Mount config.hardware.nvidia.package.lib32 into the container (CDI only carries
64-bit driver libs) and add a `gw` launcher that runs Guild Wars through
VirtualGL on the M2000. Drops GW from ~18 software-rendered CPU cores to <1.
Also bump stream to 60fps.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- crowdsec.nix: drop the ntfy notifications (one push per ban was constant
noise on the WAN-exposed box); bans still happen silently
- service-health.nix: OnFailure=notify-failure@%n on 16 core units sends an
ntfy 'down' push when a unit truly fails (after exhausting Restart=), then
a 'recovered' push when it comes back. Shares /var/secrets/ntfy-url.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
wineWowPackages → wineWow64Packages,
environmentFile → environmentFiles (list),
gtk.gtk4.theme = null for all hosts.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Firefox patches: CORS crossorigin on stylesheet link,
Shift+Enter line break via insertLineBreak + innerText,
nix-ld for Claude Code node binary.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Stable restore point before 26.05 — last known good unstable config.
Unify all hosts on nixos-26.05 + home-manager release-26.05.
Drop hyprland, anyrun, nixpkgs-stable, home-manager-stable,
stylix-stable inputs. Hyprland 0.55.2 and anyrun 25.12.0 from
nixpkgs. Anyrun config via xdg.configFile (no HM module in 26.05).
Stylix on master until release-26.05 branch exists.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Prevents browser from restoring cached page with expired
Authelia session, which caused WebSocket 1006 on first load.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
systemd.network.links didn't generate files; use udev extraRules
to pin NIC names to MACs. Also disable networking.useDHCP catch-all
that silently misconfigured the LAN NIC when it got a wrong name.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Rootful Podman containers (used by the Forgejo runner) use podman0
and podman-* bridges, which were being dropped by the default-deny
firewall policy. This broke DNS resolution and internet access.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Runner containers (via Podman compat) couldn't resolve external hosts
after AdGuard stopped binding to 0.0.0.0. Point them at 10.0.0.1.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Binding to 0.0.0.0 claimed port 53 on podman bridge interfaces,
preventing aardvark-dns from starting and breaking Forgejo Actions.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Delete 8 unused matugen template files, remove the matugen package,
homepage custom.css watcher infrastructure, and the wallpaper shell
function. Update remaining comments to reference stylix.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
No IPv6 upstream exists, but glibc still tried AAAA records first,
causing Jellyfin's TMDb client to get garbled responses.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Standalone podman run calls need virtualisation.podman.enable to get a
valid /etc/containers/policy.json. OCI container services got this
implicitly but our direct podman invocations did not.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Bazarr stores its config at /var/lib/bazarr/config/config.yaml, not
the old /var/lib/bazarr/data/config/config.ini path. Use yq to extract
auth.apikey from the YAML. Fixes both bazarr-sync and arr-interconnect.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Hourly timer syncs only recently added content (last 2h) by querying
Radarr/Sonarr APIs for new items. Weekly full-library sync runs Sunday
04:00 as a catch-all. Both run the bazarr-sync container via podman.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replaces Vesktop for quick cross-device note-passing. Uses Flatnotes
with auth disabled so Authelia is the only login required.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>