flake.lock: update pvv-nettsiden

Fix networking in Openstack.

This rewrites the systemd-networkd config, fixing both dhcp and manual address/route configurations.
Now, everything should behave predictably, routing NTNU-internal and NTNU-global addresses separately and properly across both ipv4 and ipv6.

Reviewed-on: https://git.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/47

base.nix

@@ -67,7 +67,6 @@
     wget
 
     kitty.terminfo
-    foot.terminfo
   ];
 
   programs.zsh.enable = true;

flake.lock

@@ -107,15 +107,16 @@
         ]
       },
       "locked": {
-        "lastModified": 1710311999,
-        "narHash": "sha256-s0pT1NyrMgeolUojXXcnXQDymN7m80GTF7itCv0ZH20=",
+        "lastModified": 1717234745,
+        "narHash": "sha256-MFyKRdw4WQD6V3vRGbP6MYbtJhZp712zwzjW6YiOBYM=",
         "owner": "dali99",
         "repo": "nixos-matrix-modules",
-        "rev": "6c9b67974b839740e2a738958512c7a704481157",
+        "rev": "d7dc42c9bbb155c5e4aa2f0985d0df75ce978456",
         "type": "github"
       },
       "original": {
         "owner": "dali99",
+        "ref": "v0.6.0",
         "repo": "nixos-matrix-modules",
         "type": "github"
       }
@@ -142,16 +143,16 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1715410392,
-        "narHash": "sha256-ltp1jQps9tym0uWNl/lTniHSQngCtNIyzlymu+ZSyts=",
+        "lastModified": 1719520878,
+        "narHash": "sha256-5BXzNOl2RVHcfS/oxaZDKOi7gVuTyWPibQG0DHd5sSc=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "9f8bf7503bd85d5208575f4bd81c8b1fc999a468",
+        "rev": "a44bedbb48c367f0476e6a3a27bf28f6330faf23",
         "type": "github"
       },
       "original": {
         "id": "nixpkgs",
-        "ref": "nixos-23.11-small",
+        "ref": "nixos-24.05-small",
         "type": "indirect"
       }
     },
@@ -213,11 +214,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1716150352,
-        "narHash": "sha256-c13lzYbLmbrcbEdPTYZYtlX2Qsz1W+2sLsIMGShPgwo=",
+        "lastModified": 1722722932,
+        "narHash": "sha256-K81a2GQpY2kRX+C9ek9r91THlZB674CqRTSMMb5IO7E=",
         "ref": "refs/heads/master",
-        "rev": "2cab4df4b119e08a1f90ea1c944652cd78b4d478",
-        "revCount": 459,
+        "rev": "6580cfe546c902cdf11e17b0b8aa30b3c412bb34",
+        "revCount": 465,
         "type": "git",
         "url": "https://git.pvv.ntnu.no/Projects/nettsiden.git"
       },

flake.nix

@@ -2,7 +2,7 @@
   description = "PVV System flake";
 
   inputs = {
-    nixpkgs.url = "nixpkgs/nixos-23.11-small";
+    nixpkgs.url = "nixpkgs/nixos-24.05-small";
     nixpkgs-unstable.url = "nixpkgs/nixos-unstable-small";
 
     sops-nix.url = "github:Mic92/sops-nix";
@@ -17,7 +17,7 @@
     pvv-calendar-bot.url = "git+https://git.pvv.ntnu.no/Projects/calendar-bot.git";
     pvv-calendar-bot.inputs.nixpkgs.follows = "nixpkgs";
 
-    matrix-next.url = "github:dali99/nixos-matrix-modules";
+    matrix-next.url = "github:dali99/nixos-matrix-modules/v0.6.0";
     matrix-next.inputs.nixpkgs.follows = "nixpkgs";
 
     nix-gitea-themes.url = "git+https://git.pvv.ntnu.no/oysteikt/nix-gitea-themes.git";
@@ -29,7 +29,7 @@
     grzegorz-clients.inputs.nixpkgs.follows = "nixpkgs";
   };
 
-  outputs = { self, nixpkgs, nixpkgs-unstable, pvv-nettsiden, sops-nix, disko, ... }@inputs:
+  outputs = { self, nixpkgs, nixpkgs-unstable, sops-nix, disko, ... }@inputs:
   let
     nixlib = nixpkgs.lib;
     systems = [
@@ -108,8 +108,6 @@
       ildkule = stableNixosConfig "ildkule" { };
       #ildkule-unstable = unstableNixosConfig "ildkule" { };
       shark = stableNixosConfig "shark" { };
-      
-      elysium = stableNixosConfig "elysium" { };
 
       brzeczyszczykiewicz = stableNixosConfig "brzeczyszczykiewicz" {
         modules = [

hosts/bekkalokk/services/gitea/default.nix

@@ -1,4 +1,4 @@
-{ config, values, pkgs, ... }:
+{ config, values, pkgs, lib, ... }:
 let
   cfg = config.services.gitea;
   domain = "git.pvv.ntnu.no";
@@ -22,19 +22,19 @@ in {
 
   services.gitea = {
     enable = true;
-    stateDir = "/data/gitea";
     appName = "PVV Git";
 
     database = {
       type = "postgres";
       host = "postgres.pvv.ntnu.no";
-      port = config.services.postgresql.port;
+      port = config.services.postgresql.settings.port;
       passwordFile = config.sops.secrets."gitea/database".path;
       createDatabase = false;
     };
 
     mailerPasswordFile = config.sops.secrets."gitea/email-password".path;
 
+    # https://docs.gitea.com/administration/config-cheat-sheet
     settings = {
       server = {
         DOMAIN   = domain;
@@ -42,6 +42,8 @@ in {
         PROTOCOL = "http+unix";
         SSH_PORT = sshPort;
         START_SSH_SERVER = true;
+        START_LFS_SERVER = true;
+        LANDING_PAGE = "explore";
       };
       mailer = {
         ENABLED = true;
@@ -50,11 +52,46 @@ in {
         SMTP_ADDR = "smtp.pvv.ntnu.no";
         SMTP_PORT = 587;
         USER = "gitea@pvv.ntnu.no";
+        SUBJECT_PREFIX = "[pvv-git]";
       };
       indexer.REPO_INDEXER_ENABLED = true;
-      service.DISABLE_REGISTRATION = true;
+      service = {
+        DISABLE_REGISTRATION = true;
+        ENABLE_NOTIFY_MAIL = true;
+      };
+      admin.DEFAULT_EMAIL_NOTIFICATIONS = "onmention";
       session.COOKIE_SECURE = true;
       database.LOG_SQL = false;
+      repository = {
+        PREFERRED_LICENSES = lib.concatStringsSep "," [
+          "AGPL-3.0-only"
+          "AGPL-3.0-or-later"
+          "Apache-2.0"
+          "BSD-3-Clause"
+          "CC-BY-4.0"
+          "CC-BY-NC-4.0"
+          "CC-BY-NC-ND-4.0"
+          "CC-BY-NC-SA-4.0"
+          "CC-BY-ND-4.0"
+          "CC-BY-SA-4.0"
+          "CC0-1.0"
+          "GPL-2.0-only"
+          "GPL-3.0-only"
+          "GPL-3.0-or-later"
+          "LGPL-3.0-linking-exception"
+          "LGPL-3.0-only"
+          "LGPL-3.0-or-later"
+          "MIT"
+          "MPL-2.0"
+          "Unlicense"
+        ];
+        DEFAULT_REPO_UNITS = lib.concatStringsSep "," [
+          "repo.code"
+          "repo.issues"
+          "repo.pulls"
+          "repo.releases"
+        ];
+      };
       picture = {
         DISABLE_GRAVATAR = true;
         ENABLE_FEDERATED_AVATAR = false;
@@ -99,9 +136,9 @@ in {
       logo-svg = ../../../../assets/logo_blue_regular.svg;
       logo-png = ../../../../assets/logo_blue_regular.png;
     in ''
-      install -Dm444 ${logo-svg} ${cfg.customDir}/public/img/logo.svg
-      install -Dm444 ${logo-png} ${cfg.customDir}/public/img/logo.png
-      install -Dm444 ${./loading.apng} ${cfg.customDir}/public/img/loading.png
+      install -Dm444 ${logo-svg} ${cfg.customDir}/public/assets/img/logo.svg
+      install -Dm444 ${logo-png} ${cfg.customDir}/public/assets/img/logo.png
+      install -Dm444 ${./loading.apng} ${cfg.customDir}/public/assets/img/loading.png
     '';
   };
 }

hosts/bekkalokk/services/idp-simplesamlphp/default.nix

@@ -84,16 +84,16 @@ let
         cp ${./config.php} "$out"
 
         substituteInPlace "$out" \
-          --replace '$SAML_COOKIE_SECURE' 'true' \
-          --replace '$SAML_COOKIE_SALT' 'file_get_contents("${config.sops.secrets."idp/cookie_salt".path}")' \
-          --replace '$SAML_ADMIN_NAME' '"Drift"' \
-          --replace '$SAML_ADMIN_EMAIL' '"drift@pvv.ntnu.no"' \
-          --replace '$SAML_ADMIN_PASSWORD' 'file_get_contents("${config.sops.secrets."idp/admin_password".path}")' \
-          --replace '$SAML_TRUSTED_DOMAINS' 'array( "idp.pvv.ntnu.no" )' \
-          --replace '$SAML_DATABASE_DSN' '"pgsql:host=postgres.pvv.ntnu.no;port=5432;dbname=idp"' \
-          --replace '$SAML_DATABASE_USERNAME' '"idp"' \
-          --replace '$SAML_DATABASE_PASSWORD' 'file_get_contents("${config.sops.secrets."idp/postgres_password".path}")' \
-          --replace '$CACHE_DIRECTORY' '/var/cache/idp'
+          --replace-warn '$SAML_COOKIE_SECURE' 'true' \
+          --replace-warn '$SAML_COOKIE_SALT' 'file_get_contents("${config.sops.secrets."idp/cookie_salt".path}")' \
+          --replace-warn '$SAML_ADMIN_NAME' '"Drift"' \
+          --replace-warn '$SAML_ADMIN_EMAIL' '"drift@pvv.ntnu.no"' \
+          --replace-warn '$SAML_ADMIN_PASSWORD' 'file_get_contents("${config.sops.secrets."idp/admin_password".path}")' \
+          --replace-warn '$SAML_TRUSTED_DOMAINS' 'array( "idp.pvv.ntnu.no" )' \
+          --replace-warn '$SAML_DATABASE_DSN' '"pgsql:host=postgres.pvv.ntnu.no;port=5432;dbname=idp"' \
+          --replace-warn '$SAML_DATABASE_USERNAME' '"idp"' \
+          --replace-warn '$SAML_DATABASE_PASSWORD' 'file_get_contents("${config.sops.secrets."idp/postgres_password".path}")' \
+          --replace-warn '$CACHE_DIRECTORY' '/var/cache/idp'
       '';
 
       "modules/authpwauth/src/Auth/Source/PwAuth.php" = ./authpwauth.php;

hosts/bekkalokk/services/kerberos/default.nix

@@ -1,18 +1,5 @@
 { config, pkgs, lib, ... }:
 {
-  #######################
-  # TODO: remove these once nixos 24.05 gets released
-  #######################
-  imports = [
-    ./krb5.nix
-    ./pam.nix
-  ];
-  disabledModules = [
-    "config/krb5/default.nix"
-    "security/pam.nix"
-  ];
-  #######################
-
   security.krb5 = {
     enable = true;
     settings = {

hosts/bekkalokk/services/mediawiki/default.nix

@@ -17,16 +17,16 @@
         cp ${./simplesaml-config.php} "$out"
 
         substituteInPlace "$out" \
-          --replace '$SAML_COOKIE_SECURE' 'true' \
-          --replace '$SAML_COOKIE_SALT' 'file_get_contents("${config.sops.secrets."mediawiki/simplesamlphp/cookie_salt".path}")' \
-          --replace '$SAML_ADMIN_NAME' '"Drift"' \
-          --replace '$SAML_ADMIN_EMAIL' '"drift@pvv.ntnu.no"' \
-          --replace '$SAML_ADMIN_PASSWORD' 'file_get_contents("${config.sops.secrets."mediawiki/simplesamlphp/admin_password".path}")' \
-          --replace '$SAML_TRUSTED_DOMAINS' 'array( "wiki.pvv.ntnu.no" )' \
-          --replace '$SAML_DATABASE_DSN' '"pgsql:host=postgres.pvv.ntnu.no;port=5432;dbname=mediawiki_simplesamlphp"' \
-          --replace '$SAML_DATABASE_USERNAME' '"mediawiki_simplesamlphp"' \
-          --replace '$SAML_DATABASE_PASSWORD' 'file_get_contents("${config.sops.secrets."mediawiki/simplesamlphp/postgres_password".path}")' \
-          --replace '$CACHE_DIRECTORY' '/var/cache/mediawiki/idp'
+          --replace-warn '$SAML_COOKIE_SECURE' 'true' \
+          --replace-warn '$SAML_COOKIE_SALT' 'file_get_contents("${config.sops.secrets."mediawiki/simplesamlphp/cookie_salt".path}")' \
+          --replace-warn '$SAML_ADMIN_NAME' '"Drift"' \
+          --replace-warn '$SAML_ADMIN_EMAIL' '"drift@pvv.ntnu.no"' \
+          --replace-warn '$SAML_ADMIN_PASSWORD' 'file_get_contents("${config.sops.secrets."mediawiki/simplesamlphp/admin_password".path}")' \
+          --replace-warn '$SAML_TRUSTED_DOMAINS' 'array( "wiki.pvv.ntnu.no" )' \
+          --replace-warn '$SAML_DATABASE_DSN' '"pgsql:host=postgres.pvv.ntnu.no;port=5432;dbname=mediawiki_simplesamlphp"' \
+          --replace-warn '$SAML_DATABASE_USERNAME' '"mediawiki_simplesamlphp"' \
+          --replace-warn '$SAML_DATABASE_PASSWORD' 'file_get_contents("${config.sops.secrets."mediawiki/simplesamlphp/postgres_password".path}")' \
+          --replace-warn '$CACHE_DIRECTORY' '/var/cache/mediawiki/idp'
       '';
     };
   };
@@ -86,8 +86,20 @@ in {
     };
 
     extensions = {
-      #inherit (pkgs.mediawiki-extensions) DeleteBatch UserMerge PluggableAuth SimpleSAMLphp VisualEditor;
-      inherit (pkgs.mediawiki-extensions) UserMerge PluggableAuth SimpleSAMLphp VisualEditor;
+      inherit (pkgs.mediawiki-extensions)
+        CodeEditor
+        CodeMirror
+        DeleteBatch
+        PluggableAuth
+        Popups
+        Scribunto
+        SimpleSAMLphp
+        TemplateData
+        TemplateStyles
+        UserMerge
+        VisualEditor
+        WikiEditor
+        ;
     };
 
     extraConfig = ''
@@ -121,13 +133,27 @@ in {
 
       # Misc
       $wgEmergencyContact = "${cfg.passwordSender}";
-      $wgShowIPinHeader = false;
       $wgUseTeX = false;
       $wgLocalInterwiki = $wgSitename;
+      # Fix https://github.com/NixOS/nixpkgs/issues/183097
+      $wgDBserver = "${toString cfg.database.host}";
+      $wgAllowCopyUploads = true;
 
-      # SimpleSAML
+      # Misc program paths
+      $wgFFmpegLocation = '${pkgs.ffmpeg}/bin/ffmpeg';
+      $wgExiftool = '${pkgs.exiftool}/bin/exiftool';
+      $wgExiv2Command = '${pkgs.exiv2}/bin/exiv2';
+      # See https://gist.github.com/sergejmueller/088dce028b6dd120a16e
+      $wgJpegTran = '${pkgs.mozjpeg}/bin/jpegtran';
+      $wgGitBin = '${pkgs.git}/bin/git';
+
+      # Debugging
+      $wgShowExceptionDetails = false;
+      $wgShowIPinHeader = false;
+
+      # EXT:{SimpleSAML,PluggableAuth}
       $wgSimpleSAMLphp_InstallDir = "${simplesamlphp}/share/php/simplesamlphp/";
-      $wgPluggableAuth_Config['Log in using my SAML'] = [
+      $wgPluggableAuth_Config['Log in using SAML'] = [
         'plugin' => 'SimpleSAMLphp',
         'data' => [
           'authSourceId' => 'default-sp',
@@ -137,8 +163,12 @@ in {
         ]
       ];
 
-      # Fix https://github.com/NixOS/nixpkgs/issues/183097
-      $wgDBserver = "${toString cfg.database.host}";
+      # EXT:Scribunto
+      $wgScribuntoDefaultEngine = 'luastandalone';
+      $wgScribuntoEngineConf['luastandalone']['luaPath'] = '${pkgs.lua}/bin';
+
+      # EXT:WikiEditor
+      $wgWikiEditorRealtimePreview = true;
     '';
   };
 

hosts/buskerud/configuration.nix

@@ -4,6 +4,8 @@
     ./hardware-configuration.nix
     ../../base.nix
     ../../misc/metrics-exporters.nix
+
+    ./services/libvirt.nix
   ];
 
   # buskerud does not support efi?

hosts/buskerud/services/libvirt.nix

@@ -0,0 +1,10 @@
+{ config, pkgs, lib, ... }:
+{
+  virtualisation.libvirtd.enable = true;
+  programs.dconf.enable = true;
+  boot.kernelModules = [ "kvm-intel" ];
+
+  # On a gui-enabled machine, connect with:
+  # $ virt-manager --connect "qemu+ssh://buskerud/system?socket=/var/run/libvirt/libvirt-sock"
+}
+

hosts/elysium/base.nix

@@ -1,133 +0,0 @@
-{ config, lib, pkgs, inputs, values, ... }:
-
-{
-  imports = [
-    ./modules/snakeoil-certs.nix
-  ];
-
-  networking.domain = "pvv.ntnu.no";
-  networking.useDHCP = false;
-  # networking.search = [ "pvv.ntnu.no" "pvv.org" ];
-  # networking.nameservers = lib.mkDefault [ "129.241.0.200" "129.241.0.201" ];
-  # networking.tempAddresses = lib.mkDefault "disabled";
-  # networking.defaultGateway = values.hosts.gateway;
-
-  systemd.network.enable = true;
-
-  services.resolved = {
-    enable = lib.mkDefault true;
-    dnssec = "false"; # Supposdly this keeps breaking and the default is to allow downgrades anyways...
-  };
-
-  time.timeZone = "Europe/Oslo";
-
-  i18n.defaultLocale = "en_US.UTF-8";
-  console = {
-    font = "Lat2-Terminus16";
-    keyMap = "no";
-  };
-
-  system.autoUpgrade = {
-    enable = true;
-    flake = "git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git";
-    flags = [
-      "--update-input" "nixpkgs"
-      "--update-input" "nixpkgs-unstable"
-      "--no-write-lock-file"
-    ];
-  };
-  nix.gc.automatic = true;
-  nix.gc.options = "--delete-older-than 2d";
-
-  nix.settings.experimental-features = [ "nix-command" "flakes" ];
-
-  /* This makes commandline tools like
-  ** nix run nixpkgs#hello
-  ** and nix-shell -p hello
-  ** use the same channel the system
-  ** was built with
-  */
-  nix.registry = {
-    nixpkgs.flake = inputs.nixpkgs;
-  };
-  nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
-
-  environment.systemPackages = with pkgs; [
-    file
-    git
-    gnupg
-    htop
-    nano
-    ripgrep
-    rsync
-    screen
-    tmux
-    vim
-    wget
-
-    kitty.terminfo
-    foot.terminfo
-  ];
-
-  programs.zsh.enable = true;
-
-  users.groups."drift".name = "drift";
-
-  # Trusted users on the nix builder machines
-  users.groups."nix-builder-users".name = "nix-builder-users";
-
-  services.openssh = {
-    enable = true;
-    extraConfig = ''
-      PubkeyAcceptedAlgorithms=+ssh-rsa
-    '';
-    settings.PermitRootLogin = "yes";
-  };
-
-  # nginx return 444 for all nonexistent virtualhosts
-
-  systemd.services.nginx.after = [ "generate-snakeoil-certs.service" ];
-
-  environment.snakeoil-certs = lib.mkIf config.services.nginx.enable {
-    "/etc/certs/nginx" = {
-      owner = "nginx";
-      group = "nginx";
-    };
-  };
-
-  services.nginx = {
-    recommendedTlsSettings = true;
-    recommendedProxySettings = true;
-    recommendedOptimisation = true;
-    recommendedGzipSettings = true;
-
-    appendConfig = ''
-      pcre_jit on;
-      worker_processes auto;
-      worker_rlimit_nofile 100000;
-    '';
-    eventsConfig = ''
-      worker_connections 2048;
-      use epoll;
-      multi_accept on;
-    '';
-  };
-
-  systemd.services.nginx.serviceConfig = lib.mkIf config.services.nginx.enable {
-    LimitNOFILE = 65536;
-  };
-
-  services.nginx.virtualHosts."_" = lib.mkIf config.services.nginx.enable {
-    sslCertificate = "/etc/certs/nginx.crt";
-    sslCertificateKey = "/etc/certs/nginx.key";
-    addSSL = true;
-    extraConfig = "return 444;";
-  };
-
-  networking.firewall.allowedTCPPorts = lib.mkIf config.services.nginx.enable [ 80 443 ];
-
-  security.acme = {
-    acceptTerms = true;
-    defaults.email = "drift@pvv.ntnu.no";
-  };
-}

hosts/elysium/configuration.nix

@@ -1,167 +0,0 @@
-{ config, pkgs, values, ... }:
-{
-  imports = [
-      # Include the results of the hardware scan.
-      ./hardware-configuration.nix
-      ./nvidia.nix
-      ./base.nix
-      ../../misc/metrics-exporters.nix
-    ];
-
-  sops.defaultSopsFile = ../../secrets/elysium/elysium.yaml;
-  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
-  sops.age.keyFile = "/var/lib/sops-nix/key.txt";
-  sops.age.generateKey = true;
-
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-
-  networking.hostName = "elysium"; # Define your hostname.
-
-  #update this to actual network card.
-  systemd.network.networks."30-ens18" = values.defaultNetworkConfig // {
-    matchConfig.Name = "ens18";
-    address = with values.hosts.elysium; [ (ipv4 + "/25") (ipv6 + "/64") ];
-  };
-
-  # List packages installed in system profile
-  environment.systemPackages = with pkgs; [
-          zsh
-          bash
-          fish
-          tcsh
-
-          alpine
-          mutt
-          mutt-ics
-          mutt-wizard
-          notmuch
-          mailutils
-          procmail
-
-          irssi
-          weechat
-          weechatScripts.edit
-
-          coreutils-full
-          diffutils
-          findutils
-          ripgrep
-          cvs
-          gawk
-          git
-          gnupg
-          gnused
-          groff
-          less
-          p7zip
-          rcs
-          screen
-          tmux
-          tree
-          unzip
-          zip
-
-          emacs
-          helix
-          joe
-          micro
-          nano
-          neovim
-
-          autossh
-          inetutils
-          lynx
-          mosh
-          rsync
-          w3m
-
-          clang
-          gcc
-          guile
-          lua
-          perl
-          php
-          python3
-          (python3.withPackages (ps: with ps; [
-            numpy
-            sympy
-            scipy
-            requests
-            imageio
-            pillow
-            httpx
-            pycryptodome
-            pandas
-            matplotlib
-          ]))
-          ruby
-          tcl
-
-
-          openscad
-          cura
-          where-is-my-sddm-theme
-          firefox
-
-  ];
-
-
-
-
-  fonts.packages = with pkgs; [
-    noto-fonts
-    noto-fonts-cjk
-    noto-fonts-emoji
-    liberation_ttf
-    fira-code
-    fira-code-symbols
-    mplus-outline-fonts.githubRelease
-    dina-font
-    proggyfonts
-    nerdfonts
-    ubuntu_font_family
-
-  ];
-
-  # Enable CUPS to print documents.
-  services.printing.enable = true;
-
-  security.polkit.enable = true;
-  
-  services.displayManager = {
-    enable = true;
-    sessionPackages = with pkgs; [ sway ];
-    sddm = {
-      enable = true;
-      theme = "${pkgs.where-is-my-sddm-theme}";
-      wayland.enable = true;
-      wayland.compositor = "kwin";
-      autoNumlock = true;
-      enableHidpi = true;
-    };
-  };
-
-  services.desktopManager.plasma6.enable = true;
-  services.desktopManager.plasma6.enableQt5Integration = true;
-
-  qt.platformTheme = "kde";
-
-  # Configure keymap in X11
-  services.xserver.xkb = {
-    layout = "us,no";
-    variant = ",";
-  };
-
-
-  # List services that you want to enable:
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "23.05"; # Did you read the comment?
-
-}

hosts/elysium/hardware-configuration.nix

@@ -1,42 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  #imports =
-  #  [ (modulesPath + "/profiles/qemu-guest.nix")
-  #  ];
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
-
-
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/224c45db-9fdc-45d4-b3ad-aaf20b3efa8a";
-      fsType = "ext4";
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/CC37-F5FE";
-      fsType = "vfat";
-    };
-
-  swapDevices =
-    [ { device = "/dev/disk/by-uuid/a1ce3234-78b1-4565-9643-f4a05004424f"; }
-    ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.ens18.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-}

hosts/elysium/nvidia.nix

@@ -1,52 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
-  # Enable OpenGL
-  hardware.opengl = {
-    enable = true;
-    driSupport = true;
-    driSupport32Bit = true;
-  };
-  
-  # Load nvidia driver for Xorg and Wayland
-  services.xserver.videoDrivers = ["nvidia"];
-  #boot with nvidia kernel module
-  boot.initrd.kernelModules = [ "nvidia" ];
-  hardware.nvidia = {
-    # Modesetting is required.
-    modesetting.enable = true;
-      # Nvidia power management. Experimental, and can cause sleep/suspend to fail.
-      #powerManagement.enable = true;
-      # Fine-grained power management. Turns off GPU when not in use.
-      # Experimental and only works on modern Nvidia GPUs (Turing or newer).
-      #powerManagement.finegrained = true;
-
-      # Use the NVidia open source kernel module (not to be confused with the
-      # independent third-party "nouveau" open source driver).
-      # Support is limited to the Turing and later architectures. Full list of 
-      # supported GPUs is at: 
-      # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus 
-      # Only available from driver 515.43.04+
-      # Currently alpha-quality/buggy, so false is currently the recommended setting.
-      open = false;
-
-      # Enable the Nvidia settings menu,
-      # accessible via `nvidia-settings`.
-      nvidiaSettings = true;
-
-      # Optionally, you may need to select the appropriate driver version for your specific GPU.
-      package = config.boot.kernelPackages.nvidiaPackages.legacy_470;
-    };
-
-
-    # Enable the CUDA toolkit
-    #install packages 
-    environment.systemPackages = with pkgs; [
-      #cudaPackages.cudnn
-      #cudaPackages.cudatoolkit
-      
-      nvtopPackages.nvidia
-      
-    ];
-
-
-  }

hosts/ildkule/configuration.nix

@@ -20,10 +20,26 @@
   zramSwap.enable = true;
 
   networking.hostName = "ildkule"; # Define your hostname.
-  systemd.network.networks."30-all" = values.defaultNetworkConfig // {
-    matchConfig.Name = "en*";
-    DHCP = "yes";
-    gateway = [ ];
+
+  # Main connection, using the global/floatig IP, for communications with the world
+  systemd.network.networks."30-ntnu-global" = values.openstackGlobalNetworkConfig // {
+    matchConfig.Name = "ens4";
+
+    # Add the global addresses in addition to the local address learned from DHCP
+    addresses = [
+      { addressConfig.Address = "${values.hosts.ildkule.ipv4_global}/32"; }
+      { addressConfig.Address = "${values.hosts.ildkule.ipv6_global}/128"; }
+    ];
+  };
+
+  # Secondary connection only for use within the university network
+  systemd.network.networks."40-ntnu-internal" = values.openstackLocalNetworkConfig // {
+    matchConfig.Name = "ens3";
+    # Add the ntnu-internal addresses in addition to the local address learned from DHCP
+    addresses = [
+      { addressConfig.Address = "${values.hosts.ildkule.ipv4}/32"; }
+      { addressConfig.Address = "${values.hosts.ildkule.ipv6}/128"; }
+    ];
   };
 
   # List packages installed in system profile

hosts/ildkule/services/monitoring/loki.nix

@@ -50,7 +50,6 @@ in {
         boltdb_shipper = {
           active_index_directory = "/var/lib/loki/boltdb-shipper-index";
           cache_location = "/var/lib/loki/boltdb-shipper-cache";
-          shared_store = "filesystem";
           cache_ttl = "24h";
         };
         filesystem = {
@@ -59,14 +58,13 @@ in {
       };
 
       limits_config = {
-        enforce_metric_name = false;
+	allow_structured_metadata = false;
         reject_old_samples = true;
         reject_old_samples_max_age = "72h";
       };
 
       compactor = {
         working_directory = "/var/lib/loki/compactor";
-        shared_store = "filesystem";
       };
 
       # ruler = {

packages/mediawiki-extensions/default.nix

@@ -1,8 +1,95 @@
 { pkgs, lib }:
-{
-  DeleteBatch = pkgs.callPackage ./delete-batch { };
-  PluggableAuth = pkgs.callPackage ./pluggable-auth { };
-  SimpleSAMLphp = pkgs.callPackage ./simple-saml-php { };
-  UserMerge = pkgs.callPackage ./user-merge { };
-  VisualEditor = pkgs.callPackage ./visual-editor { };
-}
+let
+  kebab-case-name = project-name: lib.pipe project-name [
+    (builtins.replaceStrings
+      lib.upperChars
+      (map (x: "-${x}") lib.lowerChars)
+    )
+    (lib.removePrefix "-")
+  ];
+
+  mw-ext = {
+    name
+  , commit
+  , hash
+  , tracking-branch ? "REL1_41"
+  , kebab-name ? kebab-case-name name
+  , fetchgit ? pkgs.fetchgit
+  }:
+  {
+    ${name} = (fetchgit {
+      name = "mediawiki-${kebab-name}-source";
+      url = "https://gerrit.wikimedia.org/r/mediawiki/extensions/${name}";
+      rev = commit;
+      inherit hash;
+    }).overrideAttrs (_: {
+      passthru = { inherit name kebab-name tracking-branch; };
+    });
+  };
+in
+# NOTE: to add another extension, you can add an mw-ext expression
+#       with an empty (or even wrong) commit and empty hash, and
+#       run the update script
+lib.mergeAttrsList [
+  (mw-ext {
+    name = "CodeEditor";
+    commit = "7d8447035e381d76387e38b92e4d1e2b8d373a01";
+    hash = "sha256-v2AlbP0vZma3qZyEAWGjZ/rLcvOpIMroyc1EixKjlAU=";
+  })
+  (mw-ext {
+    name = "CodeMirror";
+    commit = "a7b4541089f9b88a0b722d9d790e4cf0f13aa328";
+    hash = "sha256-clyzN3v3+J4GjdyhrCsytBrH7VR1tq5yd0rB+32eWCg=";
+  })
+  (mw-ext {
+    name = "DeleteBatch";
+    commit = "cad869fbd95637902673f744581b29e0f3e3f61a";
+    hash = "sha256-M1ek1WdO1/uTjeYlrk3Tz+nlb/fFZH+O0Ok7b10iKak=";
+  })
+  (mw-ext {
+    name = "PluggableAuth";
+    commit = "4111a57c34e25bde579cce5d14ea094021e450c8";
+    hash = "sha256-aPtN8A9gDxLlq2+EloRZBO0DfHtE0E5kbV/adk82jvM=";
+  })
+  (mw-ext {
+    name = "Popups";
+    commit = "f1bcadbd8b868f32ed189feff232c47966c2c49e";
+    hash = "sha256-PQAjq/X4ZYwnnZ6ADCp3uGWMIucJy0ZXxsTTbAyxlSE=";
+  })
+  (mw-ext {
+    name = "Scribunto";
+    commit = "7b99c95f588b06635ee3c487080d6cb04617d4b5";
+    hash = "sha256-pviueRHQAsSlv4AtnUpo2Cjci7CbJ5aM75taEXY+WrI=";
+  })
+  (mw-ext {
+    name = "SimpleSAMLphp";
+    kebab-name = "simple-saml-php";
+    commit = "ecb47191fecd1e0dc4c9d8b90a9118e393d82c23";
+    hash = "sha256-gKu+O49XrAVt6hXdt36Ru7snjsKX6g2CYJ0kk/d+CI8=";
+  })
+  (mw-ext {
+    name = "TemplateData";
+    commit = "1ec66ce80f8a4322138efa56864502d0ee069bad";
+    hash = "sha256-Lv3Lq9dYAtdgWcwelveTuOhkP38MTu0m5kmW8+ltRis=";
+  })
+  (mw-ext {
+    name = "TemplateStyles";
+    commit = "581180e898d6a942e2a65c8f13435a5d50fffa67";
+    hash = "sha256-zW8O0mzG4jYfQoKi2KzsP+8iwRCLnWgH7qfmDE2R+HU=";
+  })
+  (mw-ext {
+    name = "UserMerge";
+    commit = "c17c919bdb9b67bb69f80df43e9ee9d33b1ecf1b";
+    hash = "sha256-+mkzTCo8RVlGoFyfCrSb5YMh4J6Pbi1PZLFu5ps8bWY=";
+  })
+  (mw-ext {
+    name = "VisualEditor";
+    commit = "90bb3d455892e25317029ffd4bda93159e8faac8";
+    hash = "sha256-SZAVELQUKZtwSM6NVlxvIHdFPodko8fhZ/uwB0LCFDA=";
+  })
+  (mw-ext {
+    name = "WikiEditor";
+    commit = "8dba5b13246d7ae09193f87e6273432b3264de5f";
+    hash = "sha256-vF9PBuM+VfOIs/a2X1JcPn6WH4GqP/vUJDFkfXzWyFU=";
+  })
+]

packages/mediawiki-extensions/delete-batch/default.nix

@@ -1,13 +0,0 @@
-{ fetchzip }:
-let
-  commit = "a53af3b8269ed19ede3cf1fa811e7ec8cb00af92";
-  project-name = "UserMerge";
-  tracking-branch = "REL1_41";
-in
-fetchzip {
-  name = "mediawiki-delete-batch";
-  url = "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/${project-name}/+archive/${commit}.tar.gz";
-  hash = "sha256-0ofCZhhv4aVTGq469Fdu7k0oVQu3kG3HFa8zaBbUr/M=";
-  stripRoot = false;
-  passthru = { inherit project-name tracking-branch; };
-}

packages/mediawiki-extensions/pluggable-auth/default.nix

@@ -1,13 +0,0 @@
-{ fetchzip }:
-let
-  commit = "d5b3ad8f03b65d3746e025cdd7fe3254ad6e4026";
-  project-name = "PluggableAuth";
-  tracking-branch = "REL1_41";
-in
-fetchzip {
-  name = "mediawiki-pluggable-auth-source";
-  url = "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/${project-name}/+archive/${commit}.tar.gz";
-  hash = "sha256-mLepavgeaNUGYxrrCKVpybGO2ecjc3B5IU8q+gZTx2U=";
-  stripRoot = false;
-  passthru = { inherit project-name tracking-branch; };
-}

packages/mediawiki-extensions/simple-saml-php/default.nix

@@ -1,13 +0,0 @@
-{ fetchzip }:
-let
-  commit = "9ae0678d77a9175285a1cfadd5adf28379dbdb3d";
-  project-name = "SimpleSAMLphp";
-  tracking-branch = "REL1_41";
-in
-fetchzip {
-  name = "mediawiki-simple-saml-php-source";
-  url = "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/${project-name}/+archive/${commit}.tar.gz";
-  hash = "sha256-s6Uw1fNzGBF0HEMl0LIRLhJkOHugrCE0aTnqawYi/pE=";
-  stripRoot = false;
-  passthru = { inherit project-name tracking-branch; };
-}

packages/mediawiki-extensions/update-mediawiki-extensions.py

@@ -1,5 +1,5 @@
 #!/usr/bin/env nix-shell
-#!nix-shell -i python3 -p "python3.withPackages(ps: with ps; [ beautifulsoup4 requests ])"
+#!nix-shell -i python3 -p "python3.withPackages(ps: with ps; [ beautifulsoup4 requests ])" nix-prefetch-git
 
 import os
 from pathlib import Path
@@ -8,99 +8,148 @@ import subprocess
 from collections import defaultdict
 from pprint import pprint
 from dataclasses import dataclass
+from functools import cache
+import json
 
 import bs4
 import requests
 
-BASE_URL = "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions"
+
+BASE_WEB_URL = "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions"
+BASE_GIT_URL = "https://gerrit.wikimedia.org/r/mediawiki/extensions/"
+
 
 @dataclass
 class PluginMetadata:
     project_name: str
-    tracking_branch: str
+    tracking_branch: str | None
     commit: str
+    hash_: str
 
 
-def get_metadata(file_content: str) -> dict[str,str] | None:
-    commit_search = re.search(f'commit = "([^"]*?)";', file_content)
-    tracking_branch_search = re.search(f'tracking-branch = "([^"]+?)";', file_content)
-    project_name_search = re.search(f'project-name = "([^"]+?)";', file_content)
-    if commit_search is None:
-        print("Could not find commit in file:")
-        print(file_content)
-        return None
-    if tracking_branch_search is None:
-        print("Could not find tracking branch in file:")
-        print(file_content)
-        return None
+@cache
+def get_package_listing_path():
+    return Path(__file__).parent / "default.nix"
+
+
+@cache
+def get_global_tracking_branch() -> str:
+    with open(get_package_listing_path()) as file:
+        file_content = file.read()
+    return re.search(r'\btracking-branch\b \? "([^"]+?)"', file_content).group(1)
+
+
+def get_metadata(package_expression: str) -> PluginMetadata | None:
+    project_name_search = re.search(r'\bname\b = "([^"]+?)";', package_expression)
+    tracking_branch_search = re.search(r'\btracking-branch\b = "([^"]+?)";', package_expression)
+    commit_search = re.search(r'\bcommit\b = "([^"]*?)";', package_expression)
+    hash_search = re.search(r'\bhash\b = "([^"]*?)";', package_expression)
+
     if project_name_search is None:
-        print("Could not find project name in file:")
-        print(file_content)
+        print("Could not find project name in package:")
+        print(package_expression)
         return None
+
+    tracking_branch = None;
+    if tracking_branch_search is not None:
+        tracking_branch = tracking_branch_search.group(1)
+
+    if commit_search is None:
+        print("Could not find commit in package:")
+        print(package_expression)
+        return None
+
+    if hash_search is None:
+        print("Could not find hash in package:")
+        print(package_expression)
+        return None
+
     return PluginMetadata(
         commit = commit_search.group(1),
-        tracking_branch = tracking_branch_search.group(1),
+        tracking_branch = tracking_branch,
         project_name = project_name_search.group(1),
+        hash_ = hash_search.group(1),
     )
 
 
+def update_metadata(package_expression: str, metadata: PluginMetadata) -> str:
+    result = package_expression
+    result = re.sub(r'\bcommit\b = "[^"]*";', f'commit = "{metadata.commit}";', result)
+    result = re.sub(r'\bhash\b = "[^"]*";', f'hash = "{metadata.hash_}";', result)
+    return result
+
+
 def get_newest_commit(project_name: str, tracking_branch: str) -> str:
-    content = requests.get(f"{BASE_URL}/{project_name}/+log/refs/heads/{tracking_branch}/").text
+    content = requests.get(f"{BASE_WEB_URL}/{project_name}/+log/refs/heads/{tracking_branch}/").text
     soup = bs4.BeautifulSoup(content, features="html.parser")
-    a = soup.find('li').findChild('a')
-    commit_sha = a['href'].split('/')[-1]
+    try:
+        a = soup.find('li').findChild('a')
+        commit_sha = a['href'].split('/')[-1]
+    except AttributeError:
+        print(f"ERROR: Could not parse page for {project_name}:")
+        print(soup.prettify())
+        exit(1)
     return commit_sha
 
 
-def get_nix_hash(tar_gz_url: str) -> str:
+def get_nix_hash(url: str, commit: str) -> str:
     out, err = subprocess.Popen(
-        ["nix-prefetch-url", "--unpack", "--type", "sha256", tar_gz_url],
-        stdout=subprocess.PIPE,
-        stderr=subprocess.PIPE
-    ).communicate()
-    out, err = subprocess.Popen(
-        ["nix", "hash", "to-sri", "--type", "sha256", out.decode().strip()],
+        ["nix-prefetch-git", "--url", url, "--rev", commit, "--fetch-submodules", "--quiet"],
         stdout=subprocess.PIPE,
         stderr=subprocess.PIPE
     ).communicate()
 
-    return out.decode().strip()
+    return json.loads(out.decode().strip())['hash']
 
 
-def set_commit_and_hash(file_content: str, commit: str, sha256: str) -> str:
-    result = file_content
-    result = re.sub('commit = "[^"]*";', f'commit = "{commit}";', result)
-    result = re.sub('hash = "[^"]*";', f'hash = "{sha256}";', result)
-    return result
+def update_expression(package_expression: str) -> str:
+    old_metadata = get_metadata(package_expression)
+    if old_metadata is None:
+        print("ERROR: could not find metadata for expression:")
+        print(package_expression)
+        return
 
-def update(package_file: Path) -> None:
-    with open(package_file) as file:
+    if old_metadata.commit == "":
+        old_metadata.commit = "<none>"
+    if old_metadata.hash_ == "":
+        old_metadata.hash_ = "<none>"
+
+    tracking_branch = old_metadata.tracking_branch
+    if tracking_branch is None:
+        tracking_branch = get_global_tracking_branch()
+
+    new_commit = get_newest_commit(old_metadata.project_name, tracking_branch)
+    new_hash = get_nix_hash(f"{BASE_GIT_URL}/{old_metadata.project_name}", new_commit)
+    if new_hash is None or new_hash == "":
+        print(f"ERROR: could not fetch hash for {old_metadata.project_name}")
+        exit(1)
+
+    print(f"Updating {old_metadata.project_name}[{tracking_branch}]: {old_metadata.commit} -> {new_commit}")
+
+    new_metadata = PluginMetadata(
+        project_name = old_metadata.project_name,
+        tracking_branch = old_metadata.tracking_branch,
+        commit = new_commit,
+        hash_ = new_hash,
+    )
+
+    return update_metadata(package_expression, new_metadata)
+
+
+def update_all_expressions_in_default_nix() -> None:
+    with open(get_package_listing_path()) as file:
         file_content = file.read()
 
-    metadata = get_metadata(file_content)
-    if metadata is None:
-        return
-    if metadata.commit == "":
-        metadata.commit = "<none>"
+    new_file_content = re.sub(
+        r"\(mw-ext\s*\{(?:.|\n)+?\}\)",
+        lambda m: update_expression(m.group(0)),
+        file_content,
+        flags = re.MULTILINE,
+    )
 
-    new_commit = get_newest_commit(metadata.project_name, metadata.tracking_branch)
-    if new_commit == metadata.commit:
-        return
-
-    new_url = f"{BASE_URL}/{metadata.project_name}/+archive/{new_commit}.tar.gz"
-    new_hash = get_nix_hash(new_url)
-
-    print(f"Updating {metadata.project_name}: {metadata.commit} -> {new_commit}")
-
-    new_file_content = set_commit_and_hash(file_content, new_commit, new_hash)
-
-    with open(package_file, 'w') as file:
+    with open(get_package_listing_path(), 'w') as file:
         file.write(new_file_content)
 
 
 if __name__ == "__main__":
-    for direntry in os.scandir(Path(__file__).parent):
-        if direntry.is_dir():
-            package_file = Path(direntry) / "default.nix"
-            assert package_file.is_file()
-            update(package_file)
+    update_all_expressions_in_default_nix()

packages/mediawiki-extensions/user-merge/default.nix

@@ -1,13 +0,0 @@
-{ fetchzip }:
-let
-  commit = "a53af3b8269ed19ede3cf1fa811e7ec8cb00af92";
-  project-name = "UserMerge";
-  tracking-branch = "REL1_41";
-in
-fetchzip {
-  name = "mediawiki-user-merge-source";
-  url = "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/${project-name}/+archive/${commit}.tar.gz";
-  hash = "sha256-0ofCZhhv4aVTGq469Fdu7k0oVQu3kG3HFa8zaBbUr/M=";
-  stripRoot = false;
-  passthru = { inherit project-name tracking-branch; };
-}

packages/mediawiki-extensions/visual-editor/default.nix

@@ -1,13 +0,0 @@
-{ fetchzip }:
-let
-  commit = "bb92d4b0bb81cebd73a3dbabfb497213dac349f2";
-  project-name = "VisualEditor";
-  tracking-branch = "REL1_40";
-in
-fetchzip {
-  name = "mediawiki-visual-editor-source";
-  url = "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/${project-name}/+archive/${commit}.tar.gz";
-  hash = "sha256-lShpSoR+NLfdd5i7soM6J40pq+MzCMG0M1tSYsS+jAg=";
-  stripRoot = false;
-  passthru = { inherit project-name tracking-branch; };
-}

users/felixalb.nix

@@ -1,8 +1,12 @@
-{ pkgs, ... }:
+{ pkgs, lib, config, ... }:
 {
   users.users.felixalb = {
     isNormalUser = true;
-    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+    extraGroups = [
+      "wheel"
+    ] ++ lib.optionals ( config.users.groups ? "libvirtd" ) [
+      "libvirtd"
+    ];
     shell = pkgs.zsh;
     openssh.authorizedKeys.keys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDKzPICGew7uN0cmvRmbwkwTCodTBUgEhkoftQnZuO4Q felixalbrigtsen@gmail.com"

values.nix

@@ -73,4 +73,25 @@ in rec {
     DHCP = "no";
   };
 
+  openstackGlobalNetworkConfig = {
+    networkConfig.IPv6AcceptRA = "yes";
+    dns = [ "129.241.0.200" "129.241.0.201" ];
+    domains = [ "pvv.ntnu.no" "pvv.org" ];
+    DHCP = "yes";
+  };
+
+  openstackLocalNetworkConfig = {
+    networkConfig.IPv6AcceptRA = "no";
+    dns = [ "129.241.0.200" "129.241.0.201" ];
+    domains = [ "pvv.ntnu.no" "pvv.org" ];
+    DHCP = "yes";
+
+    # Only use this network for link-local networking, not global/default routes
+    dhcpV4Config.UseRoutes = "no";
+    routes = [
+      { routeConfig = { Destination = "10.0.0.0/8"; Gateway = "_dhcp4"; }; }
+    ];
+
+    linkConfig.RequiredForOnline = "no";
+  };
 }