230" ];
+
+  };
+
+}

From 8eaf11fb57b73b76f77306a844b1255339ff7e9b Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Thu, 13 Mar 2025 18:46:11 +0100
Subject: [PATCH 3/5] profiles/hetzner-cloud: Migrate Hetzner VMs to Hetzner
 Cloud profile

---
 configuration/hetzner-cloud/default.nix |  8 -------
 hosts/gatekeeper/configuration.nix      |  5 ++---
 hosts/mail-2/configuration.nix          |  4 +++-
 hosts/web-2/configuration.nix           |  5 ++---
 profiles/default.nix                    |  1 +
 profiles/hetzner-cloud/default.nix      | 30 +++++++++++++++++++++++++
 6 files changed, 38 insertions(+), 15 deletions(-)
 delete mode 100644 configuration/hetzner-cloud/default.nix
 create mode 100644 profiles/hetzner-cloud/default.nix

diff --git a/configuration/hetzner-cloud/default.nix b/configuration/hetzner-cloud/default.nix
deleted file mode 100644
index c962933..0000000
--- a/configuration/hetzner-cloud/default.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{ ... }:
-
-{
-  networking.useDHCP = false;
-  networking.defaultGateway6 = { address = "fe80::1"; interface = "ens3"; };
-  networking.defaultGateway = { address = "172.31.1.1"; interface = "ens3"; };
-  networking.nameservers = [ "2a01:4ff:ff00::add:2" "2a01:4ff:ff00::add:1" "185.12.64.2" "185.12.64.1" ];
-}
diff --git a/hosts/gatekeeper/configuration.nix b/hosts/gatekeeper/configuration.nix
index f09e259..b097bd1 100644
--- a/hosts/gatekeeper/configuration.nix
+++ b/hosts/gatekeeper/configuration.nix
@@ -7,6 +7,8 @@
       ../../configuration/router
     ];
 
+  profiles.clerie.hetzner-cloud.enable = true;
+
   boot.loader.grub.enable = true;
   boot.loader.grub.device = "/dev/sda";
 
@@ -14,9 +16,6 @@
   # Network
   networking.interfaces.ens3.ipv4.addresses = [ { address = "78.47.183.82"; prefixLength = 32; } ];
   networking.interfaces.ens3.ipv6.addresses = [ { address = "2a01:4f8:c0c:15f1::1"; prefixLength = 64; } ];
-  networking.defaultGateway = { address = "172.31.1.1"; interface = "ens3"; };
-  networking.defaultGateway6 = { address = "fe80::1"; interface = "ens3"; };
-  networking.nameservers = [ "213.133.98.98" "213.133.99.99" "213.133.100.100" ];
 
   networking.nat = {
     enable = true;
diff --git a/hosts/mail-2/configuration.nix b/hosts/mail-2/configuration.nix
index 27e74b0..e82f590 100644
--- a/hosts/mail-2/configuration.nix
+++ b/hosts/mail-2/configuration.nix
@@ -4,14 +4,16 @@
   imports =
     [
       ./hardware-configuration.nix
-      ../../configuration/hetzner-cloud
 
       ./mailcow.nix
     ];
 
+  profiles.clerie.hetzner-cloud.enable = true;
+
   boot.loader.grub.enable = true;
   boot.loader.grub.device = "/dev/sda";
 
+  networking.useDHCP = false;
   networking.interfaces.ens3.ipv6.addresses = [ { address = "2a01:4f8:1c1c:9577::1"; prefixLength = 64; } ];
   networking.interfaces.ens3.ipv4.addresses = [ { address = "5.75.187.112"; prefixLength = 32; } ];
 
diff --git a/hosts/web-2/configuration.nix b/hosts/web-2/configuration.nix
index 0565c80..609c385 100644
--- a/hosts/web-2/configuration.nix
+++ b/hosts/web-2/configuration.nix
@@ -28,6 +28,8 @@
       ./wetter.nix
     ];
 
+  profiles.clerie.hetzner-cloud.enable = true;
+
   boot.loader.grub.enable = true;
   boot.loader.grub.device = "/dev/sda";
 
@@ -35,9 +37,6 @@
   # Network
   networking.interfaces.ens3.ipv4.addresses = [ { address = "88.99.187.135"; prefixLength = 32; } ];
   networking.interfaces.ens3.ipv6.addresses = [ { address = "2a01:4f8:c0c:c580::1"; prefixLength = 64; } ];
-  networking.defaultGateway = { address = "172.31.1.1"; interface = "ens3"; };
-  networking.defaultGateway6 = { address = "fe80::1"; interface = "ens3"; };
-  networking.nameservers = [ "213.133.98.98" "213.133.99.99" "213.133.100.100" ];
 
   services.nginx = {
     enable = true;
diff --git a/profiles/default.nix b/profiles/default.nix
index 3f4c91f..9bba5e6 100644
--- a/profiles/default.nix
+++ b/profiles/default.nix
@@ -3,6 +3,7 @@
 {
 
   imports = [
+    ./hetzner-cloud
     ./netcup
   ];
 
diff --git a/profiles/hetzner-cloud/default.nix b/profiles/hetzner-cloud/default.nix
new file mode 100644
index 0000000..32e1dcc
--- /dev/null
+++ b/profiles/hetzner-cloud/default.nix
@@ -0,0 +1,30 @@
+{ config, lib, ... }:
+
+with lib;
+
+{
+
+  options.profiles.clerie.hetzner-cloud = {
+    enable = mkEnableOption "Profile for Hetzner Cloud VMs";
+  };
+
+  config = mkIf config.profiles.clerie.hetzner-cloud.enable {
+
+    services.qemuGuest.enable = true;
+
+    networking.defaultGateway6 = { address = "fe80::1"; interface = "ens3"; };
+    networking.defaultGateway = { address = "172.31.1.1"; interface = "ens3"; };
+
+    networking.nameservers = [
+      # There are two different batches of DNS servers
+      # This one
+      "2a01:4ff:ff00::add:2" "2a01:4ff:ff00::add:1"
+      "185.12.64.2" "185.12.64.1"
+      # And that one
+      "213.133.98.98" "213.133.99.99" "213.133.100.100"
+      # Couldn't find out which to use
+    ];
+
+ };
+
+}

From 97d826ef89d9b29fe265135a618d22ccc64fbd3e Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Thu, 13 Mar 2025 19:07:31 +0100
Subject: [PATCH 4/5] hosts/gatekeeper,hosts/mail-2,hosts/web-2: Migrate
 Hetzner VMs to systemd-networkd

---
 hosts/gatekeeper/configuration.nix | 11 ++++++++---
 hosts/mail-2/configuration.nix     | 10 ++++++++--
 hosts/web-2/configuration.nix      | 11 ++++++++---
 profiles/hetzner-cloud/default.nix | 10 ++++++++--
 4 files changed, 32 insertions(+), 10 deletions(-)

diff --git a/hosts/gatekeeper/configuration.nix b/hosts/gatekeeper/configuration.nix
index b097bd1..4c7eee9 100644
--- a/hosts/gatekeeper/configuration.nix
+++ b/hosts/gatekeeper/configuration.nix
@@ -13,9 +13,14 @@
   boot.loader.grub.device = "/dev/sda";
 
   networking.useDHCP = false;
-  # Network
-  networking.interfaces.ens3.ipv4.addresses = [ { address = "78.47.183.82"; prefixLength = 32; } ];
-  networking.interfaces.ens3.ipv6.addresses = [ { address = "2a01:4f8:c0c:15f1::1"; prefixLength = 64; } ];
+  systemd.network.enable = true;
+
+  systemd.network.networks."10-wan" = {
+    address = [
+      "2a01:4f8:c0c:15f1::1/64"
+      "78.47.183.82/32"
+    ];
+  };
 
   networking.nat = {
     enable = true;
diff --git a/hosts/mail-2/configuration.nix b/hosts/mail-2/configuration.nix
index e82f590..0086f74 100644
--- a/hosts/mail-2/configuration.nix
+++ b/hosts/mail-2/configuration.nix
@@ -14,8 +14,14 @@
   boot.loader.grub.device = "/dev/sda";
 
   networking.useDHCP = false;
-  networking.interfaces.ens3.ipv6.addresses = [ { address = "2a01:4f8:1c1c:9577::1"; prefixLength = 64; } ];
-  networking.interfaces.ens3.ipv4.addresses = [ { address = "5.75.187.112"; prefixLength = 32; } ];
+  systemd.network.enable = true;
+
+  systemd.network.networks."10-wan" = {
+    address = [
+      "2a01:4f8:1c1c:9577::1/64"
+      "5.75.187.112/32"
+    ];
+  };
 
   clerie.backup = {
     enable = true;
diff --git a/hosts/web-2/configuration.nix b/hosts/web-2/configuration.nix
index 609c385..93ea4f5 100644
--- a/hosts/web-2/configuration.nix
+++ b/hosts/web-2/configuration.nix
@@ -34,9 +34,14 @@
   boot.loader.grub.device = "/dev/sda";
 
   networking.useDHCP = false;
-  # Network
-  networking.interfaces.ens3.ipv4.addresses = [ { address = "88.99.187.135"; prefixLength = 32; } ];
-  networking.interfaces.ens3.ipv6.addresses = [ { address = "2a01:4f8:c0c:c580::1"; prefixLength = 64; } ];
+  systemd.network.enable = true;
+
+  systemd.network.networks."10-wan" = {
+    address = [
+      "2a01:4f8:c0c:c580::1/64"
+      "88.99.187.135/32"
+    ];
+  };
 
   services.nginx = {
     enable = true;
diff --git a/profiles/hetzner-cloud/default.nix b/profiles/hetzner-cloud/default.nix
index 32e1dcc..0de705b 100644
--- a/profiles/hetzner-cloud/default.nix
+++ b/profiles/hetzner-cloud/default.nix
@@ -12,8 +12,14 @@ with lib;
 
     services.qemuGuest.enable = true;
 
-    networking.defaultGateway6 = { address = "fe80::1"; interface = "ens3"; };
-    networking.defaultGateway = { address = "172.31.1.1"; interface = "ens3"; };
+    systemd.network.networks."10-wan" = {
+      matchConfig.Name = "ens3";
+      routes = [
+        { Gateway = "fe80::1"; }
+        { Gateway = "172.31.1.1"; GatewayOnLink = true; }
+      ];
+      linkConfig.RequiredForOnline = "routable";
+    };
 
     networking.nameservers = [
       # There are two different batches of DNS servers

From 0be63b09828bcd97dfdf5715363e9daaeb67e56f Mon Sep 17 00:00:00 2001
From: Flake Update Bot <flake-update-bot@clerie.de>
Date: Fri, 14 Mar 2025 03:04:22 +0100
Subject: [PATCH 5/5] Update nixpkgs 2025-03-14-02-03

---
 flake.lock | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/flake.lock b/flake.lock
index 257c57e..4d2f255 100644
--- a/flake.lock
+++ b/flake.lock
@@ -542,11 +542,11 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1739866667,
-        "narHash": "sha256-EO1ygNKZlsAC9avfcwHkKGMsmipUk1Uc0TbrEZpkn64=",
+        "lastModified": 1741851582,
+        "narHash": "sha256-cPfs8qMccim2RBgtKGF+x9IBCduRvd/N5F4nYpU0TVE=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "73cf49b8ad837ade2de76f87eb53fc85ed5d4680",
+        "rev": "6607cf789e541e7873d40d3a8f7815ea92204f32",
         "type": "github"
       },
       "original": {