Commit graph

1298 commits

Author SHA1 Message Date
6b113b0a72 move homepage to port 8084, 8081 used by crowdsec
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-22 21:35:50 +01:00
5e73fe6f1a add frigate to Authelia access control
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-22 21:31:32 +01:00
5a3d74d800 move homepage to port 8081, 8082 needed by frigate jsmpeg
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-22 21:24:04 +01:00
83b3653331 disable frigate built-in auth, Authelia handles it
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-22 21:18:03 +01:00
1ada3769c3 fix frigate config: remove invalid events.retain
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-22 21:13:13 +01:00
426d86645f add Frigate NVR service behind Authelia
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-22 21:08:50 +01:00
8560c11afa fix NIC naming: use udev rules instead of .link files
systemd.network.links didn't generate files; use udev extraRules
to pin NIC names to MACs. Also disable networking.useDHCP catch-all
that silently misconfigured the LAN NIC when it got a wrong name.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-22 09:31:57 +01:00
94d5b6a2a1 pin NIC names to MAC + limit 7DTD restart loops
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-22 09:31:57 +01:00
forgejo-actions[bot]
e7222b566b Update flake inputs 2026-05-22 06:43:33 +00:00
13fac2ffdf arr: use External auth method to fix auth reset on restart
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-21 22:15:45 +01:00
forgejo-actions[bot]
1b8db12d56 Update flake inputs 2026-05-21 14:04:23 +00:00
a18db710c0 nftables: allow podman bridges in input and forward chains
Rootful Podman containers (used by the Forgejo runner) use podman0
and podman-* bridges, which were being dropped by the default-deny
firewall policy. This broke DNS resolution and internet access.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-21 15:02:09 +01:00
8b6029ca86 forgejo-runner: set explicit DNS to fix container resolution
Runner containers (via Podman compat) couldn't resolve external hosts
after AdGuard stopped binding to 0.0.0.0. Point them at 10.0.0.1.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-21 14:44:26 +01:00
fb2d3a1ff7 adguard: bind DNS to LAN + loopback only to avoid podman conflict
Binding to 0.0.0.0 claimed port 53 on podman bridge interfaces,
preventing aardvark-dns from starting and breaking Forgejo Actions.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-21 14:34:11 +01:00
4ffce27cdd ly: disable gameoflife animation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-21 09:18:26 +01:00
9d67da0d7c revert: remove 7 Days to Die window rule — not needed
The floating issue was caused by the game's Unity display mode being
set to Windowed (mode 3), which locks X11 size hints (min=max) and
prevents any tiling WM from resizing it.  Fixed by switching the
game to Fullscreen Window (mode 1) in the Wine registry instead.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-20 20:56:54 +01:00
3f1729b3b9 hyprland: use tile action for 7 Days to Die window rule
float = false isn't a valid Lua API action; tile = true is the correct
way to force an XWayland window out of floating.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-20 20:38:08 +01:00
752d6c49a0 hyprland: force 7 Days to Die to tile instead of float
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-20 20:33:33 +01:00
1aebc200b6 remove matugen remnants — theming is now handled by stylix
Delete 8 unused matugen template files, remove the matugen package,
homepage custom.css watcher infrastructure, and the wallpaper shell
function. Update remaining comments to reference stylix.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-20 17:45:11 +01:00
53c3fedf52 mediaserver: disable IPv6 to fix Jellyfin TMDb metadata fetches
No IPv6 upstream exists, but glibc still tried AAAA records first,
causing Jellyfin's TMDb client to get garbled responses.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-20 13:44:17 +01:00
066fd11449 update workflow: always commit so scheduled runs have a consistent label
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-19 19:54:21 +01:00
93a9f56092 macbook: increase DWT timeout from 0.3s to 0.4s
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-19 17:44:35 +01:00
b52f730889 macbook: re-enable touchpad when DWT service stops
Add ExecStopPost to write 0 to bcm5974's inhibited sysfs node,
so the touchpad is always restored even if the script is killed
mid-inhibit.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-19 17:41:42 +01:00
951ba2b850 macbook: revert libinput quirk — it permanently inhibits the touchpad
The AttrKeyboardIntegration=internal quirk caused libinput's native
DWT to permanently disable the touchpad. Keep the custom script.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-19 17:39:38 +01:00
22c1b35360 macbook: add libinput quirk for native DWT on bcm5974
Tell libinput the Apple keyboard is internal so its built-in
disable-while-typing pairing works despite keyboard and touchpad
sharing the same USB device. Keep the custom DWT script as fallback.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-19 17:36:04 +01:00
20f70dd27a Fix dwt ignoring modifiers like shift, alt etc. 2026-05-19 17:31:53 +01:00
ced2ff65dc Add autoupdate. 2026-05-19 17:10:17 +01:00
d66558efae macbook: remove zen warmup service; drop XFCE fallback session
The zen-beta headless warmup was causing system unresponsiveness on
the MacBook's limited hardware. XFCE fallback is unnecessary with
Hyprland's emergency mode.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-19 17:09:30 +01:00
6f3845aa1b mediaserver: enable podman for bazarr-sync container policy
Standalone podman run calls need virtualisation.podman.enable to get a
valid /etc/containers/policy.json. OCI container services got this
implicitly but our direct podman invocations did not.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-19 10:54:44 +01:00
39d5a95866 mediaserver: fix bazarr config path (YAML, not INI)
Bazarr stores its config at /var/lib/bazarr/config/config.yaml, not
the old /var/lib/bazarr/data/config/config.ini path. Use yq to extract
auth.apikey from the YAML. Fixes both bazarr-sync and arr-interconnect.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-19 10:51:53 +01:00
d83db8c555 mediaserver: add bazarr-sync for automatic subtitle synchronisation
Hourly timer syncs only recently added content (last 2h) by querying
Radarr/Sonarr APIs for new items. Weekly full-library sync runs Sunday
04:00 as a catch-all. Both run the bazarr-sync container via podman.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-19 10:46:36 +01:00
forgejo-actions[bot]
c929e90e82 flake: update inputs 2026-05-19 04:01:45 +00:00
80eda70088 macbook: reduce DWT timeout from 500ms to 300ms
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-18 17:32:51 +01:00
8285fce24a macbook: add DWT daemon for bcm5974 touchpad
Hyprland's built-in disable-while-typing doesn't work on this
MacBook because the keyboard and touchpad share the same USB
device, breaking libinput's device pairing. Add a lightweight
Python daemon that watches keyboard events and inhibits the
touchpad via sysfs for 500ms after each keypress.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-18 17:30:00 +01:00
2ed677bd8f Revert "macbook: disable touchpad while typing"
The per-device config block used invalid syntax for this Hyprland
version. Revert while we find a working approach.

This reverts commit dc7845a.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-18 17:16:33 +01:00
dc7845a7b9 macbook: disable touchpad while typing
The bcm5974 trackpad is classified as a mouse by Hyprland, not a
touchpad, so the global touchpad DWT setting had no effect. Use a
per-device config block to apply disable_while_typing directly to
the bcm5974.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-18 17:11:52 +01:00
28bac0dd46 macbook: disable touchpad while typing
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-18 17:03:49 +01:00
8c1f248fb9 macbook: add warmup service for Zen Browser
Start Zen headless for 3s at login to prime the page cache and shared
libraries on the slow MacBook Air hardware.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-18 17:02:53 +01:00
ca6699f6f4 macbook: drop unnecessary RestartSec from ghostty daemon
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-18 16:58:00 +01:00
b32bb900c0 macbook: always restart ghostty daemon after window close
Ghostty exits cleanly when the last window closes, so on-failure
never triggers a restart. Switch to Restart=always with a 1s delay
so the headless instance respawns and stays warm.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-18 16:57:05 +01:00
38bd660ddb macbook: add warmup services for Ghostty and Nemo
Start Ghostty headless and pre-warm Nemo at login so both launch
faster on the aging Haswell MacBook Air.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-18 16:53:12 +01:00
111e8183d0 hyprland: remove snixembed — breaks native SNI tray icons
snixembed conflicts with waybar's tray, causing all SNI items
(Vesktop, nm-applet) to disappear. Battle.net's tray icon doesn't
use X11 embed protocol anyway, so snixembed doesn't help.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-18 16:04:45 +01:00
5a1cc4a7ca hyprland: add snixembed for X11 tray icon bridging (Battle.net)
Wine/XWayland apps use X11 embed tray protocol which waybar's SNI-based
tray doesn't see. snixembed proxies X11 tray icons as SNI items.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-18 15:32:34 +01:00
099b312df6 common: set home-manager.backupFileExtension for safe activation
Stylix on the media server tries to manage files (GTK config,
fontconfig, etc.) that already exist, causing HM activation to fail.
Setting backupFileExtension lets HM move conflicts to .hm-bak.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-18 14:08:29 +01:00
b713d64211 stylix: enable on media server via stylix-stable (release-25.11)
Add a stylix-stable input pinned to release-25.11 so the media server
gets Stylix theming without pulling in unstable nixpkgs. btop is now
managed by Home Manager on all hosts with Stylix auto-theming.

Desktop-only config (Zen/Vesktop CSS, GTK icons) is guarded behind
an isDesktop check in stylix.nix.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-18 13:53:19 +01:00
f7f258651e hyprland: remove dead config (WLR_DRM_DEVICES, pamixer, stale CSS, old activation)
- WLR_DRM_DEVICES: wlroots env var ignored by Aquamarine, AQ_DRM_DEVICES already set
- pamixer: not referenced anywhere, volume handled by swayosd-client
- #network.disconnected CSS: no network module in waybar config
- #custom-tray-toggle CSS: renamed to #custom-tray-handle to match actual module
- removeOldHyprlandConf activation: one-time migration already completed

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-18 13:25:07 +01:00
5655987f66 hyprland: remove GCC 15 LD_PRELOAD workaround — no longer needed
Hyprland 0.55.0 now links GCC 15.2.0 natively, so the symlinkJoin
wrapper that injected LD_PRELOAD for the GLIBCXX_3.4.34 symbol is
obsolete.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-18 13:09:19 +01:00
059e847b6e anyrun: reset-failed before daemon restart in power menu
systemctl stop/start in quick succession hits the start-rate limiter,
leaving the daemon in a failed state. Reset the failure counter before
restarting.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-18 12:58:48 +01:00
e77f4791be anyrun: fix upstream flake integration and use systemd daemon
Fix config for upstream anyrun HM module (no margin option, use
package refs for plugins). The upstream module provides a systemd
user service for the daemon with Restart=on-failure, so remove
manual daemon management from Hyprland startup.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-18 12:51:41 +01:00
9f2a5a2868 anyrun: switch to upstream flake for working daemon mode
Replace nixpkgs anyrun with the upstream anyrun-org/anyrun flake,
which provides its own HM module and plugin packages. The nixpkgs
build had a broken daemon (GTK activate crash). Re-enable daemon
startup and close/open toggle.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-18 12:48:00 +01:00