8 files changed, 86 insertions, 29 deletions
diff --git a/archetypes/collections/development/docker.nix b/archetypes/collections/development/docker.nix
index 629dff3..0e09744 100644
--- a/archetypes/collections/development/docker.nix
+++ b/archetypes/collections/development/docker.nix
@@ -3,6 +3,7 @@
 in {
 	options._archetypes.collections.development.docker = {
 		enable = lib.mkEnableOption "enables docker";
+		# TODO move to btrfs profile
 		btrfsSupport = lib.mkOption {
 			type = lib.types.bool;
 			default = true;
diff --git a/flake.lock b/flake.lock
index f542a60..70cc488 100644
--- a/flake.lock
+++ b/flake.lock
@@ -67,11 +67,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1772633058,
-        "narHash": "sha256-SO7JapRy2HPhgmqiLbfnW1kMx5rakPMKZ9z3wtRLQjI=",
+        "lastModified": 1775425411,
+        "narHash": "sha256-KY6HsebJHEe5nHOWP7ur09mb0drGxYSzE3rQxy62rJo=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "080657a04188aca25f8a6c70a0fb2ea7e37f1865",
+        "rev": "0d02ec1d0a05f88ef9e74b516842900c41f0f2fe",
         "type": "github"
       },
       "original": {
@@ -83,11 +83,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1772598333,
-        "narHash": "sha256-YaHht/C35INEX3DeJQNWjNaTcPjYmBwwjFJ2jdtr+5U=",
+        "lastModified": 1775811116,
+        "narHash": "sha256-t+HZK42pB6N+i5RGbuy7Xluez/VvWbembBdvzsc23Ss=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "fabb8c9deee281e50b1065002c9828f2cf7b2239",
+        "rev": "54170c54449ea4d6725efd30d719c5e505f1c10e",
         "type": "github"
       },
       "original": {
@@ -159,11 +159,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1772495394,
-        "narHash": "sha256-hmIvE/slLKEFKNEJz27IZ8BKlAaZDcjIHmkZ7GCEjfw=",
+        "lastModified": 1775682595,
+        "narHash": "sha256-0E9PohY/VuESLq0LR4doaH7hTag513sDDW5n5qmHd1Q=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "1d9b98a29a45abe9c4d3174bd36de9f28755e3ff",
+        "rev": "d2e8438d5886e92bc5e7c40c035ab6cae0c41f76",
         "type": "github"
       },
       "original": {
diff --git a/hosts/poweredge/configuration.nix b/hosts/poweredge/configuration.nix
index 16a2686..3490589 100644
--- a/hosts/poweredge/configuration.nix
+++ b/hosts/poweredge/configuration.nix
@@ -1,6 +1,4 @@
-{ config, lib, pkgs, ... }: let
-	serverEmail = "poweredge@tjkeller.xyz";
-in {
+{ config, lib, pkgs, ... }: {
 	imports = [
 		./ddns-updater.nix
 		./fileshares.nix
@@ -14,17 +12,38 @@ in {
 
 	# Enable common options
 	_archetypes = {
-		profiles.headless = {
-			enable = true;
-			home.users.timmy.enable = true;
+		profiles = {
+			headless = {
+				enable = true;
+				home.users.timmy.enable = true;
+			};
+			zfs.enable = true;
+			router.enable = true;
+		};
+		collections = {
+			development.docker.enable = true;
+			development.docker.btrfsSupport = false;  # TODO remove
 		};
-		profiles.zfs.enable = true;
-		profiles.router.enable = true;
 	};
 
+	virtualisation.docker.storageDriver = "zfs";  # TODO move to profile
+
 	# Enable smartd
 	services.smartd.enable = true;  # TODO move to archetype
 
+	# Enable web services
+	#	services = {
+	#		_cgit = {
+	#			enable = true;
+	#			hostAddress = "192.168.1.10";
+	#			localAddress = "192.168.1.11";
+	#			rootTitle = "PowerEdge local cgit";
+	#			# TODO add authorizedKeys
+	#		};
+	#	};
+	#
+	#services._klipper.enable = true;
+
 	# Enable user timmy
 	_users.timmy.enable = true;
 
diff --git a/hosts/poweredge/fileshares.nix b/hosts/poweredge/fileshares.nix
index 4593ef8..90b738c 100644
--- a/hosts/poweredge/fileshares.nix
+++ b/hosts/poweredge/fileshares.nix
@@ -1,9 +1,11 @@
 {
-	# TODO make user for ps2
+	# Import zfs pools
+	boot.zfs.extraPools = [ "ingens" "memoria" ];
+
 	services._fileShares.enable = true;
 	services._fileShares.shares = {
 		PS2 = {
-			path = "/media/storage/games/ps2";
+			path = "/media/ingens/games/ps2";
 			smb = {
 				enable = true;
 				allowUser = "ps2";
@@ -14,19 +16,19 @@
 			};
 		};
 		WinBackups = {
-			path = "/media/storage/backups/windows";
+			path = "/media/ingens/backups/windows";
 			smb.enable = true;
 		};
 		pictures = {
-			path = "/media/storage/pictures";
+			path = "/media/ingens/pictures";
 			nfs.enable = true;
 		};
 		tapes = {
-			path = "/media/storage/tapes";
+			path = "/media/ingens/tapes";
 			nfs.enable = true;
 		};
 		backups = {
-			path = "/media/storage/backups";
+			path = "/media/ingens/backups";
 			nfs.enable = true;
 		};
 	};
diff --git a/hosts/poweredge/networking.nix b/hosts/poweredge/networking.nix
index 7632a86..09759ee 100644
--- a/hosts/poweredge/networking.nix
+++ b/hosts/poweredge/networking.nix
@@ -22,6 +22,9 @@
 			interfaces.wan0 = {
 				allowedUDPPorts = [ 51820 ];
 			};
+			interfaces.lan0 = {
+				allowedTCPPorts = [ 2283 80 ];  # FIXME temp
+			};
 		};
 		# Additional advanced rules
 		# TODO add multi NAT feature to router service
@@ -54,19 +57,19 @@
 				staticLeases = {
 					idrac-7N94GK2 = {
 						macAddress = "50:9a:4c:5d:c3:7c";
-						staticIp = "192.168.1.3";
+						staticIp = "192.168.1.2";
 					};
 					OpenWrt-Attic = {
 						macAddress = "34:98:b5:60:5e:be";
-						staticIp = "192.168.1.4";
+						staticIp = "192.168.1.3";
 					};
 					OpenWrt-Basement = {
 						macAddress = "8c:3b:ad:35:c7:8c";
-						staticIp = "192.168.1.5";
+						staticIp = "192.168.1.4";
 					};
 					ArcherC54 = {
 						macAddress = "12:eb:b6:13:f9:e2";
-						staticIp = "192.168.1.6";
+						staticIp = "192.168.1.5";
 					};
 					T495 = {
 						macAddress = "04:33:c2:9d:34:74";
diff --git a/nixos/default.nix b/nixos/default.nix
index fb33f1e..53c2411 100644
--- a/nixos/default.nix
+++ b/nixos/default.nix
@@ -7,6 +7,7 @@
 		./services/cgit.nix
 		./services/fileshares.nix
 		./services/gitea.nix
+		./services/immich.nix
 		./services/mailer.nix
 		./services/searxng.nix
 		./services/router/dns-dhcp.nix
@@ -14,6 +15,8 @@
 		./services/router/unbound-blocklist.nix
 		./services/zfs/zed-mailer.nix
 
+		#./services/mainsail.nix
+
 		./bootloader.nix
 		./doas.nix
 		./filesystems.nix
diff --git a/nixos/services/immich.nix b/nixos/services/immich.nix
new file mode 100644
index 0000000..283a958
--- /dev/null
+++ b/nixos/services/immich.nix
@@ -0,0 +1,29 @@
+{ lib, pkgs, config, ... }:
+let
+	cfg = config.services._immich;
+in {
+
+	config = {
+		containers.immich = {
+			autoStart = true;
+			privateNetwork = false;
+			bindMounts = {
+				"/var/lib/immich" = {
+					hostPath = "/media/ingens/immich";
+					isReadOnly = false;
+				};
+			};
+
+			config = { lib, config, ... }: {
+				services.immich = {
+					enable = true;
+					host = "0.0.0.0";
+				};
+
+				environment.systemPackages = with pkgs; [ immich immich-cli ];
+
+				system.stateVersion = "25.11";
+			};
+		};
+	};
+}
diff --git a/users/timmy/default.nix b/users/timmy/default.nix
index e3950bc..4d75a80 100644
--- a/users/timmy/default.nix
+++ b/users/timmy/default.nix
@@ -16,7 +16,7 @@
 		videos      = null;
 	};
 	sshKeyPaths = [ "${home}/.ssh/id_ed25519" ];
-	sshPublicKeyPaths = lib.map (keyPath: keyPath + ".pub") sshKeyPaths;
+	#sshPublicKeyPaths = lib.map (keyPath: keyPath + ".pub") sshKeyPaths;
 	sshPublicKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnsnAWcz46OVi1MWSxpOIUtUvwalijDwvW+oEvNjzep" ];
 in {
 	imports = [
@@ -78,7 +78,7 @@ in {
 		# Add authorizedKeys to cgit service
 		services._cgit.ssh.authorizedKeys = {
 			keys = sshPublicKeys;
-			keyFiles = sshPublicKeyPaths;
+			#keyFiles = sshPublicKeyPaths;
 		};
 
 		# Configure user home