- Add NVIDIA proprietary driver config to FredOS-Mediaserver hardware
(Maxwell/GM206, open=false, modesetting enabled, headless)
- Enable hardware.graphics for DRM/KMS infrastructure
- Add jellyfin user to video and render groups for device access
After deploying, enable NVENC in Jellyfin: Dashboard → Playback →
Transcoding → Hardware acceleration: Nvidia NVENC.
https://claude.ai/code/session_016jJU8ZtWLSnJQBdbMr5pxK
New server uses systemd-boot instead of GRUB. Data disks and
mergerfs pool to be added after physical disk migration.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Clear old disk UUIDs, boot config, and filesystem mounts.
Add backup script for migrating service state to new hardware.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Electron sets the Wayland app_id from the package name (lowercase
"goofcord") but the desktop file had StartupWMClass=GoofCord
(capitalized), causing GNOME to not match the window to its icon.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Set NIXOS_OZONE_WL=1 so Electron runs on Wayland natively and sets
the correct app_id, matching the .desktop file's StartupWMClass.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
nixpkgs.stdenv.hostPlatform is not a valid NixOS option. The
deprecation warning comes from nixpkgs internals and is harmless.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Remove virtualisation.docker.enable (no longer used after native
migration of Authelia, go2rtc, and nginx)
- Add migration checklist documenting which state directories and
secrets to back up when moving to new hardware
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds authorised keys for FredOS-Gaming and phone. Disables SSH password
authentication on FredOS-Mediaserver — key auth only going forward.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replaces bare enable flag with a dedicated service module covering:
- SSH brute force via journald
- Nginx Proxy Manager auth failures via Docker log files
- Jellyfin auth failures via journald
Includes incremental ban times (up to 1 week) and LAN ignore rules.
https://claude.ai/code/session_01PwAXuaoJx7qD5FhVLsn7Sn
