+3 -3

hosts/server/default.nix

reviewed

··· 30 30 myConfig.services.nextcloud.enable = true; # Tailnet-only — not in CF tunnel 31 31 myConfig.services.immich.enable = true; # Tailnet-only — not in CF tunnel 32 32 myConfig.services.jellyfin.enable = true; # Tailnet-only — not in CF tunnel 33 33 - myConfig.services.pds.enable = true; 33 33 + myConfig.services.pds.enable = false; 34 34 myConfig.pds.serviceHandleDomains = [ 35 35 ".pds.ewancroft.uk" 36 36 ".pds.croft.click" 37 37 ]; 38 38 - myConfig.services.pdsGatekeeper.enable = true; 38 38 + myConfig.services.pdsGatekeeper.enable = false; 39 39 myConfig.services.cloudflare.enable = true; 40 40 myConfig.services.vaultwarden.enable = true; # Tailnet-only — password manager, never public 41 41 myConfig.services.timemachine.enable = true; # Tailnet-only — Time Machine AFP target 42 42 - myConfig.services.sharkey.enable = true; 42 42 + myConfig.services.sharkey.enable = false; 43 43 44 44 # Ignore laptop lid — treat as headless, never suspend. 45 45 services.logind.settings.Login = {

+2 -2

modules/options.nix

reviewed

··· 663 663 sharkey = { 664 664 hostname = mkOption { 665 665 type = str; 666 666 - default = "ap.ewancroft.uk"; 667 667 - description = "Public hostname for Sharkey (same as the old GTS host to preserve actor URLs)."; 666 666 + default = "sharkey.ewancroft.uk"; 667 667 + description = "Public hostname for Sharkey."; 668 668 }; 669 669 port = mkOption { 670 670 type = int;

+108

scripts/purge-pds-sharkey.sh

reviewed

··· 1 1 + #!/usr/bin/env bash 2 2 + # purge-pds-sharkey.sh 3 3 + # 4 4 + # Permanently deletes all data for the Bluesky PDS and Sharkey instances. 5 5 + # Run this on the NixOS server AFTER nrs has applied the disabled config 6 6 + # and confirmed both services are no longer running. 7 7 + # 8 8 + # !! THIS IS IRREVERSIBLE — double-check before running !! 9 9 + 10 10 + set -euo pipefail 11 11 + 12 12 + # ── Preflight ───────────────────────────────────────────────────────────────── 13 13 + 14 14 + if [[ $EUID -ne 0 ]]; then 15 15 + echo "error: must be run as root (sudo $0)" >&2 16 16 + exit 1 17 17 + fi 18 18 + 19 19 + echo "==> Checking services are stopped..." 20 20 + 21 21 + for svc in bluesky-pds pds-gatekeeper sharkey meilisearch; do 22 22 + if systemctl is-active --quiet "$svc" 2>/dev/null; then 23 23 + echo "error: $svc is still running — rebuild with services disabled first" >&2 24 24 + exit 1 25 25 + fi 26 26 + done 27 27 + 28 28 + echo " All target services are inactive." 29 29 + echo "" 30 30 + echo " The following will be permanently deleted:" 31 31 + echo " /srv/bluesky-pds (PDS data directory)" 32 32 + echo " /srv/sharkey (Sharkey media directory)" 33 33 + echo " PostgreSQL database: sharkey" 34 34 + echo " PostgreSQL role: sharkey" 35 35 + echo " /var/lib/meilisearch (Meilisearch index data)" 36 36 + echo " /var/lib/private/sharkey (Sharkey state, if present)" 37 37 + echo "" 38 38 + read -r -p "Type YES to continue: " confirm 39 39 + if [[ "$confirm" != "YES" ]]; then 40 40 + echo "Aborted." 41 41 + exit 0 42 42 + fi 43 43 + 44 44 + # ── PDS ─────────────────────────────────────────────────────────────────────── 45 45 + 46 46 + echo "" 47 47 + echo "==> Removing PDS data directory..." 48 48 + rm -rf /srv/bluesky-pds 49 49 + echo " Done." 50 50 + 51 51 + # ── PDS state (var/lib paths) ───────────────────────────────────────────────── 52 52 + 53 53 + for p in /var/lib/bluesky-pds /var/lib/private/bluesky-pds; do 54 54 + if [[ -d "$p" ]]; then 55 55 + echo "==> Removing $p..." 56 56 + rm -rf "$p" 57 57 + echo " Done." 58 58 + fi 59 59 + done 60 60 + 61 61 + # ── Sharkey media ───────────────────────────────────────────────────────────── 62 62 + 63 63 + echo "==> Removing Sharkey media directory..." 64 64 + rm -rf /srv/sharkey 65 65 + echo " Done." 66 66 + 67 67 + # ── Sharkey state (DynamicUser path, if present) ────────────────────────────── 68 68 + 69 69 + if [[ -d /var/lib/private/sharkey ]]; then 70 70 + echo "==> Removing /var/lib/private/sharkey..." 71 71 + rm -rf /var/lib/private/sharkey 72 72 + echo " Done." 73 73 + fi 74 74 + 75 75 + if [[ -d /var/lib/sharkey ]]; then 76 76 + echo "==> Removing /var/lib/sharkey..." 77 77 + rm -rf /var/lib/sharkey 78 78 + echo " Done." 79 79 + fi 80 80 + 81 81 + # ── Meilisearch ─────────────────────────────────────────────────────────────── 82 82 + 83 83 + echo "==> Removing Meilisearch data..." 84 84 + rm -rf /var/lib/meilisearch 85 85 + rm -rf /var/lib/private/meilisearch 86 86 + echo " Done." 87 87 + 88 88 + # ── PostgreSQL ──────────────────────────────────────────────────────────────── 89 89 + 90 90 + echo "==> Dropping Sharkey PostgreSQL database and role..." 91 91 + sudo -u postgres psql -c "DROP DATABASE IF EXISTS sharkey;" && 92 92 + echo " Dropped database 'sharkey'." 93 93 + sudo -u postgres psql -c "DROP ROLE IF EXISTS sharkey;" && 94 94 + echo " Dropped role 'sharkey'." 95 95 + 96 96 + # ── Redis ───────────────────────────────────────────────────────────────────── 97 97 + 98 98 + echo "" 99 99 + echo "NOTE: Redis data has NOT been touched." 100 100 + echo " If Sharkey had a dedicated Redis instance, flush it manually:" 101 101 + echo " redis-cli -n <db> FLUSHDB" 102 102 + echo " (The nixpkgs Sharkey module uses the default Redis instance" 103 103 + echo " with no DB isolation, so flushing blindly would affect other services.)" 104 104 + 105 105 + # ── Done ────────────────────────────────────────────────────────────────────── 106 106 + 107 107 + echo "" 108 108 + echo "==> All done. PDS and Sharkey data have been purged."