Clear old disk UUIDs, boot config, and filesystem mounts.
Add backup script for migrating service state to new hardware.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Electron sets the Wayland app_id from the package name (lowercase
"goofcord") but the desktop file had StartupWMClass=GoofCord
(capitalized), causing GNOME to not match the window to its icon.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Set NIXOS_OZONE_WL=1 so Electron runs on Wayland natively and sets
the correct app_id, matching the .desktop file's StartupWMClass.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
nixpkgs.stdenv.hostPlatform is not a valid NixOS option. The
deprecation warning comes from nixpkgs internals and is harmless.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Remove virtualisation.docker.enable (no longer used after native
migration of Authelia, go2rtc, and nginx)
- Add migration checklist documenting which state directories and
secrets to back up when moving to new hardware
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds authorised keys for FredOS-Gaming and phone. Disables SSH password
authentication on FredOS-Mediaserver — key auth only going forward.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replaces bare enable flag with a dedicated service module covering:
- SSH brute force via journald
- Nginx Proxy Manager auth failures via Docker log files
- Jellyfin auth failures via journald
Includes incremental ban times (up to 1 week) and LAN ignore rules.
https://claude.ai/code/session_01PwAXuaoJx7qD5FhVLsn7Sn
