NVIDIA 535's kernel module won't compile against kernel 7.x — the
DMA mapping API changed in a way the 535 source doesn't handle.
6.12 LTS is the highest kernel branch that's a well-tested combo
with the 535 driver, which we need on stable's nixpkgs to retain
Maxwell support for Jellyfin NVENC.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
legacy_580 only exists on unstable nixpkgs and isn't backported to
25.11. The Maxwell GM206 (Quadro M2000) is supported through the
535.x branch — last production driver to ship Maxwell support — so
this is a clean swap with no expected impact on Jellyfin's NVENC.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
LAN has no v6 route, so AAAA lookups succeed but connect fails. NM's
connectivity probe was reporting "limited" at boot (GNOME's "?" icon)
until the next 5-min repoll cleared it.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Overriding linuxPackagesFor doesn't affect the already-evaluated
linuxPackages_latest attribute. Extend it directly so the patched
facetimehd is picked up by boot.kernelPackages = pkgs.linuxPackages_latest.
https://claude.ai/code/session_01XEMg2HskwRaQW3nrCd1q2z
Lets 7DTD (and other native titles lacking built-in FSR) render
internally at a lower resolution and upscale to the 3440x1440
display via gamescope's FSR filter.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
record-update parses nvd diff after switch and writes latest.json;
Homepage polls a local-only nginx listener and renders date/changes/
closure/kernel via a customapi widget.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Share the wallpaper symlink across all hosts by moving it from gnome.nix
into home-manager/fred.nix, and add matugen templates for btop and the
Homepage dashboard.
The Homepage NixOS module writes custom.css into /etc (read-only), so
bind-mount /var/lib/homepage-custom-css/custom.css over it. A systemd
path unit restarts homepage-dashboard whenever matugen rewrites the
file, so regeneration works without sudo.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Wayland/Mutter forces server-side decorations when the custom title bar
is collapsed, which looked worse than the slim custom bar. Reverting to
stock VSCodium with compact menu + no command center handled in user
settings.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Using display:none removed the drag region entirely, which caused
GNOME/Mutter to fall back to server-side decorations. Collapsing the
title bar to 0 height keeps VSCodium's frameless state intact.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Override vscodium with a postFixup step that appends a style tag to
workbench.html hiding the titlebar part, so the window sits flush
against GNOME's edge without native or custom decorations.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Queries qBittorrent for individual file sizes of all active torrents.
Files whose size matches a seeded torrent file are skipped, catching
cross-filesystem copies where hardlink detection doesn't work.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Resumable batch script that finds H.264 files, re-encodes to HEVC
(libx265 CRF 24), verifies duration, and replaces originals.
Tracks completed files in /var/lib/transcode-hevc/completed.log.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The latest 595.x driver dropped Maxwell GPU support. The Quadro M2000
(GM206) requires the legacy_580 branch for CUDA/NVENC to function.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add sudo to reboot alias so it doesn't prompt for password.
Add blank line before networking.hostName in hardware config.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
On a headless system, services.xserver.videoDrivers doesn't guarantee
the NVIDIA modules load. Add nvidia, nvidia_modeset, nvidia_uvm, and
nvidia_drm to boot.kernelModules explicitly.
nvidia_uvm is particularly critical — without it, CUDA initialisation
fails with CUDA_ERROR_NO_DEVICE, which is exactly what broke Jellyfin
NVENC transcoding.
https://claude.ai/code/session_016jJU8ZtWLSnJQBdbMr5pxK
- Add NVIDIA proprietary driver config to FredOS-Mediaserver hardware
(Maxwell/GM206, open=false, modesetting enabled, headless)
- Enable hardware.graphics for DRM/KMS infrastructure
- Add jellyfin user to video and render groups for device access
After deploying, enable NVENC in Jellyfin: Dashboard → Playback →
Transcoding → Hardware acceleration: Nvidia NVENC.
https://claude.ai/code/session_016jJU8ZtWLSnJQBdbMr5pxK
New server uses systemd-boot instead of GRUB. Data disks and
mergerfs pool to be added after physical disk migration.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Clear old disk UUIDs, boot config, and filesystem mounts.
Add backup script for migrating service state to new hardware.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Electron sets the Wayland app_id from the package name (lowercase
"goofcord") but the desktop file had StartupWMClass=GoofCord
(capitalized), causing GNOME to not match the window to its icon.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Set NIXOS_OZONE_WL=1 so Electron runs on Wayland natively and sets
the correct app_id, matching the .desktop file's StartupWMClass.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
nixpkgs.stdenv.hostPlatform is not a valid NixOS option. The
deprecation warning comes from nixpkgs internals and is harmless.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Remove virtualisation.docker.enable (no longer used after native
migration of Authelia, go2rtc, and nginx)
- Add migration checklist documenting which state directories and
secrets to back up when moving to new hardware
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds authorised keys for FredOS-Gaming and phone. Disables SSH password
authentication on FredOS-Mediaserver — key auth only going forward.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replaces bare enable flag with a dedicated service module covering:
- SSH brute force via journald
- Nginx Proxy Manager auth failures via Docker log files
- Jellyfin auth failures via journald
Includes incremental ban times (up to 1 week) and LAN ignore rules.
https://claude.ai/code/session_01PwAXuaoJx7qD5FhVLsn7Sn
