Add a stylix-stable input pinned to release-25.11 so the media server
gets Stylix theming without pulling in unstable nixpkgs. btop is now
managed by Home Manager on all hosts with Stylix auto-theming.
Desktop-only config (Zen/Vesktop CSS, GTK icons) is guarded behind
an isDesktop check in stylix.nix.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The M2000's legacy_535 driver caps CUDA support at 12.2; nixpkgs'
default ollama-cuda targets 12.8 (requires driver ≥570), causing
the runner to crash immediately. Override to CUDA 12.2 with sm_52
arch target to match Maxwell GM206 compute capability.
Also open port 11434 on the mediaserver firewall for remote ollama
access from other LAN hosts.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
record-update parses nvd diff after switch and writes latest.json;
Homepage polls a local-only nginx listener and renders date/changes/
closure/kernel via a customapi widget.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Share the wallpaper symlink across all hosts by moving it from gnome.nix
into home-manager/fred.nix, and add matugen templates for btop and the
Homepage dashboard.
The Homepage NixOS module writes custom.css into /etc (read-only), so
bind-mount /var/lib/homepage-custom-css/custom.css over it. A systemd
path unit restarts homepage-dashboard whenever matugen rewrites the
file, so regeneration works without sudo.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Queries qBittorrent for individual file sizes of all active torrents.
Files whose size matches a seeded torrent file are skipped, catching
cross-filesystem copies where hardlink detection doesn't work.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Resumable batch script that finds H.264 files, re-encodes to HEVC
(libx265 CRF 24), verifies duration, and replaces originals.
Tracks completed files in /var/lib/transcode-hevc/completed.log.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Remove virtualisation.docker.enable (no longer used after native
migration of Authelia, go2rtc, and nginx)
- Add migration checklist documenting which state directories and
secrets to back up when moving to new hardware
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds authorised keys for FredOS-Gaming and phone. Disables SSH password
authentication on FredOS-Mediaserver — key auth only going forward.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replaces bare enable flag with a dedicated service module covering:
- SSH brute force via journald
- Nginx Proxy Manager auth failures via Docker log files
- Jellyfin auth failures via journald
Includes incremental ban times (up to 1 week) and LAN ignore rules.
https://claude.ai/code/session_01PwAXuaoJx7qD5FhVLsn7Sn