Update from updated-inputs-2025-03-17-02-03

configuration/proxmox-vm/default.nix

@@ -1,5 +0,0 @@
-{ ... }:
-
-{
-  services.qemuGuest.enable = true;
-}

flake.lock

@@ -201,11 +201,11 @@
         "systems": "systems_2"
       },
       "locked": {
-        "lastModified": 1726560853,
+        "lastModified": 1731533236,
-        "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
         "type": "github"
       },
       "original": {
@@ -254,22 +254,25 @@
     },
     "hydra": {
       "inputs": {
-        "lix": "lix",
+        "lix": [
+          "lix"
+        ],
         "nix-eval-jobs": "nix-eval-jobs",
         "nixpkgs": [
           "nixpkgs"
         ]
       },
       "locked": {
-        "lastModified": 1733503045,
+        "lastModified": 1737885770,
-        "narHash": "sha256-VoMam8Zzbk+X6dIYwH2f9NqItL6g9YDhQvGybzSl8xQ=",
+        "narHash": "sha256-neRDOoeJj4svdSAxXW8ZJOYWQzzOCRYppkaLaHPfs3A=",
-        "ref": "refs/heads/main",
+        "ref": "lix-2.92",
-        "rev": "eccf01d4fef67f87b6383f96c73781bd08b686ac",
+        "rev": "7b3d065a13b21ec8109a250ac6148553bda52d5e",
-        "revCount": 4230,
+        "revCount": 4233,
         "type": "git",
         "url": "https://git.lix.systems/lix-project/hydra.git"
       },
       "original": {
+        "ref": "lix-2.92",
         "type": "git",
         "url": "https://git.lix.systems/lix-project/hydra.git"
       }
@@ -279,64 +282,52 @@
         "flake-compat": "flake-compat",
         "nix2container": "nix2container",
         "nixpkgs": [
-          "hydra",
           "nixpkgs"
         ],
         "nixpkgs-regression": "nixpkgs-regression",
         "pre-commit-hooks": "pre-commit-hooks"
       },
       "locked": {
-        "lastModified": 1732112222,
+        "lastModified": 1741509550,
-        "narHash": "sha256-H7GN4++a4vE49SUNojZx+FSk4mmpb2ifJUtJMJHProI=",
+        "narHash": "sha256-O7+c7MYOvKnGhE5qwRqV+q0NePEtiz6spM1Mfu/Heck=",
-        "ref": "refs/heads/main",
+        "ref": "release-2.92",
-        "rev": "66f6dbda32959dd5cf3a9aaba15af72d037ab7ff",
+        "rev": "0d1f794178d42bfa1ef40ecb80be514139779184",
-        "revCount": 16513,
+        "revCount": 16641,
         "type": "git",
-        "url": "https://git.lix.systems/lix-project/lix"
+        "url": "https://git.lix.systems/lix-project/lix.git"
       },
       "original": {
+        "ref": "release-2.92",
         "type": "git",
-        "url": "https://git.lix.systems/lix-project/lix"
+        "url": "https://git.lix.systems/lix-project/lix.git"
       }
     },
     "lix-module": {
       "inputs": {
         "flake-utils": "flake-utils_2",
         "flakey-profile": "flakey-profile",
-        "lix": "lix_2",
+        "lix": [
+          "lix"
+        ],
         "nixpkgs": [
           "nixpkgs"
         ]
       },
       "locked": {
-        "lastModified": 1732605668,
+        "lastModified": 1741892773,
-        "narHash": "sha256-DN5/166jhiiAW0Uw6nueXaGTueVxhfZISAkoxasmz/g=",
+        "narHash": "sha256-8oUT6D7VlsuLkms3zBsUaPBUoxucmFq62QdtyVpjq0Y=",
-        "ref": "stable",
+        "ref": "release-2.92",
-        "rev": "96824d606a6656650bbe436366bc89d5ee3a6573",
+        "rev": "ed7a2fa83145868ecb830d6b3c73ebfd81a9e911",
-        "revCount": 113,
+        "revCount": 130,
         "type": "git",
         "url": "https://git.lix.systems/lix-project/nixos-module.git"
       },
       "original": {
-        "ref": "stable",
+        "ref": "release-2.92",
         "type": "git",
         "url": "https://git.lix.systems/lix-project/nixos-module.git"
       }
     },
-    "lix_2": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1729298361,
-        "narHash": "sha256-hiGtfzxFkDc9TSYsb96Whg0vnqBVV7CUxyscZNhed0U=",
-        "rev": "ad9d06f7838a25beec425ff406fe68721fef73be",
-        "type": "tarball",
-        "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ad9d06f7838a25beec425ff406fe68721fef73be.tar.gz?rev=ad9d06f7838a25beec425ff406fe68721fef73be"
-      },
-      "original": {
-        "type": "tarball",
-        "url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz"
-      }
-    },
     "mitel-ommclient2": {
       "inputs": {
         "nixpkgs": [
@@ -373,11 +364,11 @@
         "treefmt-nix": "treefmt-nix_2"
       },
       "locked": {
-        "lastModified": 1732351635,
+        "lastModified": 1737237917,
-        "narHash": "sha256-H94CcQ3yamG5+RMxtxXllR02YIlxQ5WD/8PcolO9yEA=",
+        "narHash": "sha256-xd3/Wr4aPc2MY61qyQ6qQ8AGoG3H/DDcJWziP4EhhXY=",
         "ref": "refs/heads/main",
-        "rev": "dfc286ca3dc49118c30d8d6205d6d6af76c62b7a",
+        "rev": "6482bee40b89ab2c28d2e988848aa9ae0429d78c",
-        "revCount": 617,
+        "revCount": 621,
         "type": "git",
         "url": "https://git.lix.systems/lix-project/nix-eval-jobs"
       },
@@ -542,11 +533,11 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1741851582,
+        "lastModified": 1742069588,
-        "narHash": "sha256-cPfs8qMccim2RBgtKGF+x9IBCduRvd/N5F4nYpU0TVE=",
+        "narHash": "sha256-C7jVfohcGzdZRF6DO+ybyG/sqpo1h6bZi9T56sxLy+k=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "6607cf789e541e7873d40d3a8f7815ea92204f32",
+        "rev": "c80f6a7e10b39afcc1894e02ef785b1ad0b0d7e5",
         "type": "github"
       },
       "original": {
@@ -579,11 +570,11 @@
     "pre-commit-hooks": {
       "flake": false,
       "locked": {
-        "lastModified": 1726745158,
+        "lastModified": 1733318908,
-        "narHash": "sha256-D5AegvGoEjt4rkKedmxlSEmC+nNLMBPWFxvmYnVLhjk=",
+        "narHash": "sha256-SVQVsbafSM1dJ4fpgyBqLZ+Lft+jcQuMtEL3lQWx2Sk=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "4e743a6920eab45e8ba0fbe49dc459f1423a4b74",
+        "rev": "6f4e2a2112050951a314d2733a994fbab94864c6",
         "type": "github"
       },
       "original": {
@@ -621,6 +612,7 @@
         "fieldpoc": "fieldpoc",
         "harmonia": "harmonia",
         "hydra": "hydra",
+        "lix": "lix",
         "lix-module": "lix-module",
         "nixos-exporter": "nixos-exporter",
         "nixos-hardware": "nixos-hardware",

flake.nix

@@ -25,11 +25,17 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
     hydra = {
-      url = "git+https://git.lix.systems/lix-project/hydra.git";
+      url = "git+https://git.lix.systems/lix-project/hydra.git?ref=lix-2.92";
+      inputs.lix.follows = "lix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    lix = {
+      url = "git+https://git.lix.systems/lix-project/lix.git?ref=release-2.92";
       inputs.nixpkgs.follows = "nixpkgs";
     };
     lix-module = {
-      url = "git+https://git.lix.systems/lix-project/nixos-module.git?ref=stable";
+      url = "git+https://git.lix.systems/lix-project/nixos-module.git?ref=release-2.92";
+      inputs.lix.follows = "lix";
       inputs.nixpkgs.follows = "nixpkgs";
     };
     fieldpoc.url = "git+https://git.clerie.de/clerie/fieldpoc.git";

hosts/backup-4/configuration.nix

@@ -4,19 +4,29 @@
   imports =
     [
       ./hardware-configuration.nix
-      ../../configuration/proxmox-vm
 
       ./backup.nix
       ./restic-server.nix
     ];
 
+  profiles.clerie.mercury-vm.enable = true;
+
   boot.loader.grub.enable = true;
   boot.loader.grub.device = "/dev/vda";
 
   networking.useDHCP = false;
-  networking.interfaces.ens18.ipv6.addresses = [ { address = "2001:638:904:ffcb::c"; prefixLength = 64; } ];
+  systemd.network.enable = true;
-  networking.defaultGateway6 = { address = "2001:638:904:ffcb::1"; interface = "ens18"; };
+
-  networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ];
+  systemd.network.networks."10-wan" = {
+    matchConfig.Name = "ens18";
+    address = [
+      "2001:638:904:ffcb::c/64"
+    ];
+    routes = [
+      { Gateway = "2001:638:904:ffcb::1"; }
+    ];
+    linkConfig.RequiredForOnline = "routable";
+  };
 
   services.nginx.enable = true;
 

hosts/clerie-backup/configuration.nix

@@ -4,20 +4,28 @@
   imports =
     [
       ./hardware-configuration.nix
-      ../../configuration/proxmox-vm
 
       ./restic-server.nix
     ];
 
+  profiles.clerie.cybercluster-vm.enable = true;
+
   boot.loader.grub.enable = true;
   boot.loader.grub.device = "/dev/vda";
 
-  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
-
   networking.useDHCP = false;
-  networking.interfaces.ens18.ipv6.addresses = [ { address = "2001:638:904:ffc1::6"; prefixLength = 64; } ];
+  systemd.network.enable = true;
-  networking.defaultGateway6 = { address = "2001:638:904:ffc1::1"; interface = "ens18"; };
+
-  networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ];
+  systemd.network.networks."10-wan" = {
+    matchConfig.Name = "ens18";
+    address = [
+      "2001:638:904:ffc1::6/64"
+    ];
+    routes = [
+      { Gateway ="2001:638:904:ffc1::1"; }
+    ];
+    linkConfig.RequiredForOnline = "routable";
+  };
 
   services.nginx.enable = true;
 
@@ -28,10 +36,6 @@
       authorizedKeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiUWufpvAj/Rdxt/frAjs5Q4+/lzaN2jmf5+W3Gazjzw+CH+Agplux6op+LlzF7kAA32yP+lwQto8Rz92NzReDssXd+0JhgAAHrSMrPOPnQbZrierKOfVvDOteklEM4k5JXqZ+xHIMtNomuMV3wCFc18nvwc8t95pDBOI/HwzAwn2mGhVBod0CNXZs8EyMeQJNKLCRwpUrddOX6fz5x/fbPYO4KB3iPkC0X+e/d5SuBvrmwFdnpr2RkCboMPdd6i/0AsY4MLdMV54arS9Ed2jaFKqYCQR5wRdLxndn+aByyVQHQxVU0gVfO9+53NOgiVzhOFzXm6K2KcC/HZR5uj1r ceea@olbers.uberspace.de" ];
       path = "/mnt/clerie-backup/uberspace-ceea";
     };
-    uberspace-cleriewi = {
-      authorizedKeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAeU+YezmGNNnntAkOL143NlkADi6ekEcaW9yf9yegdkDxwyIyxaWC89B110kRkNe+6KP+LDwrp9vnFJZjst8Gv+dMs0h9U0IdUafhO7TcbbkqynqmtzIwiSGsLby2K9XOYTMlAa2JOfeNScPWccZ8KgXsIBqRGjo3yQfCHXZu9U/8CGXvYPsTGY5QYNeAw5Uaikuf565GHy4ROx2BN7LGug9lK42Hfv8i1lhCLi7wkhQ0EPGBRPkscjz/0Kb2iABMzyUf6uMrDJX/usKrChxkLfidIM9C5YR1E+wXlmy9lijuNP85NpXUEyVTAp9/XLCp1vskfCjsBLO0l+40XNIt cleriewi@biela.uberspace.de" ];
-      path = "/mnt/clerie-backup/uberspace-cleriewi";
-    };
   };
 
   # fix borgbackup primary grouping
@@ -51,62 +55,6 @@
       compression = "auto,lzma";
       startAt = "*-*-* 04:07:00";
     };
-    backup-replication-palladium = {
-      paths = [
-        "/mnt/clerie-backup"
-      ];
-      doInit = true;
-      repo =  "borg@palladium.net.clerie.de:." ;
-      encryption = {
-        mode = "none";
-      };
-      environment = { BORG_RSH = "ssh -i /var/src/secrets/ssh/borg-backup-replication-palladium"; };
-      compression = "auto,lzma";
-      startAt = "*-*-* 06:23:00";
-    };
-    backup-replication-external-drive = {
-      paths = [
-        "/mnt/clerie-backup"
-      ];
-      doInit = true;
-      repo =  "borg@palladium.net.clerie.de:." ;
-      encryption = {
-        mode = "none";
-      };
-      environment = {
-        BORG_RSH = "ssh -i /var/src/secrets/ssh/borg-backup-replication-external-drive";
-        BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK = "yes";
-        BORG_RELOCATED_REPO_ACCESS_IS_OK = "yes";
-      };
-      compression = "auto,lzma";
-      startAt = "*-*-* 08:37:00";
-    };
-  };
-
-  users.users.backup-replication = {
-    isNormalUser = true;
-    group = "backup-replication";
-    openssh.authorizedKeys.keys = [
-      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8kCLiDfVFKgoNvEoMb34jp2n1lQG+k7wigzc4qGmrROlWkJ46/Ym4UrSeQJAd6hwHTcKTZkeOrqDAjZZ+jlidpncJHT5VMW5Ah965pxbBq6Qh1Yz5tKj7nLAQ/+bwEH4qqBFNd796876n3pY/FqhwAHWONqWhLKzMXpFursMSITUPmRXcaPwJrgS9DIYspZ9bBhhRSdQ5N1SiGtaszOQwdevLnNYqdtFOBG4rt9SO6IBIHtaiTIHrrMGS2Lt3NMwkq+O+N+TGaKLjbwqtfUPfPOCmY0XH12OawjxHP9hZ+WH3dPtcu5p+VORciSybPvyh9qzXUrDeO4HDuii2GEFU8JFELYXdT/qBwdIMp82tkgww0zKbTJuc0y/9eR7LCXop4OALhR8+8xWDI9c1ccxu3T7S7zUI1OmTlR9i8rx85D4sz2dtp1jirDoW2KVuIdwe6G3NLfTL95FZRmveEQM3MO8MPpfzZ4EvaMbiQQd/c4VAmGovtSLQhySTpT6qSv0= root@backup-4"
-      #"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRANmJ2LYUr0Mavz/JJ7j+7p1zkqvizf6ZLt5XOJ2fj0enDuK7Dc5fxiESLGYTsLRVWuY4hNXVIL7aeJUj1LPf6LEX87APP4hb95t+TFxcES87tFfnFO48eiBbSd25Av2jmHGb6/wY2viYBxfk/vrLjPR6RgICqFsWFcz20bsWmc48FdzXYJCGJfKjHiW+Ut95VL+M/AlGBQHo33FNDyPXV4zh+MeWVkOFicwfh0k+4NH7Psj5n93m9szAlz306t5YZ32HnhSlvObkMk1Ugy6AzPKXrgKBu11pmatf7sFRx1ikYGUiKiezGjatt/8lYZfE8rQKQjwH+6LPt3ZPv06ncfKpH2vbZfonM0KhSsm1OIhJTse+X7ZMxizO6QqYM+BRJJGMbhH1g+6kFRsdlwakHNPE9YvG4NxZ1NxWTUr6F0gPhUEy61LkTnznt3ct1hgQR02KDQ+9i8PvaYeIIzZzRKufv4tV7OZkDLbN97tvAMkgpLjF+8fCg3qjn2Lckzc= root@palladium"
-    ];
-  };
-
-  users.groups.backup-replication = {};
-
-  environment.systemPackages = with pkgs; [
-    bindfs
-  ];
-
-  fileSystems."/clerie-backup-replication" = {
-    device = "/mnt/clerie-backup";
-    fsType = "fuse.bindfs";
-    options = [
-      "ro"
-      "force-user=backup-replication"
-      "force-group=backup-replication"
-      "perms=0000:ug=rD"
-    ];
   };
 
   clerie.monitoring = {

hosts/dn42-il-gw1/configuration.nix

@@ -4,10 +4,11 @@
   imports =
     [
       ./hardware-configuration.nix
-      ../../configuration/proxmox-vm
       ../../configuration/dn42
     ];
 
+  profiles.clerie.mercury-vm.enable = true;
+
   boot.loader.grub.enable = true;
   boot.loader.grub.device = "/dev/vda";
 
@@ -22,7 +23,6 @@
 
   networking.defaultGateway = { address = "192.168.10.1"; interface = "ens18"; };
   networking.defaultGateway6 = { address = "2001:638:904:ffc9::1"; interface = "ens20"; };
-  networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ];
 
   networking.wireguard.enable = true;
   networking.wireguard.interfaces = {

hosts/dn42-il-gw5/configuration.nix

@@ -4,10 +4,11 @@
   imports =
     [
       ./hardware-configuration.nix
-      ../../configuration/proxmox-vm
       ../../configuration/dn42
     ];
 
+  profiles.clerie.mercury-vm.enable = true;
+
   boot.loader.grub.enable = true;
   boot.loader.grub.device = "/dev/vda";
 
@@ -25,7 +26,6 @@
 
   networking.defaultGateway = { address = "192.168.10.1"; interface = "ens18"; };
   networking.defaultGateway6 = { address = "2001:638:904:ffc9::1"; interface = "ens21"; };
-  networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ];
 
   petabyte.policyrouting = {
     enable = true;

hosts/dn42-il-gw6/configuration.nix

@@ -4,10 +4,11 @@
   imports =
     [
       ./hardware-configuration.nix
-      ../../configuration/proxmox-vm
       ../../configuration/dn42
     ];
 
+  profiles.clerie.cybercluster-vm.enable = true;
+
   boot.loader.grub.enable = true;
   boot.loader.grub.device = "/dev/vda";
 
@@ -25,7 +26,6 @@
 
   networking.defaultGateway = { address = "192.168.10.1"; interface = "ens20"; };
   networking.defaultGateway6 = { address = "2001:638:904:ffc9::1"; interface = "ens18"; };
-  networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ];
 
   petabyte.policyrouting = {
     enable = true;

hosts/dn42-ildix-clerie/configuration.nix

@@ -4,9 +4,10 @@
   imports =
     [
       ./hardware-configuration.nix
-      ../../configuration/proxmox-vm
     ];
 
+  profiles.clerie.mercury-vm.enable = true;
+
   boot.loader.grub.enable = true;
   boot.loader.grub.device = "/dev/vda";
 
@@ -23,7 +24,6 @@
 
   networking.defaultGateway6 = { address = "2001:638:904:ffcb::1"; interface = "ens20"; };
   networking.defaultGateway = { address = "192.168.10.1"; interface = "ens18"; };
-  networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ];
 
   # Open Firewall for BGP
   networking.firewall.allowedTCPPorts = [ 179 ];

hosts/dn42-ildix-service/configuration.nix

@@ -4,11 +4,13 @@
   imports =
     [
       ./hardware-configuration.nix
-      ../../configuration/proxmox-vm
+
       ./bird.nix
       ./fernglas.nix
     ];
 
+  profiles.clerie.mercury-vm.enable = true;
+
   # Use the GRUB 2 boot loader.
   boot.loader.grub.enable = true;
   # boot.loader.grub.efiSupport = true;
@@ -31,7 +33,6 @@
 
   networking.defaultGateway6 = { address = "2001:638:904:ffc9::1"; interface = "ens20"; };
   networking.defaultGateway = { address = "192.168.10.1"; interface = "ens18"; };
-  networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ];
 
   services.nginx.enable = true;
 

hosts/hydra-1/configuration.nix

@@ -4,7 +4,6 @@
   imports =
     [
       ./hardware-configuration.nix
-      ../../configuration/proxmox-vm
       ../../configuration/hydra-build-machine
 
       ./build-machines.nix
@@ -12,6 +11,8 @@
       ./nix-cache.nix
     ];
 
+  profiles.clerie.mercury-vm.enable = true;
+
   boot.loader.grub.enable = true;
   boot.loader.grub.device = "/dev/vda";
   
@@ -22,11 +23,28 @@
   ];
 
   networking.useDHCP = false;
-  networking.interfaces.ens18.ipv6.addresses = [ { address = "2001:638:904:ffcb::a"; prefixLength = 64; } ];
+  systemd.network.enable = true;
-  networking.interfaces.ens19.ipv4.addresses = [ { address = "192.168.10.36"; prefixLength = 24; } ];
+
-  networking.defaultGateway6 = { address = "2001:638:904:ffcb::1"; interface = "ens18"; };
+  systemd.network.networks."10-wan" = {
-  networking.defaultGateway = { address = "192.168.10.1"; interface = "ens19"; };
+    matchConfig.Name = "ens18";
-  networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ];
+    address = [
+      "2001:638:904:ffcb::a/64"
+    ];
+    routes = [
+      { Gateway = "2001:638:904:ffcb::1"; }
+    ];
+    linkConfig.RequiredForOnline = "routable";
+  };
+  systemd.network.networks."10-nat-netz-mercury" = {
+    matchConfig.Name = "ens19";
+    address = [
+      "192.168.10.36/24"
+    ];
+    routes = [
+      { Gateway = "192.168.10.1"; }
+    ];
+    linkConfig.RequiredForOnline = "routable";
+  };
 
   services.nginx.enable = true;
 

hosts/hydra-2/configuration.nix

@@ -4,10 +4,11 @@
   imports =
     [
       ./hardware-configuration.nix
-      ../../configuration/proxmox-vm
       ../../configuration/hydra-build-machine
     ];
 
+  profiles.clerie.cybercluster-vm.enable = true;
+
   boot.loader.grub.enable = true;
   boot.loader.grub.device = "/dev/vda";
 
@@ -18,11 +19,20 @@
   ];
 
   networking.useDHCP = false;
-  networking.interfaces.ens18.ipv6.addresses = [ { address = "2001:638:904:ffc1::100"; prefixLength = 64; } ];
+  systemd.network.enable = true;
-  networking.interfaces.ens18.ipv4.addresses = [ { address = "141.24.50.112"; prefixLength = 24; } ];
+
-  networking.defaultGateway6 = { address = "2001:638:904:ffc1::1"; interface = "ens18"; };
+  systemd.network.networks."10-wan" = {
-  networking.defaultGateway = { address = "141.24.50.1"; interface = "ens18"; };
+    matchConfig.Name = "ens18";
-  networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ];
+    address = [
+      "2001:638:904:ffc1::100/64"
+      "141.24.50.112/24"
+    ];
+    routes = [
+      { Gateway = "2001:638:904:ffc1::1"; }
+      { Gateway = "141.24.50.1"; }
+    ];
+    linkConfig.RequiredForOnline = "routable";
+  };
 
   clerie.monitoring = {
     enable = true;

hosts/monitoring-3/configuration.nix

@@ -4,7 +4,6 @@
   imports =
     [
       ./hardware-configuration.nix
-      ../../configuration/proxmox-vm
       ./alertmanager.nix
       ./berlinerbaeder-exporter.nix
       ./blackbox.nix
@@ -14,15 +13,34 @@
       ./uptimestatus.nix
     ];
 
+  profiles.clerie.mercury-vm.enable = true;
+
   boot.loader.grub.enable = true;
   boot.loader.grub.device = "/dev/sda";
 
   networking.useDHCP = false;
-  networking.interfaces.ens18.ipv4.addresses = [ { address = "192.168.10.32"; prefixLength = 24; } ];
+  systemd.network.enable = true;
-  networking.interfaces.ens19.ipv6.addresses = [ { address = "2001:638:904:ffca::7"; prefixLength = 64; } ];
+
-  networking.defaultGateway = { address = "192.168.10.1"; interface = "ens18"; };
+  systemd.network.networks."10-wan" = {
-  networking.defaultGateway6 = { address = "2001:638:904:ffca::1"; interface = "ens19"; };
+    matchConfig.Name = "ens19";
-  networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ];
+    address = [
+      "2001:638:904:ffca::7/64"
+    ];
+    routes = [
+      { Gateway = "2001:638:904:ffca::1"; }
+    ];
+    linkConfig.RequiredForOnline = "routable";
+  };
+  systemd.network.networks."10-nat-netz-mercury" = {
+    matchConfig.Name = "ens18";
+    address = [
+      "192.168.10.32/24"
+    ];
+    routes = [
+      { Gateway = "192.168.10.1"; }
+    ];
+    linkConfig.RequiredForOnline = "routable";
+  };
 
   services.prometheus.exporters.node.enable = true;
 

hosts/nonat/configuration.nix

@@ -4,28 +4,36 @@
   imports =
     [
       ./hardware-configuration.nix
-      ../../configuration/proxmox-vm
       ../../configuration/router
     ];
 
+  profiles.clerie.mercury-vm.enable = true;
+
   boot.loader.grub.enable = true;
   boot.loader.grub.device = "/dev/vda";
 
   networking.useDHCP = false;
-  # Network
+  systemd.network.enable = true;
-  networking.interfaces.ens18.ipv4.addresses = [
-    { address = "141.24.46.169"; prefixLength = 24; }
-  ];
-  networking.interfaces.ens18.ipv6.addresses = [
-    { address = "2001:638:904:ffca::6"; prefixLength = 64; }
-  ];
-  networking.defaultGateway = { address = "141.24.46.1"; interface = "ens18"; };
-  networking.defaultGateway6 = { address = "2001:638:904:ffca::1"; interface = "ens18"; };
-  networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ];
 
-  networking.interfaces.ens19.ipv4.addresses = [
+  systemd.network.networks."10-wan" = {
-    { address = "192.168.10.1"; prefixLength = 24; }
+    matchConfig.Name = "ens18";
-  ];
+    address = [
+      "2001:638:904:ffca::6/64"
+      "141.24.46.169/24"
+    ];
+    routes = [
+      { Gateway = "141.24.46.1"; }
+      { Gateway = "2001:638:904:ffca::1"; }
+    ];
+    linkConfig.RequiredForOnline = "routable";
+  };
+  systemd.network.networks."10-nat-netz-mercury" = {
+    matchConfig.Name = "ens19";
+    address = [
+      "192.168.10.1/24"
+    ];
+    linkConfig.RequiredForOnline = "no";
+  };
 
   networking.nat = {
     enableIPv6 = true;

hosts/osmium/configuration.nix

@@ -4,12 +4,13 @@
   imports =
     [
       ./hardware-configuration.nix
-      ../../configuration/proxmox-vm
 
       ./nixfiles-updated-inputs.nix
       ./polkit-test.nix
     ];
 
+  profiles.clerie.mercury-vm.enable = true;
+
   boot.loader.grub.enable = true;
   boot.loader.grub.device = "/dev/vda";
 
@@ -20,11 +21,28 @@
   ];
 
   networking.useDHCP = false;
-  networking.interfaces.ens18.ipv4.addresses = [ { address = "192.168.10.29"; prefixLength = 24; } ];
+  systemd.network.enable = true;
-  networking.interfaces.ens19.ipv6.addresses = [ { address = "2001:638:904:ffc7::6"; prefixLength = 64; } ];
+
-  networking.defaultGateway = { address = "192.168.10.1"; interface = "ens18"; };
+  systemd.network.networks."10-wan" = {
-  networking.defaultGateway6 = { address = "2001:638:904:ffc7::1"; interface = "ens19"; };
+    matchConfig.Name = "ens19";
-  networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ];
+    address = [
+      "2001:638:904:ffc7::6/64"
+    ];
+    routes = [
+      { Gateway = "2001:638:904:ffc7::1"; }
+    ];
+    linkConfig.RequiredForOnline = "routable";
+  };
+  systemd.network.networks."10-nat-netz-mercury" = {
+    matchConfig.Name = "ens18";
+    address = [
+      "192.168.10.29/24"
+    ];
+    routes = [
+      { Gateway = "192.168.10.1"; }
+    ];
+    linkConfig.RequiredForOnline = "routable";
+  };
 
   environment.systemPackages = with pkgs; [
     git

hosts/palladium/configuration.nix

@@ -31,12 +31,16 @@
   boot.swraid.enable = true;
 
   networking.useDHCP = false;
-  networking.interfaces.enp3s0.ipv6.addresses = [
+  systemd.network.enable = true;
-    { address = "fd00:152:152:4::11"; prefixLength = 64; }
+
-    { address = "2001:4cd8:100:1337::11"; prefixLength = 64; }
+  systemd.network.networks."10-wan" = {
-  ];
+    matchConfig.Name = "enp3s0";
-  networking.defaultGateway6 = { address = "fe80::1"; interface = "enp3s0"; };
+    address = [
-  networking.nameservers = [ "fd00:152:152::1" ];
+      "fd00:152:152:4::11/64"
+    ];
+    networkConfig.DHCP = true;
+    linkConfig.RequiredForOnline = "routable";
+  };
 
   # Keeping the harddrives quiet
   services.udev.extraRules = ''

hosts/storage-2/configuration.nix

@@ -4,22 +4,40 @@
   imports =
     [
       ./hardware-configuration.nix
-      ../../configuration/proxmox-vm
       ./firmware.nix
       ./mixcloud.nix
       ./syncthing.nix
       ./users.nix
     ];
 
+  profiles.clerie.mercury-vm.enable = true;
+
   boot.loader.grub.enable = true;
   boot.loader.grub.device = "/dev/vda";
 
   networking.useDHCP = false;
-  networking.interfaces.ens19.ipv4.addresses = [ { address = "192.168.10.35"; prefixLength = 24; } ];
+  systemd.network.enable = true;
-  networking.interfaces.ens18.ipv6.addresses = [ { address = "2001:638:904:ffc0::4"; prefixLength = 64; } ];
+
-  networking.defaultGateway = { address = "192.168.10.1"; interface = "ens19"; };
+  systemd.network.networks."10-wan" = {
-  networking.defaultGateway6 = { address = "2001:638:904:ffc0::1"; interface = "ens18"; };
+    matchConfig.Name = "ens18";
-  networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ];
+    address = [
+      "2001:638:904:ffc0::4/64"
+    ];
+    routes = [
+      { Gateway = "2001:638:904:ffc0::1"; }
+    ];
+    linkConfig.RequiredForOnline = "routable";
+  };
+  systemd.network.networks."10-nat-netz-mercury" = {
+    matchConfig.Name = "ens19";
+    address = [
+      "192.168.10.35/24"
+    ];
+    routes = [
+      { Gateway = "192.168.10.1"; }
+    ];
+    linkConfig.RequiredForOnline = "routable";
+  };
 
   services.nginx.enable = true;
 

profiles/cybercluster-vm/default.nix

@@ -0,0 +1,18 @@
+{ config, lib, ... }:
+
+with lib;
+
+{
+
+  options.profiles.clerie.cybercluster-vm = {
+    enable = mkEnableOption "Profile for cybercluster VMs";
+  };
+
+  config = mkIf config.profiles.clerie.cybercluster-vm.enable {
+
+    profiles.clerie.fem-net.enable = true;
+
+    services.qemuGuest.enable = true;
+
+  };
+}

profiles/default.nix

@@ -3,7 +3,10 @@
 {
 
   imports = [
+    ./cybercluster-vm
+    ./fem-net
     ./hetzner-cloud
+    ./mercury-vm
     ./netcup
   ];
 

profiles/fem-net/default.nix

@@ -0,0 +1,16 @@
+{ config, lib, ... }:
+
+with lib;
+
+{
+
+  options.profiles.clerie.fem-net = {
+    enable = mkEnableOption "Profile for FeM-Net";
+  };
+
+  config = mkIf config.profiles.clerie.fem-net.enable {
+
+    networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ];
+
+  };
+}

profiles/mercury-vm/default.nix

@@ -0,0 +1,18 @@
+{ config, lib, ... }:
+
+with lib;
+
+{
+
+  options.profiles.clerie.mercury-vm = {
+    enable = mkEnableOption "Profile for mercury VMs";
+  };
+
+  config = mkIf config.profiles.clerie.mercury-vm.enable {
+
+    profiles.clerie.fem-net.enable = true;
+
+    services.qemuGuest.enable = true;
+
+  };
+}