17 files changed, 67 insertions, 25 deletions

diff --git a/flake.lock b/flake.lock
index 9198098..e205a5d 100644
--- a/flake.lock
+++ b/flake.lock
@@ -7,11 +7,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1755519972,
-        "narHash": "sha256-bU4nqi3IpsUZJeyS8Jk85ytlX61i4b0KCxXX9YcOgVc=",
+        "lastModified": 1756115622,
+        "narHash": "sha256-iv8xVtmLMNLWFcDM/HcAPLRGONyTRpzL9NS09RnryRM=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "4073ff2f481f9ef3501678ff479ed81402caae6d",
+        "rev": "bafad29f89e83b2d861b493aa23034ea16595560",
         "type": "github"
       },
       "original": {
@@ -78,11 +78,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1755615617,
-        "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=",
+        "lastModified": 1756125398,
+        "narHash": "sha256-XexyKZpf46cMiO5Vbj+dWSAXOnr285GHsMch8FBoHbc=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "20075955deac2583bb12f07151c2df830ef346b4",
+        "rev": "3b9f00d7a7bf68acd4c4abb9d43695afb04e03a5",
         "type": "github"
       },
       "original": {
@@ -94,11 +94,11 @@
     },
     "nixpkgs-master": {
       "locked": {
-        "lastModified": 1756050191,
-        "narHash": "sha256-lMtTT4rv5On7D0P4Z+k7UkvbAKKuVGRbJi/VJeRCQwI=",
+        "lastModified": 1756223397,
+        "narHash": "sha256-vyE8Wbijm53sVihdU6oRbrfL13DzhHhy0Y84UJDxzvc=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "759dcc6981cd4aa222d36069f78fe7064d563305",
+        "rev": "f126df6d27ccfdd20ad8c7fb4edfdc92a31a8191",
         "type": "github"
       },
       "original": {
diff --git a/hosts/arrakis/default.nix b/hosts/arrakis/default.nix
index 7eb9f28..2b3f855 100644
--- a/hosts/arrakis/default.nix
+++ b/hosts/arrakis/default.nix
@@ -6,7 +6,7 @@
       "net.ipv4.ip_forward" = 1;
       #"net.ipv4.conf.all.proxy_arp" = 1;
     };
-    kernelPackages = pkgs.linuxPackages_6_15;
+    kernelPackages = pkgs.linuxPackages_6_16;
     loader = {
       efi = {
         canTouchEfiVariables = true;
@@ -292,6 +292,8 @@
       after = [ "zfs-import-data.service" ];
       description = "Bind NFS exports to ZFS paths";
       script = ''
+        ${pkgs.util-linux}/bin/mount --onlyonce /srv/caladan/downloads || ${pkgs.coreutils}/bin/true
+        ${pkgs.util-linux}/bin/mount --onlyonce /srv/caladan/www || ${pkgs.coreutils}/bin/true
         ${pkgs.util-linux}/bin/mount --onlyonce /srv/nfs/keepers || ${pkgs.coreutils}/bin/true
         ${pkgs.util-linux}/bin/mount --onlyonce /srv/nfs/movies || ${pkgs.coreutils}/bin/true
         ${pkgs.util-linux}/bin/mount --onlyonce /srv/nfs/tv || ${pkgs.coreutils}/bin/true
diff --git a/hosts/arrakis/hardware-configuration.nix b/hosts/arrakis/hardware-configuration.nix
index c7a6652..1948809 100644
--- a/hosts/arrakis/hardware-configuration.nix
+++ b/hosts/arrakis/hardware-configuration.nix
@@ -21,6 +21,24 @@
     MOZ_DISABLE_RDD_SANDBOX = "1";
   };
 
+  fileSystems."/srv/caladan/downloads" = {
+    device = "/data/home/nipsy/downloads";
+    fsType = "none";
+    options = [
+      "bind"
+      "noauto"
+    ];
+  };
+
+  fileSystems."/srv/caladan/www" = {
+    device = "/data/home/nipsy/www";
+    fsType = "none";
+    options = [
+      "bind"
+      "noauto"
+    ];
+  };
+
   fileSystems."/srv/nfs/keepers" = {
     device = "/data/home/nipsy/downloads/keepers";
     fsType = "none";
diff --git a/hosts/arrakis/services.nix b/hosts/arrakis/services.nix
index a42a2b9..05e8836 100644
--- a/hosts/arrakis/services.nix
+++ b/hosts/arrakis/services.nix
@@ -65,7 +65,11 @@
       server = {
         enable = true;
         exports = ''
-          /srv/nfs	192.168.1.0/24(ro,all_squash,insecure,crossmnt,subtree_check,fsid=0)
+          /srv/caladan/downloads	192.168.1.4/32(rw,root_squash,fsid=1)
+          /srv/caladan/www	192.168.1.4/32(rw,root_squash,fsid=2)
+          /srv/nfs/keepers	192.168.1.0/24(ro,all_squash,insecure,fsid=3)
+          /srv/nfs/movies	192.168.1.0/24(ro,all_squash,insecure,fsid=4)
+          /srv/nfs/tv	192.168.1.0/24(ro,all_squash,insecure,fsid=5)
         '';
       };
       settings = {
diff --git a/hosts/caladan/default.nix b/hosts/caladan/default.nix
index fc39609..22d1f5a 100644
--- a/hosts/caladan/default.nix
+++ b/hosts/caladan/default.nix
@@ -5,7 +5,7 @@
       "kernel.hostname" = "caladan.bitgnome.net";
       "kernel.split_lock_mitigate" = 0; # https://lwn.net/Articles/911219/
     };
-    kernelPackages = pkgs.linuxPackages_6_15;
+    kernelPackages = pkgs.linuxPackages_6_16;
     #kernelParams = [
     #  "amdgpu.ppfeaturemask=0xfffd3fff"
     #  "split_lock_detect=off"
diff --git a/hosts/caladan/hardware-configuration.nix b/hosts/caladan/hardware-configuration.nix
index 74852d5..302606c 100644
--- a/hosts/caladan/hardware-configuration.nix
+++ b/hosts/caladan/hardware-configuration.nix
@@ -21,6 +21,22 @@
     MOZ_DISABLE_RDD_SANDBOX = "1";
   };
 
+  fileSystems."/mnt/downloads" = {
+    device = "192.168.1.2:/srv/caladan/downloads";
+    fsType = "nfs";
+    options = [
+      "nfsvers=4.2"
+    ];
+  };
+
+  fileSystems."/mnt/www" = {
+    device = "192.168.1.2:/srv/caladan/www";
+    fsType = "nfs";
+    options = [
+      "nfsvers=4.2"
+    ];
+  };
+
   hardware = {
     bluetooth.enable = true;
 
diff --git a/hosts/caladan/services.nix b/hosts/caladan/services.nix
index 4644188..1970be2 100644
--- a/hosts/caladan/services.nix
+++ b/hosts/caladan/services.nix
@@ -10,6 +10,8 @@
 
     iperf3.openFirewall = true;
 
+    nfs.server.enable = true;
+
     printing.enable = true;
 
     #smartd = let my_email_addr = "nipsy@bitgnome.net"; in {
diff --git a/hosts/common/optional/services/nsd/bitgnome.net.zone b/hosts/common/optional/services/nsd/bitgnome.net.zone
index d033a77..02d11d8 100644
--- a/hosts/common/optional/services/nsd/bitgnome.net.zone
+++ b/hosts/common/optional/services/nsd/bitgnome.net.zone
@@ -3,7 +3,7 @@ $ORIGIN bitgnome.net.
 $TTL 1h
 
 @			in	soa	ns.bitgnome.net. nipsy.bitgnome.net. (
-	2025071701	; serial
+	2025082701	; serial
 	1d		; refresh
 	2h		; retry
 	4w		; expire
@@ -29,7 +29,7 @@ $TTL 1h
 ; name servers
 ns			in	a	5.161.149.85
 ns			in	aaaa	2a01:4ff:f0:e164::1
-ns2			in	a	67.5.111.116
+ns2			in	a	67.5.97.247
 
 ; srv records
 _xmpp-client._tcp	5m	in	srv	0 0 5222 bitgnome.net.
@@ -67,10 +67,10 @@ mta-sts		5m	in	cname	@
 ;royder			in	cname	@
 
 ; external machines
-arrakis		1m	in	a	67.5.111.116
+arrakis		1m	in	a	67.5.97.247
 ;darkstar	1m	in	a	66.69.213.114
 ;nb		1m	in	a	67.10.209.108
 ;terraria	1m	in	a	128.83.27.4
 ;caladan		1m	in	a	104.130.129.241
 ;caladan		1m	in	aaaa	2001:4800:7818:101:be76:4eff:fe03:db44
-darkstar	1m	in	a	67.5.111.116
+darkstar	1m	in	a	67.5.97.247
diff --git a/hosts/darkstar/default.nix b/hosts/darkstar/default.nix
index 7f2921a..60e3aed 100644
--- a/hosts/darkstar/default.nix
+++ b/hosts/darkstar/default.nix
@@ -5,7 +5,7 @@
       "kernel.hostname" = "darkstar.bitgnome.net";
       "net.ipv4.ip_forward" = true;
     };
-    kernelPackages = pkgs.linuxPackages_6_15;
+    kernelPackages = pkgs.linuxPackages_6_16;
     loader = {
       efi = {
         canTouchEfiVariables = true;
diff --git a/hosts/fangorn/default.nix b/hosts/fangorn/default.nix
index 962c64f..f05bd13 100644
--- a/hosts/fangorn/default.nix
+++ b/hosts/fangorn/default.nix
@@ -1,6 +1,6 @@
 { config, inputs, lib, outputs, pkgs, ... }: {
   boot = {
-    kernelPackages = pkgs.linuxPackages_6_15;
+    kernelPackages = pkgs.linuxPackages_6_16;
     loader = {
       efi.canTouchEfiVariables = true;
       systemd-boot.enable = true;
diff --git a/hosts/ginaz/default.nix b/hosts/ginaz/default.nix
index a58a10a..79ba3ca 100644
--- a/hosts/ginaz/default.nix
+++ b/hosts/ginaz/default.nix
@@ -1,7 +1,7 @@
 { config, inputs, outputs, pkgs, ... }: {
   boot = {
     initrd.kernelModules = [ "amdgpu" "zfs" ];
-    kernelPackages = pkgs.linuxPackages_6_15;
+    kernelPackages = pkgs.linuxPackages_6_16;
     loader = {
       efi.canTouchEfiVariables = true;
       systemd-boot.enable = true;
diff --git a/hosts/jupiter/default.nix b/hosts/jupiter/default.nix
index 4c8e83e..f570a38 100644
--- a/hosts/jupiter/default.nix
+++ b/hosts/jupiter/default.nix
@@ -4,7 +4,7 @@
     #kernel.sysctl = {
     #  "net.ipv4.ip_forward" = true;
     #};
-    kernelPackages = pkgs.linuxPackages_6_15;
+    kernelPackages = pkgs.linuxPackages_6_16;
     loader = {
       efi.canTouchEfiVariables = true;
       systemd-boot.enable = true;
diff --git a/hosts/kaitain/default.nix b/hosts/kaitain/default.nix
index 4ab99d5..72859b0 100644
--- a/hosts/kaitain/default.nix
+++ b/hosts/kaitain/default.nix
@@ -1,7 +1,7 @@
 { config, inputs, lib, outputs, pkgs, ... }: {
   boot = {
     initrd.kernelModules = [ "zfs" ];
-    kernelPackages = pkgs.linuxPackages_6_15;
+    kernelPackages = pkgs.linuxPackages_6_16;
     loader = {
       efi.canTouchEfiVariables = true;
       systemd-boot.enable = true;
diff --git a/hosts/neptune/default.nix b/hosts/neptune/default.nix
index 4e7f30c..a9f5240 100644
--- a/hosts/neptune/default.nix
+++ b/hosts/neptune/default.nix
@@ -4,7 +4,7 @@
     #kernel.sysctl = {
     #  "net.ipv4.ip_forward" = true;
     #};
-    kernelPackages = pkgs.linuxPackages_6_15;
+    kernelPackages = pkgs.linuxPackages_6_16;
     loader = {
       efi.canTouchEfiVariables = true;
       systemd-boot.enable = true;
diff --git a/hosts/richese/default.nix b/hosts/richese/default.nix
index 08fe724..48451c0 100644
--- a/hosts/richese/default.nix
+++ b/hosts/richese/default.nix
@@ -1,7 +1,7 @@
 { config, inputs, lib, outputs, pkgs, ... }: {
   boot = {
     initrd.kernelModules = [ "zfs" ];
-    kernelPackages = pkgs.linuxPackages_6_15;
+    kernelPackages = pkgs.linuxPackages_6_16;
     loader.grub.enable = true;
     supportedFilesystems = [ "zfs" ];
     zfs = {
diff --git a/hosts/saturn/default.nix b/hosts/saturn/default.nix
index b3f241b..696d544 100644
--- a/hosts/saturn/default.nix
+++ b/hosts/saturn/default.nix
@@ -4,7 +4,7 @@
     #kernel.sysctl = {
     #  "net.ipv4.ip_forward" = true;
     #};
-    kernelPackages = pkgs.linuxPackages_6_15;
+    kernelPackages = pkgs.linuxPackages_6_16;
     loader = {
       efi.canTouchEfiVariables = true;
       systemd-boot.enable = true;
diff --git a/hosts/uranus/default.nix b/hosts/uranus/default.nix
index aef0fc1..718549e 100644
--- a/hosts/uranus/default.nix
+++ b/hosts/uranus/default.nix
@@ -4,7 +4,7 @@
     #kernel.sysctl = {
     #  "net.ipv4.ip_forward" = true;
     #};
-    kernelPackages = pkgs.linuxPackages_6_15;
+    kernelPackages = pkgs.linuxPackages_6_16;
     loader = {
       efi.canTouchEfiVariables = true;
       systemd-boot.enable = true;