2 files changed, 0 insertions, 626 deletions

diff --git a/hosts/shar/configuration.nix b/hosts/shar/configuration.nix
deleted file mode 100644
index ef68150..0000000
--- a/hosts/shar/configuration.nix
+++ /dev/null
@@ -1,586 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-{
-  imports =
-    [ # Include the results of the hardware scan.
-      ./hardware-configuration.nix
-    ];
-
-  nix.settings = {
-    experimental-features = [ "nix-command" "flakes" ];
-    auto-optimise-store = true;
-  };
-
-  # Bootloader.
-  boot.loader = {
-    efi = {
-      canTouchEfiVariables = true;
-      efiSysMountPoint = "/boot"; # ← use the same mount point here.
-    };
-    grub = {
-      efiSupport = true;
-      device = "nodev";
-      useOSProber = true;
-      theme = "${pkgs.fetchFromGitHub { # blue screen of life grub theme
-        owner = "scouckel";
-        repo = "bsol";
-        rev = "a8eedad9e7163dce230ca7886be8e1b4ef81da99";
-        sha256 = "sha256-P2q73uM1Ysn1a+0mOGOvee/Q1WAYRGQvfanrasx/8r8";
-      }}/bsol";
-    };
-  };
-
-  system.name = "shar";
-  networking.hostName = "shar"; # Define your hostname.
-
-  boot.supportedFilesystems = [ "zfs" ];
-
-  services.zfs = {
-    autoScrub.enable = true;
-    autoSnapshot.enable = true;
-  };
-
-  fileSystems."/tank" = {
-    device = "tank";
-    fsType = "zfs";
-    options = [ "nofail" ];
-  };
-
-  # Configure network proxy if necessary
-  # networking.proxy.default = "http://user:password@proxy:port/";
-  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
-
-  # Enable networking
-  networking.interfaces.eno1.ipv4.addresses = [{
-    address = "173.66.162.54";
-    prefixLength = 28;
-  }];
-  networking.interfaces.eno1.mtu = 1400;
-  networking.interfaces.eno1.wakeOnLan.enable = true;
-  networking.hostId = "958b5d5d";
-  networking.useDHCP = false;
-  networking.defaultGateway = {
-    address = "173.66.162.1";
-    interface = "eno1";
-  };
-  networking.nameservers = [
-    "1.1.1.1"
-    "9.9.9.9"
-  ];
-
-  # Set your time zone.
-  time.timeZone = "America/New_York";
-
-  # Select internationalisation properties.
-  i18n.defaultLocale = "en_US.UTF-8";
-
-  i18n.extraLocaleSettings = {
-    LC_ADDRESS = "en_US.UTF-8";
-    LC_IDENTIFICATION = "en_US.UTF-8";
-    LC_MEASUREMENT = "en_US.UTF-8";
-    LC_MONETARY = "en_US.UTF-8";
-    LC_NAME = "en_US.UTF-8";
-    LC_NUMERIC = "en_US.UTF-8";
-    LC_PAPER = "en_US.UTF-8";
-    LC_TELEPHONE = "en_US.UTF-8";
-    LC_TIME = "en_US.UTF-8";
-  };
-
-  # Configure keymap in X11
-  services.xserver.xkb = {
-    layout = "us";
-    variant = "";
-  };
-
-  hardware.enableRedistributableFirmware = true;
-  boot.kernelParams = [ "i915.enable_guc=3" ];
-
-  environment.sessionVariables = {
-    LIBVA_DRIVER_NAME = "iHD";
-  };
-
-  hardware.graphics = {
-    enable = true;
-    extraPackages = with pkgs; [
-      intel-media-driver
-      vpl-gpu-rt
-      intel-compute-runtime
-    ];
-  };
-      
-
-  # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.users.jck = {
-    isNormalUser = true;
-    description = "jck";
-    extraGroups = [ "networkmanager" "wheel" "media" ];
-    packages = with pkgs; [
-      vim
-      git
-      lazygit
-      yazi
-      navidrome
-      btop
-			trash-cli
-    ];
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBgQS9Y3yqztLL0Ss0JUCN04B6zgLXIETgY0jyvT6I98 jck@tiamat"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHVbrjXliZECEFOLlgJ8vy+Qja1G+sY0LM+ijEgyP3HZ jck@vecna"
-			"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMGuvWTpRTumIOlnUHRBx5ZqjFi5qfezvLrpLAzB97nq jck@balduran"
-    ];
-    shell = pkgs.fish;
-  };
-
-  security.sudo.wheelNeedsPassword = false;
-
-  # Allow unfree packages
-  nixpkgs.config.allowUnfree = true;
-
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
-  environment.systemPackages = with pkgs; [
-    jellyfin-ffmpeg
-    kitty.terminfo
-  #  vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
-  #  wget
-  ];
-
-  # Some programs need SUID wrappers, can be configured further or are
-  # started in user sessions.
-  # programs.mtr.enable = true;
-  # programs.gnupg.agent = {
-  #   enable = true;
-  #   enableSSHSupport = true;
-  # };
-
-  # List services that you want to enable:
-
-  # Enable the OpenSSH daemon.
-  services.openssh = {
-    enable = true;
-    settings.PasswordAuthentication = false;
-    openFirewall = true;
-  };
-
-  programs.fish.enable = true;
-
-  programs.nh = {
-    enable = true;
-    clean.enable = true;
-    clean.extraArgs = "--keep-since 3d --keep 3";
-    clean.dates = "daily";
-    flake = "/home/jck/nixosconf/";
-  };
-
-  services.tailscale = {
-    enable = true;
-    useRoutingFeatures = "server";
-		extraUpFlags = [ 
-			"--login-server=https://headscale.jckrinsky.net"
-			"--advertise-exit-node"
-		];
-  };
-
-	networking.nat = {
-		enable = true;
-		internalInterfaces = [ "tailscale0" ];
-		externalInterface = "mullvad";
-	};
-	
-	services.headscale = {
-		enable = true;
-		port = 8085;
-    settings = {
-			server_url = "https://headscale.jckrinsky.net";
-			dns = {
-				magic_dns = false;
-				nameservers.global = [ "1.1.1.1" "9.9.9.9" ];
-			};
-			prefixes = {
-				v4 = "100.64.0.0/10";
-				v6 = "fd7a:115c:a1e0::/48";
-			};
-		};
-	};
-
-  services.nfs.server = {
-    enable = true;
-
-    exports = ''
-      /tank/media   100.64.0.0/10(rw,async,no_subtree_check)
-      /tank/data    100.64.0.0/10(rw,async,no_subtree_check)
-      /tank/backups 100.64.0.0/10(rw,async,no_subtree_check)
-    '';
-  };
-
-  services.nginx = {
-    enable = true;
-		recommendedProxySettings = true;
-		recommendedTlsSettings = true;
-		recommendedGzipSettings = true;
-		recommendedOptimisation = true;
-
-    virtualHosts."headscale.jckrinsky.net" = {
-      enableACME = true;
-      forceSSL = true;
-      locations."/" = {
-        proxyPass = "http://127.0.0.1:8085";
-        proxyWebsockets = true;
-        extraConfig = ''
-					proxy_buffering off;
-        '';
-      };
-    };
-
-    virtualHosts."music.jckrinsky.net" = {
-      enableACME = true;
-      forceSSL = true;
-      locations."/".proxyPass = "http://127.0.0.1:4533";
-    };
-
-    virtualHosts."jellyfin.jckrinsky.net" = {
-      enableACME = true;
-      forceSSL = true;
-      locations."/" = {
-        proxyPass = "http://127.0.0.1:8096";
-        proxyWebsockets = true;
-        extraConfig = ''
-					proxy_buffering off;
-        '';
-      };
-    };
-
-    virtualHosts."radicale.jckrinsky.net" = {
-      enableACME = true;
-      forceSSL = true;
-      locations."/".proxyPass = "http://127.0.0.1:5232";
-    };
-
-    virtualHosts."jellyseerr.jckrinsky.net" = {
-      enableACME = true;
-      forceSSL = true;
-      locations."/".proxyPass = "http://127.0.0.1:5055";
-    };
-
-		virtualHosts."git.jckrinsky.net" = {
-			enableACME = true;
-			forceSSL = true;
-		};
-  };
-
-  security.acme = {
-    acceptTerms = true;
-    defaults.email = "jckrinsky@gmail.com";
-  };
-
-  services.navidrome = {
-    enable = true;
-    settings = {
-      MusicFolder = "/tank/media/audio";
-      DataFolder = "/tank/data/navidrome";
-      Address = "127.0.0.1";
-      Port = 4533;
-      EnableTranscoding = true;
-      EnableMediaDeletion = false;
-      Scanner.PurgeMissing = "always";
-      EnableSharing = true;
-      DefaultShareExpiration = "24h";
-    };
-  };
-
-  users.users.navidrome.extraGroups  = [ "media" ];
-
-  services.jellyfin = {
-    enable = true;
-    openFirewall = false;
-    dataDir = "/tank/data/jellyfin/";
-    hardwareAcceleration = {
-      enable = true;
-      device = "/dev/dri/renderD128";
-    };
-  };
-
-	systemd.services.jellyfin.serviceConfig = {
-		Restart = "on-failure";
-		RestartSec = "5s";
-		StartLimitIntervalSec = 300;
-		StartLimitBurst = 5;
-	};
-
-  users.users.jellyfin.extraGroups = [ "video" "render" "media" ];
-	systemd.services.jellyfin.after = [ "zfs-mount.service" ];
-	systemd.services.jellyfin.requires = [ "zfs.target" ];
-
-  services.radarr = {
-    enable = true;
-    openFirewall = false;
-    dataDir = "/tank/data/arr/radarr";
-    settings = {
-      server = {
-        bindAddress = "*";
-        port = 7878;
-      };
-    };
-  };
-
-  services.lidarr = {
-    enable = true;
-    openFirewall = false;
-    dataDir = "/tank/data/arr/lidarr";
-    settings = {
-      server = {
-        bindAddress = "*";
-        port = 8686;
-      };
-    };
-  };
-
-  services.sonarr = {
-    enable = true;
-    openFirewall = false;
-    dataDir = "/tank/data/arr/sonarr";
-    settings = {
-      server = {
-        bindAddress = "*";
-        port = 8989;
-      };
-    };
-  };
-
-  services.prowlarr = {
-    enable = true;
-    openFirewall = false;
-		dataDir = "/tank/data/arr/prowlarr";
-    settings = {
-      server = {
-        bindAddress = "*";
-        port = 9696;
-      };
-    };
-  };
-
-	users.users.prowlarr = {
-    isSystemUser = true;
-    group = "prowlarr";
-  };
-  users.groups.prowlarr = {};
-	systemd.services.prowlarr.serviceConfig = {
-		DynamicUser = lib.mkForce false;
-		User = lib.mkForce "prowlarr";
-		Group = lib.mkForce "prowlarr";
-		ReadWritePaths = [ "/tank/data/arr/prowlarr" ];
-		ExecStart = lib.mkForce "${pkgs.prowlarr}/bin/Prowlarr -nobrowser -data=/tank/data/arr/prowlarr";
-		ProtectSystem = lib.mkForce "prowlarr";
-	};
-
-  services.flaresolverr = {
-    enable = true;
-  };
-
-  users.groups.media = {};
-  users.users.sonarr.extraGroups  = [ "media" ];
-  users.users.radarr.extraGroups  = [ "media" ];
-  users.users.lidarr.extraGroups  = [ "media" ];
-  users.users.qbittorrent.extraGroups  = [ "media" ];
-
-  services.qbittorrent = {
-    enable = true;
-    openFirewall = false;
-  };
-
-	systemd.services.qbittorrent.serviceConfig = {
-		RestrictNetworkInterfaces = [
-			"lo"
-			"mullvad"
-			"tailscale0"
-		];
-	};
-
-  networking.wg-quick.interfaces.mullvad = {
-    autostart = true;
-    privateKeyFile = "/home/jck/mullvad.key";
-    address = [ "10.74.181.209/32" ]; 
-    table = "off";
-
-    peers = [
-      {
-        publicKey = "qD3AH8vI8MhEVc9+0+2O8zV0Gx9FfKdy7ri3Bnpzo10=";
-        allowedIPs = [ "0.0.0.0/0" "::/0" ];
-        endpoint = "185.213.193.3:51820";
-        persistentKeepalive = 25;
-      }
-    ];
-
-    postUp = ''
-      ${pkgs.iproute2}/bin/ip route add default dev mullvad table 1234
-      ${pkgs.iproute2}/bin/ip rule add from 10.74.181.209 table 1234 priority 1000
-			${pkgs.iproute2}/bin/ip rule add iif tailscale0 table 1234 priority 1010
-    '';
-
-    postDown = ''
-      ${pkgs.iproute2}/bin/ip rule del from 10.74.181.209 table 1234
-			${pkgs.iproute2}/bin/ip rule del iif tailscale0 table 1234 priority 1010
-    '';
-  };
-
-	services.jellyseerr = {
-		enable = true;
-		configDir = "/tank/data/jellyseerr";
-		openFirewall = false;
-		port = 5055;
-	};
-
-	users.users.jellyseerr = {
-    isSystemUser = true;
-    group = "jellyseerr";
-  };
-  users.groups.jellyseerr = {};
-	systemd.services.jellyseerr.serviceConfig = {
-		DynamicUser = lib.mkForce false;
-		User = lib.mkForce "jellyseerr";
-		Group = lib.mkForce "jellyseerr";
-		ReadWritePaths = [ "/tank/data/jellyseerr" ];
-		ExecStart = lib.mkForce "${pkgs.jellyseerr}/bin/jellyseerr";
-	};
-	systemd.services.jellyseerr.after = [ "zfs-mount.service" ];
-	systemd.services.jellyseerr.requires = [ "zfs.target" ];
-
-	services.pufferpanel = {
-		enable = true;
-
-		extraPackages = [
-			pkgs.jdk8_headless
-			pkgs.jdk17_headless
-			pkgs.steam-run
-		];
-		
-		environment = {
-			PUFFER_WEB_HOST = "100.64.0.2:8086";
-			PUFFER_DAEMON_SFTP_HOST = "100.64.0.2:5657";
-			PUFFER_DAEMON_CONSOLE_BUFFER = "1000";
-			PUFFER_DAEMON_CONSOLE_FORWARD = "true";
-			PUFFER_PANEL_REGISTRATIONENABLED = "false";
-		};
-	};
-
-	users.users.pufferpanel = {
-    isSystemUser = true;
-    group = "pufferpanel";
-		home = "/tank/data/pufferpanel";
-  };
-  users.groups.pufferpanel = {};
-	systemd.services.pufferpanel.serviceConfig = {
-		DynamicUser = lib.mkForce false;
-		User = lib.mkForce "pufferpanel";
-		Group = lib.mkForce "pufferpanel";
-		ReadWritePaths = "/tank/data/pufferpanel";
-		ExecStart = lib.mkForce "${config.services.pufferpanel.package}/bin/pufferpanel run --workDir /tank/data/pufferpanel";
-	};
-	systemd.services.pufferpanel.after = [ "zfs-mount.service" ];
-	systemd.services.pufferpanel.requires = [ "zfs.target" ];
-
-	programs.steam.dedicatedServer.openFirewall = true;
-	hardware.graphics.enable32Bit = true;
-
-#	services.slskd = {
-#		enable = true;
-#		
-#	};
-#
-#	systemd.services.slskd.serviceConfig = {
-#		RestrictNetworkInterfaces = [
-#			"lo"
-#			"mullvad"
-#			"tailscale0"
-#		];
-#	};
-
-	services.radicale = {
-		enable = true;
-		settings = {
-			server = {
-				hosts = [ "127.0.0.1:5232" ];
-			};
-			auth = {
-				type = "htpasswd";
-				htpasswd_filename = "/tank/data/radicale/users";
-				htpasswd_encryption = "autodetect";
-			};
-			storage = {
-				filesystem_folder = "/tank/data/radicale/calendars/";
-			};
-		};
-	};
-
-	users.users.radicale = {
-    isSystemUser = true;
-    group = "radicale";
-  };
-  users.groups.radicale = {};
-	systemd.services.radicale.serviceConfig = {
-		DynamicUser = lib.mkForce false;
-		User = lib.mkForce "radicale";
-		Group = lib.mkForce "radicale";
-		ReadWritePaths = [ "/tank/data/radicale" ];
-	};
-	systemd.services.radicale.after = [ "zfs-mount.service" ];
-	systemd.services.radicale.requires = [ "zfs.target" ];
-
-	users.users.git = {
-		isSystemUser = true;
-		group = "git";
-		home = "/tank/data/git";
-		createHome = true;
-		shell = "${pkgs.git}/bin/git-shell";
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBgQS9Y3yqztLL0Ss0JUCN04B6zgLXIETgY0jyvT6I98 jck@tiamat"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHVbrjXliZECEFOLlgJ8vy+Qja1G+sY0LM+ijEgyP3HZ jck@vecna"
-			"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMGuvWTpRTumIOlnUHRBx5ZqjFi5qfezvLrpLAzB97nq jck@balduran"
-			"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILv193EUr7MN4CTtM0iYNl98f1VQxv95eY0hBQWSHxbi jck@shar"
-    ];
-	};
-	users.groups.git = {};
-
-	services.cgit."git.jckrinsky.net" = {
-		enable = true;
-
-		user = "git";
-		group = "git";
-
-		scanPath = "/tank/data/git";
-
-		settings = {
-			enable-index-owner = false;
-			enable-commit-graph = 1;
-			enable-log-filecount = 1;
-			enable-log-linecount = 1;
-			clone-url = "https://git.jckrinsky.net/$CGIT_REPO_URL ssh://git@git.jckrinsky.net:/tank/data/git/$CGIT_REPO_URL";
-			source-filter = "${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py";
-      about-filter  = "${pkgs.cgit}/lib/cgit/filters/about-formatting.sh";
-		};
-
-		gitHttpBackend = {
-			enable = true;
-			checkExportOkFiles = false;
-		};
-	};
-
-  # Open ports in the firewall.
-  networking.firewall.allowedTCPPorts = [ 80 443 22 ];
-  networking.firewall = {
-    checkReversePath = "loose";
-    trustedInterfaces = [ "mullvad" ];
-  };
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  # networking.firewall.enable = false;
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "25.05"; # Did you read the comment?
-
-}
diff --git a/hosts/shar/hardware-configuration.nix b/hosts/shar/hardware-configuration.nix
deleted file mode 100644
index 32eed3f..0000000
--- a/hosts/shar/hardware-configuration.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "ehci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/737de4e0-554e-4175-a454-677cf03dbada";
-      fsType = "ext4";
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/8201-A778";
-      fsType = "vfat";
-      options = [ "fmask=0077" "dmask=0077" ];
-    };
-
-  swapDevices =
-    [ { device = "/dev/disk/by-uuid/429ba137-6ea4-43ba-97ff-e2c2206f935b"; }
-    ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}