feat(john-endesktop): add harmonia binary cache service

Replace broken k8s harmonia deployment with native NixOS service.

Configuration:
- services.harmonia.enable = true
- Bind to [::]:5000 (IPv4 and IPv6)
- Sign key at /etc/harmonia/signing-key.private
- Open firewall port 5000

The signing key must be placed manually on john-endesktop at
/etc/harmonia/signing-key.private using the key generated earlier.

Closes: x-fqaob

machines/john-endesktop/configuration.nix

@@ -54,6 +54,7 @@ with lib;
       4000  # nfs callback
       4001  # nlockmgr
       4002  # mountd
+      5000  # harmonia binary cache
       20048 # mountd
     ];
     allowedUDPPorts = [
@@ -148,6 +149,16 @@ with lib;
     };
   };
 
+  # Harmonia binary cache server
+  # Replaces the broken k8s deployment with native NixOS service
+  services.harmonia = {
+    enable = true;
+    signKeyPath = "/etc/harmonia/signing-key.private";
+    settings = {
+      bind = "[::]:5000";
+    };
+  };
+
   # Time zone
   time.timeZone = "America/Los_Angeles"; # Adjust as needed