Commit graph

1410 commits

Author SHA1 Message Date
forgejo-actions[bot]
34d254e32a Update flake inputs 2026-05-25 04:01:55 +00:00
forgejo-actions[bot]
71833794c7 Update flake inputs 2026-05-24 04:01:52 +00:00
forgejo-actions[bot]
cdd928e809 Update flake inputs 2026-05-23 04:01:49 +00:00
b0bf73f60e frigate: use 8 threads for CPU detection
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-22 23:19:01 +01:00
297fd631ff enable audio detection on kids_bedroom camera
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-22 23:13:06 +01:00
b957d88ff6 frigate: gate frontend with Authelia, not just API routes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-22 23:09:00 +01:00
ad11fb3033 frigate: lower detect resolution to 720p for CPU performance
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-22 23:02:44 +01:00
ed71384885 frigate: double-proxy auth to inject Remote-Role header
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-22 22:29:20 +01:00
818caf88a2 frigate: map Remote-Role header for admin access via Authelia
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-22 22:03:34 +01:00
4a5a30f018 frigate: try top-level proxy auth with Remote-User header
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-22 21:57:38 +01:00
192db01be0 revert frigate auth to disabled mode
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-22 21:52:07 +01:00
e09cbb0cb5 frigate: use proxy auth mode with Authelia headers
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-22 21:49:33 +01:00
6b113b0a72 move homepage to port 8084, 8081 used by crowdsec
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-22 21:35:50 +01:00
5e73fe6f1a add frigate to Authelia access control
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-22 21:31:32 +01:00
5a3d74d800 move homepage to port 8081, 8082 needed by frigate jsmpeg
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-22 21:24:04 +01:00
83b3653331 disable frigate built-in auth, Authelia handles it
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-22 21:18:03 +01:00
1ada3769c3 fix frigate config: remove invalid events.retain
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-22 21:13:13 +01:00
426d86645f add Frigate NVR service behind Authelia
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-22 21:08:50 +01:00
8560c11afa fix NIC naming: use udev rules instead of .link files
systemd.network.links didn't generate files; use udev extraRules
to pin NIC names to MACs. Also disable networking.useDHCP catch-all
that silently misconfigured the LAN NIC when it got a wrong name.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-22 09:31:57 +01:00
94d5b6a2a1 pin NIC names to MAC + limit 7DTD restart loops
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-22 09:31:57 +01:00
forgejo-actions[bot]
e7222b566b Update flake inputs 2026-05-22 06:43:33 +00:00
13fac2ffdf arr: use External auth method to fix auth reset on restart
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-21 22:15:45 +01:00
forgejo-actions[bot]
1b8db12d56 Update flake inputs 2026-05-21 14:04:23 +00:00
a18db710c0 nftables: allow podman bridges in input and forward chains
Rootful Podman containers (used by the Forgejo runner) use podman0
and podman-* bridges, which were being dropped by the default-deny
firewall policy. This broke DNS resolution and internet access.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-21 15:02:09 +01:00
8b6029ca86 forgejo-runner: set explicit DNS to fix container resolution
Runner containers (via Podman compat) couldn't resolve external hosts
after AdGuard stopped binding to 0.0.0.0. Point them at 10.0.0.1.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-21 14:44:26 +01:00
fb2d3a1ff7 adguard: bind DNS to LAN + loopback only to avoid podman conflict
Binding to 0.0.0.0 claimed port 53 on podman bridge interfaces,
preventing aardvark-dns from starting and breaking Forgejo Actions.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-21 14:34:11 +01:00
4ffce27cdd ly: disable gameoflife animation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-21 09:18:26 +01:00
9d67da0d7c revert: remove 7 Days to Die window rule — not needed
The floating issue was caused by the game's Unity display mode being
set to Windowed (mode 3), which locks X11 size hints (min=max) and
prevents any tiling WM from resizing it.  Fixed by switching the
game to Fullscreen Window (mode 1) in the Wine registry instead.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-20 20:56:54 +01:00
3f1729b3b9 hyprland: use tile action for 7 Days to Die window rule
float = false isn't a valid Lua API action; tile = true is the correct
way to force an XWayland window out of floating.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-20 20:38:08 +01:00
752d6c49a0 hyprland: force 7 Days to Die to tile instead of float
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-20 20:33:33 +01:00
1aebc200b6 remove matugen remnants — theming is now handled by stylix
Delete 8 unused matugen template files, remove the matugen package,
homepage custom.css watcher infrastructure, and the wallpaper shell
function. Update remaining comments to reference stylix.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-20 17:45:11 +01:00
53c3fedf52 mediaserver: disable IPv6 to fix Jellyfin TMDb metadata fetches
No IPv6 upstream exists, but glibc still tried AAAA records first,
causing Jellyfin's TMDb client to get garbled responses.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-20 13:44:17 +01:00
066fd11449 update workflow: always commit so scheduled runs have a consistent label
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-19 19:54:21 +01:00
93a9f56092 macbook: increase DWT timeout from 0.3s to 0.4s
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-19 17:44:35 +01:00
b52f730889 macbook: re-enable touchpad when DWT service stops
Add ExecStopPost to write 0 to bcm5974's inhibited sysfs node,
so the touchpad is always restored even if the script is killed
mid-inhibit.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-19 17:41:42 +01:00
951ba2b850 macbook: revert libinput quirk — it permanently inhibits the touchpad
The AttrKeyboardIntegration=internal quirk caused libinput's native
DWT to permanently disable the touchpad. Keep the custom script.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-19 17:39:38 +01:00
22c1b35360 macbook: add libinput quirk for native DWT on bcm5974
Tell libinput the Apple keyboard is internal so its built-in
disable-while-typing pairing works despite keyboard and touchpad
sharing the same USB device. Keep the custom DWT script as fallback.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-19 17:36:04 +01:00
20f70dd27a Fix dwt ignoring modifiers like shift, alt etc. 2026-05-19 17:31:53 +01:00
ced2ff65dc Add autoupdate. 2026-05-19 17:10:17 +01:00
d66558efae macbook: remove zen warmup service; drop XFCE fallback session
The zen-beta headless warmup was causing system unresponsiveness on
the MacBook's limited hardware. XFCE fallback is unnecessary with
Hyprland's emergency mode.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-19 17:09:30 +01:00
6f3845aa1b mediaserver: enable podman for bazarr-sync container policy
Standalone podman run calls need virtualisation.podman.enable to get a
valid /etc/containers/policy.json. OCI container services got this
implicitly but our direct podman invocations did not.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-19 10:54:44 +01:00
39d5a95866 mediaserver: fix bazarr config path (YAML, not INI)
Bazarr stores its config at /var/lib/bazarr/config/config.yaml, not
the old /var/lib/bazarr/data/config/config.ini path. Use yq to extract
auth.apikey from the YAML. Fixes both bazarr-sync and arr-interconnect.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-19 10:51:53 +01:00
d83db8c555 mediaserver: add bazarr-sync for automatic subtitle synchronisation
Hourly timer syncs only recently added content (last 2h) by querying
Radarr/Sonarr APIs for new items. Weekly full-library sync runs Sunday
04:00 as a catch-all. Both run the bazarr-sync container via podman.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-19 10:46:36 +01:00
forgejo-actions[bot]
c929e90e82 flake: update inputs 2026-05-19 04:01:45 +00:00
80eda70088 macbook: reduce DWT timeout from 500ms to 300ms
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-18 17:32:51 +01:00
8285fce24a macbook: add DWT daemon for bcm5974 touchpad
Hyprland's built-in disable-while-typing doesn't work on this
MacBook because the keyboard and touchpad share the same USB
device, breaking libinput's device pairing. Add a lightweight
Python daemon that watches keyboard events and inhibits the
touchpad via sysfs for 500ms after each keypress.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-18 17:30:00 +01:00
2ed677bd8f Revert "macbook: disable touchpad while typing"
The per-device config block used invalid syntax for this Hyprland
version. Revert while we find a working approach.

This reverts commit dc7845a.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-18 17:16:33 +01:00
dc7845a7b9 macbook: disable touchpad while typing
The bcm5974 trackpad is classified as a mouse by Hyprland, not a
touchpad, so the global touchpad DWT setting had no effect. Use a
per-device config block to apply disable_while_typing directly to
the bcm5974.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-18 17:11:52 +01:00
28bac0dd46 macbook: disable touchpad while typing
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-18 17:03:49 +01:00
8c1f248fb9 macbook: add warmup service for Zen Browser
Start Zen headless for 3s at login to prime the page cache and shared
libraries on the slow MacBook Air hardware.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-18 17:02:53 +01:00