remove some stuff from readme

FUTURE-SERVER.md

@@ -25,3 +25,4 @@ Steps I would need to take.
 
 # Other Considerations
 - where to setup docker stuff?
+- look at this [nix setup](https://github.com/rwiankowski/homeserver-nixos) and look how they use vars and SOPS

README.md

@@ -6,15 +6,15 @@ My test system.
 - Learn NixOS.
 - Attempt to make basic media homelab, a la [Yunohost](https://yunohost.org/)[^1]...but declarative, reproducable
 - Try to avoid Docker
-- No flakes
+- ~~No flakes~~
 
 ## Tasks
-- [X] ZFS for root file system
+- [ ] ~~ZFS for root file system (removed because I didn't want to deal with initrd and wifi)~~
 - [X] Tailscale
 - [X] VPS Caddy reverse proxy --> NixOS machine
 - [X] Setup Jellyfin
 - [X] Setup calibre-web
-- [X] Setup Transmission
+- [] Setup Transmission
 - [ ] Setup Nextcloud
 - [ ] Setup systemwide auth system - LDAP? OAuth? OR don't do this
 

configuration.nix

@@ -11,7 +11,8 @@
   imports =
     [ # Include the results of the hardware scan.
       ./hardware-configuration.nix
-#      ./services/jellyfin.nix
+      ./services/jellyfin.nix
+      ./services/authentik.nix
 #      ./services/calibre-web.nix
 #      ./services/glances.nix
 #      ./services/fail2ban.nix
@@ -22,6 +23,8 @@
   boot.loader.grub.enable = true;
   boot.loader.grub.device = "/dev/sda";
   boot.loader.grub.useOSProber = true;
+  boot.supportedFilesystems = [ "zfs" ];
+  boot.zfs.extraPools = [ "plakias" ];
 
   # Nix settings
   nix = {
@@ -42,12 +45,24 @@
   # Networking
   networking.hostName = "knossos"; # Define your hostname.
   networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+  networking.hostId = "f8f05846";
 
   networking.wireless.networks = {
     # SSID with spaces and/or special characters
     "Suntek_188" = {
       psk = "0226203850";
     };
+    "Suntek_288" = {
+      psk = "0226203850";
+    };
+    "Pixel_9407" = {
+      psk = "dieai888";
+    };
+    "hercules" = {
+      psk = "0531thewire";
+    };
+
+
   };
 
   # Enable networking
@@ -86,6 +101,9 @@
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILv96m1nCz3D0lzjzeGa+n4m3krEyl7KZ0tstjIZdTkq elias@bluefin" #acer
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK8zlxSVOTCnAgb4U5vkC3ietH3Jd9gLE+FA6UOZp64J elias@arkadi.one"
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKWN6eeLFbtRJDEebSjoI8FaDOA5bmIzbyTUvX/hPWdh elias@greynix" #asus - greynix
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO/akM7XlILO499DvQhDa2+UnbbwaXB76a+XDxr8Yvdw elias@aspire"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFa3Gk2C2HmniiwMyYQ3HFs9M4W+obz2y3HNsEo6DA0c macbookpro"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyRtSVEpOZ08QoOhwfMizYXJxLFCJ/jfIlP4FMD1zga elias@bluefin" #framework
     ];
     linger = true;
     packages = with pkgs; [];
@@ -122,6 +140,7 @@
     git
     neovim
     emacs
+    vim
 
     tmux #like screen
     wiper #like ncdu
@@ -129,6 +148,7 @@
    
     tcpdump #for wireguard test
 
+    ncdu
   ];
 
   # List services that you want to enable:

flake.lock

@@ -0,0 +1,27 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1766622938,
+        "narHash": "sha256-Eovt/DOCYjFFBZuYbbG9j5jhklzxdNbUGVYYxh3lG3s=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "5900a0a8850cbba98e16d5a7a6ed389402dfcf4f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-25.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -0,0 +1,19 @@
+{
+  description = "NixOS configuration";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
+  };
+
+  outputs = inputs@{ nixpkgs, ... }: {
+    nixosConfigurations = {
+      knossos = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          ./configuration.nix
+
+        ];
+      };
+    };
+  };
+}

nix-upgrade.sh

@@ -1,4 +1,4 @@
 #!/run/current-system/sw/bin/bash
 
-sudo nixos-rebuild switch -I nixos-config=/home/elias/nixos-knossos/configuration.nix --upgrade
+sudo nixos-rebuild switch --flake .# --upgrade
 

rebuild.sh

@@ -1,3 +1,4 @@
 #!/run/current-system/sw/bin/bash
-sudo nixos-rebuild switch -I nixos-config=/home/elias/nixos-config/configuration.nix
+#sudo nixos-rebuild switch -I nixos-config=/home/elias/nixos-knossos/configuration.nix
 
+sudo nixos-rebuild switch --flake .#

services/authentik.nix

@@ -0,0 +1,55 @@
+{ config, lib, pkgs, ... }:
+
+  
+
+{
+
+  config = {
+
+    systemd.services.authentik = {
+
+      description = "Run Docker Compose for authentik";
+
+      after = [ "network.target" "docker.service" ];
+
+      requires = [ "docker.service" ];
+
+      wantedBy = [ "multi-user.target" ];
+
+  
+
+      serviceConfig = {
+
+        Type = "exec";
+
+  
+
+        # Pull the latest image before running
+
+        ExecStartPre = "/run/current-system/sw/bin/docker compose -f /home/nix/docker/authentik/compose.yaml pull";
+
+  
+
+        # Bring the service up
+
+        ExecStart = "/run/current-system/sw/bin/docker compose -f /home/nix/docker/authentik/compose.yaml up";
+
+  
+
+        # Take it down gracefully
+
+        ExecStop = "/run/current-system/sw/bin/docker compose -f /home/nix/docker/authentik/compose.yaml down";
+
+  
+
+        WorkingDirectory = "/home/nix/docker/authentik";
+
+        Restart = "on-failure";
+
+      };
+
+    };
+
+  };
+
+}

services/jellyfin-pass.txt

@@ -0,0 +1,2 @@
+elias
+XWEUt0afZmntvdRCkM7X

services/jellyfin.nix

@@ -4,7 +4,7 @@
   services.jellyfin = {
     enable = true;
     openFirewall = true;
-    dataDir = "/var/lib/jellyfin"; #default
+    dataDir = "/mnt/plakias/enc/jellyfin"; #default
   };
 
   environment.systemPackages = [
@@ -12,5 +12,4 @@
     pkgs.jellyfin-web
     pkgs.jellyfin-ffmpeg
   ];
-
 }