server done

src/system/machines/desktop/modules/home-manager/home.nix

@@ -11,6 +11,21 @@
 
     programs.home-manager.enable = true;
 
+    programs.ssh = {
+      enable = true;
+      enableDefaultConfig = false;
+      matchBlocks = {
+        "*" = {
+          serverAliveInterval = 60;
+          serverAliveCountMax = 3;
+        };
+        "server" = {
+          hostname = "192.168.0.154";
+          user = "bryan";
+        };
+      };
+    };
+
     home.stateVersion = "23.11";
 
     home.username = "${config.user.name}";

src/system/modules/bitcoin/modules/clightning/default.nix

@@ -80,16 +80,25 @@ in
       };
     };
 
+    # Bind mount from /data
+    fileSystems.${home} = {
+      device = "/data/clightning";
+      fsType = "none";
+      options = [ "bind" ];
+    };
+
     # Ensure data directory exists with correct permissions
     systemd.tmpfiles.rules = mkAfter [
-      "d ${home} 0750 clightning bitcoin -"
+      "d /data/clightning 0750 clightning bitcoin -"
-      "d ${home}/plugins 0750 clightning bitcoin -"
+      "d /data/clightning/bitcoin 0750 clightning bitcoin -"
+      "d /data/clightning/plugins 0750 clightning bitcoin -"
       "L+ /home/${config.user.name}/.lightning - - - - ${home}"
       "L+ ${home}/plugins/clnrest - - - - ${clnrest}/libexec/c-lightning/plugins/clnrest"
     ];
 
     modules.system.backup.paths = [
       "${home}/bitcoin/hsm_secret"
+      "${home}/bitcoin/emergency.recover"
     ];
 
     services.nginx.virtualHosts."ln.${domain}" = mkIf nginx.enable {

src/system/modules/bitcoin/modules/electrum/default.nix

@@ -88,9 +88,16 @@ in
       };
     };
 
+    # Bind mount from /data
+    fileSystems.${home} = {
+      device = "/data/electrs";
+      fsType = "none";
+      options = [ "bind" ];
+    };
+
     # Ensure db directory exists with correct permissions
     systemd.tmpfiles.rules = [
-      "d ${home} 0750 electrs bitcoin -"
+      "d /data/electrs 0750 electrs bitcoin -"
     ];
 
     # Nginx SSL proxy for Electrum protocol (TCP)

src/system/modules/forgejo/default.nix

@@ -26,11 +26,18 @@ in
       extraGroups = [ "git" ];
     };
 
+    # Bind mount from /data
+    fileSystems."/var/lib/forgejo" = {
+      device = "/data/forgejo";
+      fsType = "none";
+      options = [ "bind" ];
+    };
+
     systemd.tmpfiles.rules = [
-      "d /var/lib/forgejo 0750 git git -"
+      "d /data/forgejo 0750 git git -"
-      "d /var/lib/forgejo/.ssh 0700 git git -"
+      "d /data/forgejo/.ssh 0700 git git -"
-      "d /var/lib/forgejo/custom 0750 git git -"
+      "d /data/forgejo/custom 0750 git git -"
-      "d /var/lib/forgejo/data 0750 git git -"
+      "d /data/forgejo/data 0750 git git -"
     ];
 
     services.forgejo = {

src/system/modules/immich/default.nix

@@ -14,6 +14,24 @@ in
   };
 
   config = mkIf cfg.enable {
+    # Bind mount from /data
+    systemd.tmpfiles.rules = [
+      "d /data/immich 0750 immich immich -"
+      "d /data/postgresql 0750 postgres postgres -"
+    ];
+
+    fileSystems."/var/lib/immich" = {
+      device = "/data/immich";
+      fsType = "none";
+      options = [ "bind" ];
+    };
+
+    fileSystems."/var/lib/postgresql" = {
+      device = "/data/postgresql";
+      fsType = "none";
+      options = [ "bind" ];
+    };
+
     services.immich = {
       enable = true;
       port = port;
@@ -24,6 +42,7 @@ in
 
     modules.system.backup.paths = [
       "/var/lib/immich"
+      "/var/lib/postgresql"
     ];
 
     services.nginx.virtualHosts."photos.${domain}" = mkIf nginx.enable {