diff --git a/.claude/skills/ponytail/SKILL.md b/.claude/skills/ponytail/SKILL.md new file mode 100644 index 0000000..0e0d3be --- /dev/null +++ b/.claude/skills/ponytail/SKILL.md @@ -0,0 +1,100 @@ +--- +name: ponytail +description: > + Forces the laziest solution that actually works, simplest, shortest, most + minimal. Channels a senior dev who has seen everything: question whether the + task needs to exist at all (YAGNI), reach for the standard library before + custom code, native platform features before dependencies, one line before + fifty. Supports intensity levels: lite, full (default), ultra. Use whenever + the user says "ponytail", "be lazy", "lazy mode", "simplest solution", + "minimal solution", "yagni", "do less", or "shortest path", and whenever + they complain about over-engineering, bloat, boilerplate, or unnecessary + dependencies. +license: MIT +--- + +# Ponytail + +You are a lazy senior developer. Lazy means efficient, not careless. You have +seen every over-engineered codebase and been paged at 3am for one. The best +code is the code never written. + +## Persistence + +ACTIVE EVERY RESPONSE. No drift back to over-building. Still active if +unsure. Off only: "stop ponytail" / "normal mode". Default: **full**. +Switch: `/ponytail lite|full|ultra`. + +## The ladder + +Stop at the first rung that holds: + +1. **Does this need to exist at all?** Speculative need = skip it, say so in one line. (YAGNI) +2. **Stdlib does it?** Use it. +3. **Native platform feature covers it?** `` over a picker lib, CSS over JS, DB constraint over app code. +4. **Already-installed dependency solves it?** Use it. Never add a new one for what a few lines can do. +5. **Can it be one line?** One line. +6. **Only then:** the minimum code that works. + +The ladder is a reflex, not a research project. Two rungs work → take the +higher one and move on. The first lazy solution that works is the right one. + +## Rules + +- No unrequested abstractions: no interface with one implementation, no factory for one product, no config for a value that never changes. +- No boilerplate, no scaffolding "for later", later can scaffold for itself. +- Deletion over addition. Boring over clever, clever is what someone decodes at 3am. +- Fewest files possible. Shortest working diff wins. +- Complex request? Ship the lazy version and question it in the same response, "Did X; Y covers it. Need full X? Say so." Never stall on an answer you can default. +- Two stdlib options, same size? Take the one that's correct on edge cases. Lazy means writing less code, not picking the flimsier algorithm. +- Mark deliberate simplifications with a `ponytail:` comment (`// ponytail: this exists`), simple reads as intent, not ignorance. Shortcut with a known ceiling (global lock, O(n²) scan, naive heuristic)? The comment names the ceiling and the upgrade path: `# ponytail: global lock, per-account locks if throughput matters`. + +## Output + +Code first. Then at most three short lines: what was skipped, when to add it. +No essays, no feature tours, no design notes. If the explanation is longer +than the code, delete the explanation, every paragraph defending a +simplification is complexity smuggled back in as prose. Explanation the user +explicitly asked for (a report, a walkthrough, per-phase notes) is not debt, +give it in full, the rule is only against unrequested prose. + +Pattern: `[code] → skipped: [X], add when [Y].` + +## Intensity + +| Level | What change | +|-------|------------| +| **lite** | Build what's asked, but name the lazier alternative in one line. User picks. | +| **full** | The ladder enforced. Stdlib and native first. Shortest diff, shortest explanation. Default. | +| **ultra** | YAGNI extremist. Deletion before addition. Ship the one-liner and challenge the rest of the requirement in the same breath. | + +Example: "Add a cache for these API responses." +- lite: "Done, cache added. FYI: `functools.lru_cache` covers this in one line if you'd rather not own a cache class." +- full: "`@lru_cache(maxsize=1000)` on the fetch function. Skipped custom cache class, add when lru_cache measurably falls short." +- ultra: "No cache until a profiler says so. When it does: `@lru_cache`. A hand-rolled TTL cache class is a bug farm with a hit rate." + +## When NOT to be lazy + +Never simplify away: input validation at trust boundaries, error handling +that prevents data loss, security measures, accessibility basics, anything +explicitly requested. User insists on the full version → build it, no +re-arguing. + +Hardware is never the ideal on paper: a real clock drifts, a real sensor +reads off, a PCA9685 runs a few percent fast. Leave the calibration knob, not +just less code, the physical world needs tuning a minimal model can't see. + +Lazy code without its check is unfinished. Non-trivial logic (a branch, a +loop, a parser, a money/security path) leaves ONE runnable check behind, the +smallest thing that fails if the logic breaks: an `assert`-based +`demo()`/`__main__` self-check or one small `test_*.py`. No frameworks, no +fixtures, no per-function suites unless asked. Trivial one-liners need no +test, YAGNI applies to tests too. + +## Boundaries + +Ponytail governs what you build, not how you talk (pair with Caveman for +terse prose). "stop ponytail" / "normal mode": revert. Level persists until +changed or session end. + +The shortest path to done is the right path. diff --git a/.mcp.json b/.mcp.json new file mode 100644 index 0000000..24bc471 --- /dev/null +++ b/.mcp.json @@ -0,0 +1,14 @@ +{ + "mcpServers": { + "nixos": { + "type": "stdio", + "command": "nix", + "args": [ + "run", + "github:utensils/mcp-nixos", + "--" + ], + "env": {} + } + } +} \ No newline at end of file diff --git a/CLAUDE.md b/CLAUDE.md index 8287bfe..b3dde06 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -27,6 +27,11 @@ That means evaluation is **pure**: config can never read files outside the repo ## Code Evaluation +Before writing or changing any NixOS / Home Manager option, verify it exists and +has the expected name and type using the `nixos` MCP server tools (`nix` / +`nix_versions`, configured in `.mcp.json`). Don't rely on memory for option or +package names — look them up first to avoid invented attributes that fail at eval. + Always validate Nix expressions with `nix eval` before committing. For example: ```bash diff --git a/common.nix b/common.nix index 48cb9c8..2d07bff 100644 --- a/common.nix +++ b/common.nix @@ -22,7 +22,7 @@ ./services/qbittorrent-nox.nix ./services/nginx.nix ./services/go2rtc.nix - ./services/frigate.nix + # ./services/frigate.nix ./services/sonarr.nix ./services/radarr.nix ./services/prowlarr.nix @@ -37,10 +37,14 @@ ./services/adguard.nix ./services/router.nix ./services/crowdsec.nix + ./services/service-health.nix ./services/sabnzbd.nix ./services/forgejo-runner.nix ./services/code-server.nix ./services/memos.nix + # ./services/neko.nix # superseded by selkies.nix (Neko can't handle GW's mouse grab) + ./services/selkies.nix + ./services/hardware-health.nix ]; ### Make build time quicker @@ -87,6 +91,12 @@ # Allow unfree packages nixpkgs.config.allowUnfree = true; + # vesktop (multiple hosts) builds with pnpm via fetchPnpmDeps, which nixpkgs + # marks insecure (build-time only, hash-pinned FOD — not in PATH). broadcom-sta + # is Macbook-only Wi-Fi but allowing it everywhere is harmless (absent on others). + nixpkgs.config.allowInsecurePredicate = pkg: + lib.any (p: lib.hasPrefix p (lib.getName pkg)) [ "broadcom-sta" "pnpm" ]; + # Flakes — nixos-rebuild self-enables these, but plain `nix eval` / # `nix flake check` on the hosts need them too. nix.settings.experimental-features = [ "nix-command" "flakes" ]; diff --git a/flake.lock b/flake.lock index 79d501a..7482e48 100644 --- a/flake.lock +++ b/flake.lock @@ -71,11 +71,11 @@ "cachyos-kernel": { "flake": false, "locked": { - "lastModified": 1780413908, - "narHash": "sha256-T15bnskj20rdc4vJ55bFF2lVCVR8edilWn0hiYR7vVs=", + "lastModified": 1781883168, + "narHash": "sha256-raAojJGk0aWdscfFn/9ikZ6V5oUuAZcAz5kjAZ2QN3E=", "owner": "CachyOS", "repo": "linux-cachyos", - "rev": "a61f943f5e94b75c5600a2968cb699d0e37945b3", + "rev": "daed450e9b1a4fadfef68fb4fa5e2f3391fedb34", "type": "github" }, "original": { @@ -87,11 +87,11 @@ "cachyos-kernel-patches": { "flake": false, "locked": { - "lastModified": 1780462466, - "narHash": "sha256-t6c7FTqMB0skEz+4tei5v8GEyL4fRDgx24oW3LrnYiE=", + "lastModified": 1782242233, + "narHash": "sha256-AUwTZq++PBq0qjDVFKqD0AZNNwa0b1RK41bM9XMbkW8=", "owner": "CachyOS", "repo": "kernel-patches", - "rev": "bb41330bd4372672f552beda66712fb70b17f0fa", + "rev": "19250dcc39862169961756c733b8a6ba77754c22", "type": "github" }, "original": { @@ -211,11 +211,11 @@ ] }, "locked": { - "lastModified": 1781319724, - "narHash": "sha256-ZGuxexEMo4Xv28KJ0dX/m/PHN4oZIOnxHZpNTyrvx4M=", + "lastModified": 1782704057, + "narHash": "sha256-G1I1gd32F7mp9LAe1DaZ4ZL7NX5gyiKwdCMwro1Vrck=", "owner": "nix-community", "repo": "home-manager", - "rev": "8355f0a16b2dbb06a97959a918af5b239bbe05ae", + "rev": "868d0a692de703c2de98fab61968e4e310b7c28e", "type": "github" }, "original": { @@ -234,11 +234,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1780771919, - "narHash": "sha256-cbace1ZTWYFG0luPL7OFlUxDh/t9lmPj+Isvg9hLN0k=", + "lastModified": 1782415778, + "narHash": "sha256-Qts73QQA+lADfxWjonL3Q1JcZssVZPsQI38L3qZyS0o=", "owner": "xddxdd", "repo": "nix-cachyos-kernel", - "rev": "3d940a534da0ba6bce60e345ff2c9c7b062087fb", + "rev": "1740ec90e7b07730c212a3a1ff5e71af08a5270b", "type": "github" }, "original": { @@ -250,11 +250,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1780751787, - "narHash": "sha256-nWR7F46SyrLvN8Ot39XJDpVCswekGakXlOD4KsTYKW0=", + "lastModified": 1782378976, + "narHash": "sha256-UqQgBlQATXM3aBvzTRE/1wxHrCdKg5/ePlXfG/7Eqd8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "00fa9a692bafc08a86061886f888b843bf7fbdb0", + "rev": "5df71f3d167f0aad71658608361c1301147b9eb6", "type": "github" }, "original": { @@ -281,11 +281,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1780902259, - "narHash": "sha256-q8yYEC5f1mFlQO9RGna4LTc9QrcvWunX6FYp83munkQ=", + "lastModified": 1782535326, + "narHash": "sha256-ZeRxu4yn6shd3SNF5ZUQb4r7BaVo1zBKMjRhfoNSBmw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bd0ff2d3eac24699c3664d5966b9ef36f388e2ca", + "rev": "714a5f8c4ead6b31148d829288440ed033ccc041", "type": "github" }, "original": { @@ -297,11 +297,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1781074563, - "narHash": "sha256-md8WlXOlfnIeHeOScMTTHFyf2d6iaTwPl2apR5EQ3P4=", + "lastModified": 1782467914, + "narHash": "sha256-pGvFkM8N0xEkIIXDe5YYfbEAvHrk4IxBrjB/x8OomhE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9ae611a455b90cf061d8f332b977e387bda8e1ca", + "rev": "e73de5be04e0eff4190a1432b946d469c794e7b4", "type": "github" }, "original": { @@ -357,11 +357,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1781246162, - "narHash": "sha256-fXCugzDNhaoboraH1j5NJRYWxOS+wXkbxlRkny1u4NU=", + "lastModified": 1782481477, + "narHash": "sha256-CgRxFjimm1aw9sXkN+Bhx458a1/MH760dfgRhULLdxU=", "owner": "powerofthe69", "repo": "proton-cachyos-nix", - "rev": "12843d42325e2497e53338224b546b98cf22f8fd", + "rev": "7509cbb68c200f203af3b1b25d4699fa061371c3", "type": "github" }, "original": { @@ -398,11 +398,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1780702455, - "narHash": "sha256-+srjPGNy67nKytYwdlepycL51IG6S34sS4MKRZXK8G0=", + "lastModified": 1782770679, + "narHash": "sha256-+8RpmHKn5n2tYmoRCwiKJ6PeU85q15qnXzGQ2WGMn9Q=", "owner": "nix-community", "repo": "stylix", - "rev": "54fa19702f4f2c7f6a981a92850678933588af9a", + "rev": "3ed763829fc06d32cab3c1f31672379a1f53450e", "type": "github" }, "original": { @@ -501,11 +501,11 @@ ] }, "locked": { - "lastModified": 1781173532, - "narHash": "sha256-MwnZpL82aQO1I15JH525vz6REI/OULEAmXDp6cIcgNg=", + "lastModified": 1782623843, + "narHash": "sha256-zQdTvI8jcVfblsrWafw1ykTnCVoV94ttxb5e6drwVaI=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "f13e82162fae68af7716147207fa5f868f5ca381", + "rev": "c59e57b9c6ea4c86f9f3b7efc92db3cbd305d078", "type": "github" }, "original": { diff --git a/hosts/hardware/FredOS-Macbook.nix b/hosts/hardware/FredOS-Macbook.nix index bc8e658..39af88d 100644 --- a/hosts/hardware/FredOS-Macbook.nix +++ b/hosts/hardware/FredOS-Macbook.nix @@ -34,10 +34,17 @@ hardware.enableRedistributableFirmware = true; hardware.facetimehd.enable = true; + # Pin to the 6.12 LTS kernel: the out-of-tree broadcom_sta (Wi-Fi) and + # facetimehd (iSight) modules don't build against linuxPackages_latest + # (7.x) — broadcom-sta's wl_cfg80211 ops no longer match the cfg80211 API. + # 6.12 LTS is the newest kernel both modules compile against. Overrides + # common.nix's linuxPackages_latest. + boot.kernelPackages = lib.mkForce pkgs.linuxPackages_6_12; + # wait_prepare/wait_finish were removed from struct vb2_ops in Linux 6.8 nixpkgs.overlays = [ (final: prev: { - linuxPackages_latest = prev.linuxPackages_latest.extend (lpFinal: lpPrev: { + linuxPackages_6_12 = prev.linuxPackages_6_12.extend (lpFinal: lpPrev: { facetimehd = lpPrev.facetimehd.overrideAttrs (old: { postPatch = (old.postPatch or "") + '' sed -i '/\.wait_prepare[[:space:]]*=.*vb2_ops_wait_prepare/d' fthd_v4l2.c @@ -48,8 +55,7 @@ }) ]; - nixpkgs.config.allowInsecurePredicate = pkg: - (lib.hasPrefix "broadcom-sta" (lib.getName pkg)); + # allowInsecurePredicate (broadcom-sta + pnpm) lives in common.nix now. services.xserver.deviceSection = lib.mkDefault '' Option "TearFree" "true" diff --git a/ports.toml b/ports.toml index ac7f48d..3cf5547 100644 --- a/ports.toml +++ b/ports.toml @@ -45,5 +45,10 @@ name = "7DTD-coop voice/dynamic" ports = "26911-26912" protocol = "udp" +[[forward]] +name = "Neko WebRTC" +port = 59000 +protocol = "udp" + # DR (Dungeon Runners) forwards removed — services/dr-server.nix is disabled. # Re-add 2110 tcp, 2603 both, 2604-2605 udp, 2606 tcp if it comes back. diff --git a/services/arr-interconnect.nix b/services/arr-interconnect.nix index 66440df..7e8293e 100644 --- a/services/arr-interconnect.nix +++ b/services/arr-interconnect.nix @@ -2,7 +2,7 @@ let interconnectScript = pkgs.writeShellScript "arr-interconnect" '' set -euo pipefail - PATH="${lib.makeBinPath [ pkgs.curl pkgs.jq pkgs.gnused pkgs.gnugrep pkgs.coreutils pkgs.systemd ]}:$PATH" + PATH="${lib.makeBinPath [ pkgs.curl pkgs.jq pkgs.gnused pkgs.gnugrep pkgs.coreutils pkgs.systemd pkgs.sqlite ]}:$PATH" BASE="http://127.0.0.1" @@ -30,6 +30,14 @@ let SABNZBD_KEY=$(grep -oP '^api_key\s*=\s*\K\S+' /var/lib/sabnzbd/sabnzbd.ini | head -n1 || true) fi + # Jellyfin has no config.xml api key; any AccessToken in its db works as + # an API key. Reuse the first one (create one in the Jellyfin UI once if + # the table is empty — same first-run caveat as SAB above). + JELLYFIN_KEY="" + if [ -f "/var/lib/jellyfin/data/jellyfin.db" ]; then + JELLYFIN_KEY=$(sqlite3 /var/lib/jellyfin/data/jellyfin.db "SELECT AccessToken FROM ApiKeys LIMIT 1;" 2>/dev/null || true) + fi + # --- Helpers --- wait_for() { local name="$1" url="$2" key="$3" @@ -341,6 +349,79 @@ let fi fi + ########################################################################## + # Sonarr → Jellyfin (refresh library on import so new shows appear + # without waiting for Jellyfin's flaky filesystem watcher / full scan) + ########################################################################## + if [ -n "$SONARR_KEY" ] && [ -n "$JELLYFIN_KEY" ]; then + if ! exists_by_name "$BASE:8989/api/v3/notification" "$SONARR_KEY" "Jellyfin"; then + echo "Adding Jellyfin notification to Sonarr..." + curl -sf -X POST \ + -H "Content-Type: application/json" \ + -H "X-Api-Key: $SONARR_KEY" \ + "$BASE:8989/api/v3/notification" \ + -d "$(jq -n --arg key "$JELLYFIN_KEY" '{ + name: "Jellyfin", + implementation: "MediaBrowser", + configContract: "MediaBrowserSettings", + implementationName: "Emby / Jellyfin", + onDownload: true, + onUpgrade: true, + onRename: true, + onSeriesDelete: true, + onEpisodeFileDelete: true, + onEpisodeFileDeleteForUpgrade: true, + fields: [ + {name: "host", value: "localhost"}, + {name: "port", value: 8096}, + {name: "useSsl", value: false}, + {name: "apiKey", value: $key}, + {name: "notify", value: false}, + {name: "updateLibrary", value: true} + ], + tags: [] + }')" > /dev/null && echo " done" || echo " failed" + else + echo "Sonarr → Jellyfin already configured" + fi + fi + + ########################################################################## + # Radarr → Jellyfin (refresh library on import) + ########################################################################## + if [ -n "$RADARR_KEY" ] && [ -n "$JELLYFIN_KEY" ]; then + if ! exists_by_name "$BASE:7878/api/v3/notification" "$RADARR_KEY" "Jellyfin"; then + echo "Adding Jellyfin notification to Radarr..." + curl -sf -X POST \ + -H "Content-Type: application/json" \ + -H "X-Api-Key: $RADARR_KEY" \ + "$BASE:7878/api/v3/notification" \ + -d "$(jq -n --arg key "$JELLYFIN_KEY" '{ + name: "Jellyfin", + implementation: "MediaBrowser", + configContract: "MediaBrowserSettings", + implementationName: "Emby / Jellyfin", + onDownload: true, + onUpgrade: true, + onRename: true, + onMovieDelete: true, + onMovieFileDelete: true, + onMovieFileDeleteForUpgrade: true, + fields: [ + {name: "host", value: "localhost"}, + {name: "port", value: 8096}, + {name: "useSsl", value: false}, + {name: "apiKey", value: $key}, + {name: "notify", value: false}, + {name: "updateLibrary", value: true} + ], + tags: [] + }')" > /dev/null && echo " done" || echo " failed" + else + echo "Radarr → Jellyfin already configured" + fi + fi + ########################################################################## # Prowlarr auth — trust localhost so Authelia is the only gate. Other # *arr apps default to this; Prowlarr does not. diff --git a/services/authelia.nix b/services/authelia.nix index 0d3f0f7..92b0e0d 100644 --- a/services/authelia.nix +++ b/services/authelia.nix @@ -41,6 +41,7 @@ { domain = "sabnzbd.nordhammer.it"; policy = "one_factor"; } { domain = "code.nordhammer.it"; policy = "one_factor"; } { domain = "notes.nordhammer.it"; policy = "one_factor"; } + { domain = "selkies.nordhammer.it"; policy = "one_factor"; } ]; }; diff --git a/services/crowdsec.nix b/services/crowdsec.nix index 355f9d9..d35905c 100644 --- a/services/crowdsec.nix +++ b/services/crowdsec.nix @@ -9,37 +9,10 @@ # 2. Delete ../modules/crowdsec/ and the disabledModules + imports lines below # 3. The settings/option API is the same as the PR's, so config below is forward-compatible # -# Before first deploy, create /var/secrets/ntfy-url with your topic URL: -# echo 'https://ntfy.sh/nordhammer-' | sudo tee /var/secrets/ntfy-url -# sudo chmod 600 /var/secrets/ntfy-url +# CrowdSec bans silently — no ntfy pushes (they were constant noise). +# The /var/secrets/ntfy-url topic is used by services/service-health.nix instead. { config, lib, pkgs, ... }: let - # The real URL is injected at service start (see ExecStartPre below) — - # eval-time builtins.readFile can't see /var/secrets under pure flake - # evaluation, which is how the `update` alias builds. - ntfyUrlPlaceholder = "@NTFY_URL@"; - - # The module renders settings.notifications into /etc/crowdsec/notifications/ - # as a symlink into /etc/static (the store). Re-render it from the static - # source with the secret substituted on every service start; nixos-rebuild - # restores the symlink on activation, so this never goes stale. - injectNtfyUrl = pkgs.writeShellScript "crowdsec-inject-ntfy-url" '' - set -euo pipefail - src=/etc/static/crowdsec/notifications/0-nixos-generated.yaml - dst=/etc/crowdsec/notifications/0-nixos-generated.yaml - secret=/var/secrets/ntfy-url - if [ ! -f "$secret" ]; then - echo "WARNING: $secret not found; ntfy notifications will not work" >&2 - exit 0 - fi - url=$(${pkgs.coreutils}/bin/tr -d '\n' < "$secret") - tmp=$(${pkgs.coreutils}/bin/mktemp "$dst.XXXXXX") - ${pkgs.gnused}/bin/sed "s|${ntfyUrlPlaceholder}|$url|g" "$src" > "$tmp" - ${pkgs.coreutils}/bin/chmod 600 "$tmp" - ${pkgs.coreutils}/bin/chown crowdsec:crowdsec "$tmp" - ${pkgs.coreutils}/bin/mv "$tmp" "$dst" - ''; - # nixpkgs only builds the agent + cscli; the new module also expects # notification plugins at $out/libexec/crowdsec/plugins/. Compile them # from the same source tree (cmd/notification-*) and move them there. @@ -142,52 +115,27 @@ in } ]; - # Push notifications via ntfy.sh - notifications = [ - { - name = "ntfy_http"; - type = "http"; - log_level = "info"; - url = ntfyUrlPlaceholder; - method = "POST"; - headers = { - Title = "CrowdSec alert"; - Priority = "high"; - Tags = "rotating_light"; - }; - format = '' - {{range . -}} - {{.Scenario}} from {{.Source.IP}} ({{.Source.Cn}}) — {{len .Decisions}} decision(s) taken - {{end -}} - ''; - } - ]; - - # Override default profiles to attach the ntfy notifier + # Profiles set ban duration to 4h. No ntfy notifications: a push per + # ban was constant noise on a WAN-exposed box. ntfy is now reserved + # for service-down alerts (see services/service-health.nix); CrowdSec + # still bans silently. profiles = [ { name = "default_ip_remediation"; filters = [ "Alert.Remediation == true && Alert.GetScope() == 'Ip'" ]; decisions = [{ type = "ban"; duration = "4h"; }]; - notifications = [ "ntfy_http" ]; on_success = "break"; } { name = "default_range_remediation"; filters = [ "Alert.Remediation == true && Alert.GetScope() == 'Range'" ]; decisions = [{ type = "ban"; duration = "4h"; }]; - notifications = [ "ntfy_http" ]; on_success = "break"; } ]; }; }; - # Inject the ntfy topic URL into the rendered notification config before - # every start. "+" runs the script with full privileges (it reads the - # root-owned secret and replaces a root-owned /etc symlink). - systemd.services.crowdsec.serviceConfig.ExecStartPre = [ "+${injectNtfyUrl}" ]; - # Firewall bouncer enforces decisions via nftables; auto-registers with LAPI services.crowdsec-firewall-bouncer = { enable = true; diff --git a/services/hardware-health.nix b/services/hardware-health.nix new file mode 100644 index 0000000..6d2d525 --- /dev/null +++ b/services/hardware-health.nix @@ -0,0 +1,35 @@ +# services/hardware-health.nix — RAS error attribution + watchdog auto-recovery +# +# Context: Jun 2026 the dual Xeon E5-2697 v3 began throwing a storm of +# *corrected* Machine Check Exceptions on both sockets (Bank 5 / Bank 20), +# ~18k events in 36h, eventually hanging the box. Since this host is the +# router, a hang takes the whole LAN offline until a manual power-cycle. +# +# This module: +# - rasdaemon: decodes every MCE to a specific DIMM/channel/socket and +# persists a per-component error DB, so a failing part can be named +# (needed for the seller's warranty claim). Query with `ras-mc-ctl +# --error-count` and `ras-mc-ctl --summary`. +# - hardware watchdog: if userspace hangs again, systemd stops petting +# /dev/watchdog0 and the chipset watchdog reboots the box (~30s), +# restoring the LAN without physical access. + +{ config, lib, pkgs, ... }: +{ + config = lib.mkIf (config.networking.hostName == "FredOS-Mediaserver") { + + # Decode + log + persist machine-check / memory errors per component. + hardware.rasdaemon.enable = true; + + # ras-mc-ctl on PATH for manual inspection. + environment.systemPackages = [ pkgs.rasdaemon ]; + + # Hardware watchdog: auto-reboot a hung box instead of a dead LAN. + # systemd pets /dev/watchdog0 at half the runtime interval; if it stops + # (hang), the chipset resets after RuntimeWatchdogSec. + systemd.settings.Manager = { + RuntimeWatchdogSec = "30s"; + RebootWatchdogSec = "10min"; + }; + }; +} diff --git a/services/neko.nix b/services/neko.nix new file mode 100644 index 0000000..46e04cf --- /dev/null +++ b/services/neko.nix @@ -0,0 +1,92 @@ +# services/neko.nix — Guild Wars (2005) in a browser via Neko +# +# Streams an Xfce desktop running the Windows Guild Wars client (under Wine) +# to a browser tab over WebRTC. Reach it at neko.nordhammer.it (Authelia-gated). +# +# Neko's stock images don't ship Wine, and apt installs land in /usr — which is +# wiped whenever the container is recreated. So we bake Wine into a locally-built +# image (FROM the upstream nvidia-xfce base) instead of relying on a volume. +# Guild Wars' own data installs into the persistent /home/neko volume on first run. +# +# Rendering is software-only (no GPU): neko doesn't ship a prebuilt NVIDIA Xfce +# desktop image, and building one from nvidia-base is a big detour for a 2005 +# game. Wine renders via llvmpipe (software OpenGL) and neko encodes via x264 — +# both are heavily multithreaded and this box has 56 Xeon threads to spare, so +# Guild Wars is comfortably playable this way. +{ config, pkgs, lib, ... }: +let + # Wine-enabled image definition. Fed to `docker build` over stdin (see below) + # so there's no build context — we have no COPY/ADD, and a Nix-store symlinked + # context dir breaks BuildKit's Dockerfile resolution. Pinned to the v3.1 + # series so the NEKO_MEMBER_*/NEKO_WEBRTC_* env schema below stays valid. + dockerfile = pkgs.writeText "neko-gw.Dockerfile" '' + FROM ghcr.io/m1k1o/neko/xfce:3.1 + USER root + RUN dpkg --add-architecture i386 \ + && apt-get update \ + && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ + wine wine64 wine32 winbind ca-certificates wget \ + libgl1 libgl1:i386 libglx-mesa0 libglx-mesa0:i386 \ + libgl1-mesa-dri libgl1-mesa-dri:i386 \ + && rm -rf /var/lib/apt/lists/* + ''; +in +{ + config = lib.mkIf (config.networking.hostName == "FredOS-Mediaserver") { + + virtualisation.docker.enable = true; + + systemd.tmpfiles.rules = [ + "d /var/lib/neko 0755 root root -" + # The container's neko user is uid/gid 1000 and must own its home, or the + # X server / Xfce can't create ~/.config, ~/.cache, etc. and the desktop + # never starts. + "d /var/lib/neko/home 0755 1000 1000 -" + ]; + + systemd.services.neko = { + description = "Neko — Guild Wars in a browser (Xfce + Wine + NVIDIA)"; + after = [ "docker.service" "network-online.target" ]; + requires = [ "docker.service" ]; + wants = [ "network-online.target" ]; + wantedBy = [ "multi-user.target" ]; + + # First start pulls a multi-GB base image and runs apt — give it room. + # If it fails, back off but don't crash-loop (see 7dtd veth-flood note). + startLimitIntervalSec = 600; + startLimitBurst = 3; + + serviceConfig = { + Restart = "on-failure"; + RestartSec = "30s"; + TimeoutStartSec = "3600"; + ExecStartPre = [ + "-${pkgs.docker}/bin/docker rm -f neko" + "${pkgs.writeShellScript "neko-build" '' + exec ${pkgs.docker}/bin/docker build -t neko-gw:local - < ${dockerfile} + ''}" + ]; + # Wrapped in a shell script so the ICE-server JSON survives quoting + # (systemd's own ExecStart parser would strip the inner double quotes). + ExecStart = pkgs.writeShellScript "neko-run" '' + exec ${pkgs.docker}/bin/docker run --rm --name neko \ + --shm-size=1g \ + -e LIBGL_ALWAYS_SOFTWARE=1 \ + -p 127.0.0.1:8092:8080 \ + -p 59000:59000/udp \ + -e NEKO_DESKTOP_SCREEN=1280x720@30 \ + -e NEKO_MEMBER_PROVIDER=multiuser \ + -e NEKO_MEMBER_MULTIUSER_USER_PASSWORD=neko \ + -e NEKO_MEMBER_MULTIUSER_ADMIN_PASSWORD=neko-admin \ + -e NEKO_WEBRTC_UDPMUX=59000 \ + -e NEKO_WEBRTC_NAT1TO1=10.0.0.1 \ + -e 'NEKO_WEBRTC_ICESERVERS_FRONTEND=[{"urls":["stun:stun.l.google.com:19302"]}]' \ + -e 'NEKO_WEBRTC_ICESERVERS_BACKEND=[{"urls":["stun:stun.l.google.com:19302"]}]' \ + -v /var/lib/neko/home:/home/neko \ + neko-gw:local + ''; + ExecStop = "${pkgs.docker}/bin/docker stop neko"; + }; + }; + }; +} diff --git a/services/nginx.nix b/services/nginx.nix index c340533..ac98d9e 100644 --- a/services/nginx.nix +++ b/services/nginx.nix @@ -123,6 +123,7 @@ in ''; }; "notes.nordhammer.it" = protectedProxy 5230; + "selkies.nordhammer.it" = protectedProxy 8093; # --- Local-only: serves update history JSON to Homepage's customapi widget --- "homepage-updates.local" = { diff --git a/services/selkies.nix b/services/selkies.nix new file mode 100644 index 0000000..b8c8e03 --- /dev/null +++ b/services/selkies.nix @@ -0,0 +1,99 @@ +# services/selkies.nix — Guild Wars in a browser via Selkies +# +# Replaces the Neko attempt (services/neko.nix, now unimported): Neko's +# absolute-pointer input model can't handle Guild Wars' exclusive mouse grab. +# Selkies captures the mouse client-side with the browser Pointer Lock API and +# sends *relative* movement, so the grab is a non-issue — and it uses the GPU +# (NVENC + EGL) instead of software rendering. +# +# Reach it at selkies.nordhammer.it (Authelia-gated). The Wine prefix with +# Guild Wars already installed is reused from the old Neko home, seeded into +# /var/lib/selkies/home/.wine (see the deploy note in the repo). +{ config, pkgs, lib, ... }: +let + # Selkies' NVIDIA EGL desktop (Ubuntu 24.04) plus Wine for the 32-bit GW + # client. Built from stdin (no build context); see neko.nix for the why. + dockerfile = pkgs.writeText "selkies-gw.Dockerfile" '' + FROM ghcr.io/selkies-project/nvidia-egl-desktop:24.04 + USER root + RUN add-apt-repository -y multiverse \ + && dpkg --add-architecture i386 \ + && apt-get update \ + && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ + wine wine32 wine64 winbind cabextract ca-certificates wget \ + && rm -rf /var/lib/apt/lists/* + # `gw` launcher: GW is 32-bit, so it needs the 32-bit NVIDIA GL libs (mounted + # at /usr/lib/i386-linux-gnu/nvidia by the service) on the loader path, and + # VirtualGL (EGL backend) to render on the M2000. Without this GW falls back + # to llvmpipe (software) and pegs ~18 CPU cores at <20 fps. + RUN printf '#!/bin/bash\nexport LD_LIBRARY_PATH=/usr/lib/i386-linux-gnu/nvidia\nexport VGL_DISPLAY=egl VGL_FPS=60\ncd "$HOME/.wine/drive_c/Program Files (x86)/Guild Wars/"\nexec vglrun wine Gw.exe "$@"\n' > /usr/local/bin/gw \ + && chmod +x /usr/local/bin/gw + USER 1000 + ''; +in +{ + config = lib.mkIf (config.networking.hostName == "FredOS-Mediaserver") { + + virtualisation.docker.enable = true; + # GPU into the container via CDI (nvidia.com/gpu=all). The CDI spec only + # carries the 64-bit driver libs, so the 32-bit set (for 32-bit Wine/GW) is + # bind-mounted separately below; enable32Bit makes them exist on the host. + hardware.nvidia-container-toolkit.enable = true; + hardware.graphics.enable32Bit = true; + + systemd.tmpfiles.rules = [ + "d /var/lib/selkies 0755 root root -" + # Container user is uid/gid 1000 and must own its home. + "d /var/lib/selkies/home 0755 1000 1000 -" + ]; + + systemd.services.selkies = { + description = "Selkies — Guild Wars in a browser (EGL desktop + Wine + NVENC)"; + after = [ "docker.service" "network-online.target" ]; + requires = [ "docker.service" ]; + wants = [ "network-online.target" ]; + wantedBy = [ "multi-user.target" ]; + + startLimitIntervalSec = 600; + startLimitBurst = 3; + + serviceConfig = { + Restart = "on-failure"; + RestartSec = "30s"; + TimeoutStartSec = "3600"; + ExecStartPre = [ + "-${pkgs.docker}/bin/docker rm -f selkies" + "${pkgs.writeShellScript "selkies-build" '' + exec ${pkgs.docker}/bin/docker build -t selkies-gw:local - < ${dockerfile} + ''}" + ]; + ExecStart = pkgs.writeShellScript "selkies-run" '' + exec ${pkgs.docker}/bin/docker run --rm --name selkies \ + --device=nvidia.com/gpu=all \ + -e NVIDIA_VISIBLE_DEVICES=all \ + -e NVIDIA_DRIVER_CAPABILITIES=all \ + --shm-size=2g \ + -p 127.0.0.1:8093:8080 \ + -p 3478:3478 -p 3478:3478/udp \ + -p 65532-65535:65532-65535/udp \ + -e TZ=Europe/Stockholm \ + -e DISPLAY_SIZEW=1280 -e DISPLAY_SIZEH=720 \ + -e DISPLAY_REFRESH=60 -e DISPLAY_DPI=96 -e DISPLAY_CDEPTH=24 \ + -e PASSWD=selkies \ + -e SELKIES_ENCODER=nvh264enc \ + -e SELKIES_VIDEO_BITRATE=8000 \ + -e SELKIES_FRAMERATE=60 \ + -e SELKIES_ENABLE_BASIC_AUTH=false \ + -e SELKIES_TURN_HOST=10.0.0.1 \ + -e SELKIES_TURN_PROTOCOL=udp \ + -e SELKIES_TURN_PORT=3478 \ + -e TURN_MIN_PORT=65532 -e TURN_MAX_PORT=65535 \ + -v ${config.hardware.nvidia.package.lib32}/lib:/usr/lib/i386-linux-gnu/nvidia:ro \ + -v /var/lib/selkies/home:/home/ubuntu \ + selkies-gw:local + ''; + ExecStop = "${pkgs.docker}/bin/docker stop selkies"; + }; + }; + }; +} diff --git a/services/service-health.nix b/services/service-health.nix new file mode 100644 index 0000000..58335d5 --- /dev/null +++ b/services/service-health.nix @@ -0,0 +1,77 @@ +# services/service-health.nix — ntfy alert when a watched systemd unit fails, +# and again when it recovers. Replaces the noisy per-ban CrowdSec pushes +# (silenced in services/crowdsec.nix); both share the /var/secrets/ntfy-url topic. +# +# Detection is event-driven: each watched unit gets OnFailure=notify-failure@%n. +# OnFailure fires only once a unit truly enters "failed" state — i.e. after it +# has exhausted its Restart= attempts — so transient restarts stay silent and +# you're only paged when a service has genuinely given up. The handler sends a +# "down" push, then waits for the unit to come back and sends "recovered". +# +# Requires /var/secrets/ntfy-url (the same topic file CrowdSec used): +# echo 'https://ntfy.sh/your-topic' | sudo tee /var/secrets/ntfy-url +# sudo chmod 600 /var/secrets/ntfy-url +{ config, lib, pkgs, ... }: +let + # Core media + infra units to page on. All verified to exist on the box; + # adding a name that isn't a real unit would create a stray stub service. + watched = [ + "jellyfin" "sonarr" "radarr" "prowlarr" "bazarr" + "qbittorrent-nox" "sabnzbd" "authelia-main" "nginx" + "adguardhome" "crowdsec" "go2rtc" + "homepage-dashboard" "cloudflare-dyndns" "gitea-runner-default" + ]; + + # Reads the topic at runtime (pure flake eval can't see /var/secrets). + # $1 = the failed unit's full name, e.g. "jellyfin.service". + notify = pkgs.writeShellScript "service-health-notify" '' + set -uo pipefail + unit="$1" + name="''${unit%.service}" + host="${config.networking.hostName}" + secret=/var/secrets/ntfy-url + if [ ! -f "$secret" ]; then + echo "service-health: $secret missing; cannot notify" >&2 + exit 0 + fi + url=$(${pkgs.coreutils}/bin/tr -d '\n' < "$secret") + + post() { # title priority tags body + ${pkgs.curl}/bin/curl -fsS --max-time 10 \ + -H "Title: $1" -H "Priority: $2" -H "Tags: $3" \ + -d "$4" "$url" >/dev/null 2>&1 || true + } + + post "Service down" high rotating_light "$name failed on $host" + + # Wait for recovery: up to 2h, polling every 20s. + for _ in $(${pkgs.coreutils}/bin/seq 1 360); do + ${pkgs.coreutils}/bin/sleep 20 + if ${pkgs.systemd}/bin/systemctl is-active --quiet "$unit"; then + post "Service recovered" default white_check_mark "$name is running again on $host" + exit 0 + fi + done + ''; +in +{ + config = lib.mkIf (config.networking.hostName == "FredOS-Mediaserver") { + + systemd.services = lib.mkMerge [ + # Templated handler: %i is the failed unit's full name (jellyfin.service). + { + "notify-failure@" = { + description = "ntfy alert: %i failed"; + serviceConfig = { + Type = "simple"; + ExecStart = "${notify} %i"; + }; + }; + } + # Wire OnFailure onto each watched unit (merges with its existing config). + (lib.genAttrs watched (_: { + unitConfig.OnFailure = [ "notify-failure@%n.service" ]; + })) + ]; + }; +} diff --git a/settings/hyprland.nix b/settings/hyprland.nix index 74a4287..a6b608a 100644 --- a/settings/hyprland.nix +++ b/settings/hyprland.nix @@ -227,12 +227,32 @@ in hl.animation({ leaf = "workspaces", enabled = true, speed = 1, bezier = "snap" }) -- Window rules + -- Don't lock/idle while any window is fullscreen (video, games). + hl.window_rule({ + match = { class = ".*" }, + idle_inhibit = "fullscreen", + }) + -- Battle.net tray icon leaks as a tiny floating XWayland window. hl.window_rule({ match = { class = "steam_app_0", title = "^$", float = true }, workspace = "special silent", }) + -- Tiny Terraces opens floating by default; force it to tile. + hl.window_rule({ + match = { class = "steam_app_3136330" }, + tile = true, + }) + + -- Battle.net (a non-Steam shortcut, so class steam_app_0) spams + -- window-activation events that clear quickshell's focus grab and + -- instantly close the launcher / power menu. Drop those events. + hl.window_rule({ + match = { class = "steam_app_0" }, + suppress_event = "activate activatefocus", + }) + -- Binds local mod = "SUPER" @@ -275,8 +295,10 @@ in end -- Screenshots — Shift+Super+S matches GNOME binding - hl.bind(mod .. " + SHIFT + S", hl.dsp.exec_cmd("hyprshot -m region --clipboard-only")) - hl.bind("Print", hl.dsp.exec_cmd("hyprshot -m output --clipboard-only")) + -- Pin/unpin quickshell's focus grab around the region select so an + -- open menu survives slurp's input grab (no-ops if qs isn't up). + hl.bind(mod .. " + SHIFT + S", hl.dsp.exec_cmd("sh -c 'qs ipc call screenshot pin; hyprshot -m region; qs ipc call screenshot unpin'")) + hl.bind("Print", hl.dsp.exec_cmd("hyprshot -m output")) -- Settings shortcut — Super+I matches GNOME binding hl.bind(mod .. " + I", hl.dsp.exec_cmd("pavucontrol")) @@ -356,31 +378,38 @@ in }; }; - services.hypridle = lib.mkIf isMacbook { - enable = true; - settings = { - general = { - lock_cmd = "pidof hyprlock || hyprlock"; - before_sleep_cmd = "loginctl lock-session"; - after_sleep_cmd = "hyprctl dispatch dpms on"; + services.hypridle = lib.mkIf isMacbook ( + let + # Skip the action if any MPRIS player is playing — covers windowed + # video (Jellyfin in a browser, mpv, …) that the fullscreen + # idle_inhibit rule misses. Browsers expose MPRIS via playerctl. + unlessPlaying = cmd: "playerctl -a status 2>/dev/null | grep -q Playing || ${cmd}"; + in { + enable = true; + settings = { + general = { + lock_cmd = "pidof hyprlock || hyprlock"; + before_sleep_cmd = "loginctl lock-session"; + after_sleep_cmd = "hyprctl dispatch dpms on"; + }; + listener = [ + { + timeout = 300; # 5 min — lock + on-timeout = unlessPlaying "loginctl lock-session"; + } + { + timeout = 420; # 7 min — display off + on-timeout = unlessPlaying "hyprctl dispatch dpms off"; + on-resume = "hyprctl dispatch dpms on"; + } + { + timeout = 600; # 10 min — suspend + on-timeout = unlessPlaying "systemctl suspend"; + } + ]; }; - listener = [ - { - timeout = 300; # 5 min — lock - on-timeout = "loginctl lock-session"; - } - { - timeout = 420; # 7 min — display off - on-timeout = "hyprctl dispatch dpms off"; - on-resume = "hyprctl dispatch dpms on"; - } - { - timeout = 600; # 10 min — suspend - on-timeout = "systemctl suspend"; - } - ]; - }; - }; + } + ); # Scope all HM Wayland services (hyprpaper, etc.) to the # Hyprland session so they don't crash-loop in a GNOME session. diff --git a/settings/quickshell.nix b/settings/quickshell.nix index 77844c6..7c98ea1 100644 --- a/settings/quickshell.nix +++ b/settings/quickshell.nix @@ -153,15 +153,19 @@ in readonly property color base03: "#${c.base03}" readonly property color base04: "#${c.base04}" readonly property color base05: "#${c.base05}" - readonly property color base06: "#${c.base06}" - readonly property color base07: "#${c.base07}" readonly property color base08: "#${c.base08}" readonly property color base0A: "#${c.base0A}" readonly property color base0B: "#${c.base0B}" readonly property color base0C: "#${c.base0C}" readonly property color base0D: "#${c.base0D}" readonly property color barBg: "#B3${c.base00}" - readonly property color toastBg: "#E6${c.base00}" + // Card surfaces are translucent so the compositor's bar-layer + // blur shows through — a lessened blur over the panel tint. + readonly property color cardBg: "#CC${c.base01}" + // Transparent base02: hover highlights fade to/from this so the + // colour animation stays in-hue instead of dipping through + // transparent *black* (which reads as an extra flash colour). + readonly property color base02t: "#00${c.base02}" readonly property string fontFamily: "${monoFont}" // Ligature-based icon font: text "volume_up" renders the icon readonly property string iconFont: "Material Symbols Rounded" @@ -234,6 +238,16 @@ in function reload(): void { Quickshell.reload(false); } } + // Screenshot pin: the Shift+Super+S keybind brackets hyprshot + // with pin/unpin so the focus grab is suspended while slurp + // grabs input — otherwise the open menu would close like any + // click-outside. Self-heals via a watchdog if unpin is missed. + IpcHandler { + target: "screenshot" + function pin(): void { if (root.mainBar) root.mainBar.setScreenshotPin(true); } + function unpin(): void { if (root.mainBar) root.mainBar.setScreenshotPin(false); } + } + NotificationServer { id: _notifServer bodySupported: true @@ -287,7 +301,7 @@ in // (caelestia's): the grab redirects focus to this window and // OnDemand lets the layer surface accept it. Exclusive fights // the grab — it self-clears and instantly closes the panel. - WlrLayershell.keyboardFocus: sessionMenu.open || launcherPanel.open ? WlrKeyboardFocus.OnDemand : WlrKeyboardFocus.None + WlrLayershell.keyboardFocus: (sessionMenu.open || launcherPanel.open || bar.activeDropdown !== null) && !bar.screenshotPinned ? WlrKeyboardFocus.OnDemand : WlrKeyboardFocus.None anchors { top: true @@ -364,6 +378,38 @@ in font.pixelSize: 16 } + // ── VolIcon: a slider's volume glyph that toggles its audio + // node's mute on click. Glyph reflects the mute state; pair it + // with a fill that greys when `audioNode.muted`. + component VolIcon: SIcon { + property var audioNode: null + text: (audioNode && audioNode.muted) ? "volume_off" : "volume_up" + MouseArea { + anchors.fill: parent + cursorShape: Qt.PointingHandCursor + onClicked: if (audioNode) audioNode.muted = !audioNode.muted + } + } + + // ── HoverRow: a rounded clickable row that owns the shared + // base02 hover-fade + pointer cursor. Drop content inside and + // handle `onClicked`; override `radius` for non-radiusTiny rows. + component HoverRow: Rectangle { + default property alias rowData: _hrContent.data + signal clicked() + radius: Theme.radiusTiny + color: _hrMa.containsMouse ? Theme.base02 : Theme.base02t + Behavior on color { ColorAnimation { duration: Theme.animFade } } + Item { id: _hrContent; anchors.fill: parent } + MouseArea { + id: _hrMa + anchors.fill: parent + hoverEnabled: true + cursorShape: Qt.PointingHandCursor + onClicked: parent.clicked() + } + } + // ── Card: the rounded base01 section surface used by every // dropdown. Children flow into a padded auto-height column, // so callers just set `width` and drop content in. @@ -371,7 +417,7 @@ in default property alias cardData: _cardCol.data property alias cardSpacing: _cardCol.spacing radius: Theme.radius - color: Theme.base01 + color: Theme.cardBg implicitHeight: _cardCol.height + 2 * Theme.cardPad Column { id: _cardCol @@ -420,15 +466,38 @@ in component NotifContent: Column { id: _nc property var notif - property int summarySize: 11 - property int bodySize: 10 - property int bodyLines: 2 - property color chipBg: Theme.base02 - property color chipBgHover: Theme.base03 - property color chipBorder: Theme.base03 + property int summarySize: 12 + property int bodySize: 11 + property int bodyLines: 3 + property color chipBg: Theme.base01 + property color chipBgHover: Theme.base02 + property color chipBorder: Theme.base02 signal actionInvoked() spacing: 2 + // App header: icon + name of the sending app, when known. + Row { + width: parent.width + spacing: 4 + visible: _nc.notif && (_nc.notif.appName !== "" || _appIcon.source != "") + Image { + id: _appIcon + width: 14; height: 14 + sourceSize.width: 14; sourceSize.height: 14 + anchors.verticalCenter: parent.verticalCenter + source: _nc.notif && _nc.notif.appIcon ? Quickshell.iconPath(_nc.notif.appIcon, true) : "" + visible: source != "" + } + SText { + anchors.verticalCenter: parent.verticalCenter + text: _nc.notif ? _nc.notif.appName : "" + color: Theme.base04 + font.pixelSize: 10 + elide: Text.ElideRight + width: parent.width - (_appIcon.visible ? 18 : 0) + } + } + SText { width: parent.width text: _nc.notif ? (_nc.notif.summary || _nc.notif.appName) : "" @@ -444,7 +513,9 @@ in elide: Text.ElideRight maximumLineCount: _nc.bodyLines wrapMode: Text.Wrap - visible: text !== "" + // ponytail: hyprshot's body is a noisy file path; the + // "Screenshot saved" summary + the preview say enough. + visible: text !== "" && !(_nc.notif && _nc.notif.appName === "Hyprshot") } Row { spacing: 4 @@ -558,7 +629,6 @@ in if (open) { selIdx = 0; forceActiveFocus(); - _sessionAutoClose.restart(); } } @@ -570,25 +640,12 @@ in focus: open Keys.onEscapePressed: open = false - Keys.onUpPressed: { selIdx = (selIdx + actions.length - 1) % actions.length; _sessionAutoClose.restart(); } - Keys.onDownPressed: { selIdx = (selIdx + 1) % actions.length; _sessionAutoClose.restart(); } - Keys.onTabPressed: { selIdx = (selIdx + 1) % actions.length; _sessionAutoClose.restart(); } + Keys.onUpPressed: selIdx = (selIdx + actions.length - 1) % actions.length + Keys.onDownPressed: selIdx = (selIdx + 1) % actions.length + Keys.onTabPressed: selIdx = (selIdx + 1) % actions.length Keys.onReturnPressed: activate(actions[selIdx].act) Keys.onEnterPressed: activate(actions[selIdx].act) - Timer { - id: _sessionAutoClose - interval: 2500 - onTriggered: sessionMenu.open = false - } - - HoverHandler { - onHoveredChanged: { - if (hovered) _sessionAutoClose.stop(); - else if (sessionMenu.open) _sessionAutoClose.restart(); - } - } - // Content pinned to the column edge, revealed by the grow Item { anchors.fill: parent @@ -607,7 +664,7 @@ in width: 48 height: sessionCol.height + 8 radius: Theme.radius - color: Theme.base01 + color: Theme.cardBg // Sliding selection pill — same tech as the power // profile selector; glides between the buttons. @@ -637,21 +694,17 @@ in id: sessBtn required property var modelData required property int index - readonly property bool selected: sessionMenu.selIdx === index width: 40 height: 40 SIcon { anchors.centerIn: parent text: sessBtn.modelData.icon - // Calendar palette: base05 icons; red only when - // a destructive action is the armed selection - color: sessBtn.selected && sessBtn.modelData.danger - ? Theme.base08 : Theme.base05 - Behavior on color { ColorAnimation { duration: Theme.animFade } } + // All four buttons share the logout + // setup: base05, FILL on selection. + color: Theme.base05 font.pixelSize: 20 font.weight: 600 - font.variableAxes: { "FILL": sessBtn.selected ? 1.0 : 0.0 } } MouseArea { @@ -677,7 +730,7 @@ in property bool open: false readonly property real panelW: 420 property real targetH: 36 + launcherList.contentHeight - + (launcherList.count > 0 ? 8 : 0) + 24 + + (launcherList.count > 0 ? 8 + 2 * Theme.cardPad : 0) + 24 // Both axes animate: expands from a small point on the // bottom edge (like the top dropdowns' stub seed). property real openH: open ? targetH : 0 @@ -762,10 +815,19 @@ in width: launcherPanel.panelW - 24 spacing: 8 - ListView { - id: launcherList + // Results sit in a base01 card segment, like the + // notification list and the other dropdowns. + Rectangle { width: parent.width - height: contentHeight + height: launcherList.contentHeight + 2 * Theme.cardPad + radius: Theme.radius + color: Theme.cardBg + visible: launcherList.count > 0 + + ListView { + id: launcherList + anchors.fill: parent + anchors.margins: Theme.cardPad interactive: false model: launcherPanel.entries highlight: Rectangle { @@ -816,12 +878,13 @@ in } } } + } Rectangle { width: parent.width height: 36 - radius: Theme.radiusSmall - color: Theme.base01 + radius: Theme.radius + color: Theme.cardBg SIcon { id: searchIcon @@ -868,23 +931,54 @@ in } } - // Click-outside dismissal for the keyboard-grabbing panels + // Click-outside dismissal for every panel — the launcher, + // session menu AND the bar dropdowns. Clicking into another + // window (or anywhere outside the bar) clears the grab and + // closes whatever is open. Suspended while screenshotPinned so + // slurp can grab input without dismissing the menu. HyprlandFocusGrab { - active: sessionMenu.open || launcherPanel.open + active: (sessionMenu.open || launcherPanel.open || bar.activeDropdown !== null) && !bar.screenshotPinned windows: [bar] onCleared: { + if (bar.screenshotPinned) return; sessionMenu.open = false; launcherPanel.open = false; + bar.closeAllDropdowns(); } } property var activeDropdown: null + // Set by the screenshot keybind (via IPC) to hold menus open + // while a region screenshot runs. Watchdog unpins if the + // bracketing unpin call is ever missed. + property bool screenshotPinned: false + Timer { + id: _pinWatchdog + interval: 30000 + onTriggered: bar.screenshotPinned = false + } + function setScreenshotPin(v) { + screenshotPinned = v; + if (v) _pinWatchdog.restart(); else _pinWatchdog.stop(); + } + function closeAllDropdowns() { if (activeDropdown && activeDropdown.visible) { activeDropdown.animateClose(); } } + + // Preview image for a notification: its image hint, else a + // file-path appIcon (e.g. hyprshot's saved shot). "" = none. + function notifPreviewSource(notif) { + if (!notif) return ""; + if (notif.image && notif.image !== "") return notif.image; + let a = notif.appIcon || ""; + if (a.startsWith("file://")) return a; + if (a.startsWith("/")) return "file://" + a; + return ""; + } function toggleDropdown(dd, setupFn) { if (dd.visible && !dd.closing) { dd.animateClose(); @@ -982,7 +1076,6 @@ in onEntered: { if (bar.activeDropdown) { if (bar.activeDropdown !== calPopup) bar.toggleDropdown(calPopup, function() { calPopup.resetView(); }); - else bar.activeDropdown.resetAutoClose(); } } } @@ -1062,7 +1155,6 @@ in onEntered: { if (bar.activeDropdown) { if (bar.activeDropdown !== volDropdown) volWidget.openVolDropdown(); - else bar.activeDropdown.resetAutoClose(); } } } @@ -1229,7 +1321,6 @@ in onEntered: { if (bar.activeDropdown) { if (bar.activeDropdown !== netDropdown) netWidget.openNetDropdown(); - else bar.activeDropdown.resetAutoClose(); } } } @@ -1310,7 +1401,6 @@ in onEntered: { if (bar.activeDropdown) { if (bar.activeDropdown !== batteryDropdown) batteryWidget.openBatteryDropdown(); - else bar.activeDropdown.resetAutoClose(); } } } @@ -1324,12 +1414,6 @@ in height: Theme.barHeight anchors.verticalCenter: parent.verticalCenter - HoverHandler { - onHoveredChanged: { - if (hovered && bar.activeDropdown) bar.activeDropdown.resetAutoClose(); - } - } - Repeater { model: SystemTray.items @@ -1363,7 +1447,6 @@ in acceptedButtons: Qt.NoButton onEntered: { if (bar.activeDropdown) { - bar.activeDropdown.resetAutoClose(); if (modelData.hasMenu && !(bar.activeDropdown === contextMenu && contextMenu.trayItem === modelData)) { if (bar.activeDropdown === contextMenu) { // Same dropdown, just switch content @@ -1371,7 +1454,6 @@ in contextMenu.dropdownX = pos.x; contextMenu.trayItem = modelData; menuOpener.menu = modelData.menu; - contextMenu.resetAutoClose(); } else { bar.toggleDropdown(contextMenu, function() { let pos = parent.mapToItem(bar.contentItem, parent.width / 2, 0); @@ -1415,7 +1497,6 @@ in property real dropdownX: 0 property real fullWidth: 200 property real fullHeight: 200 - property int autoCloseMs: 1500 // Flush-right dropdowns merge into the screen frame's // right column instead of centering on their widget. property bool alignRight: false @@ -1435,14 +1516,9 @@ in bar.activeDropdown = null; chrome.shrinkToButton(dropdown); } - _autoClose.stop(); _closeDelay.start(); } - function resetAutoClose() { - if (visible && !closing) _autoClose.restart(); - } - // Reopen a dropdown that's mid-close: the pending hide // timer must be cancelled, otherwise it fires later and // closes the revived dropdown (and the whole chrome). @@ -1450,7 +1526,6 @@ in _closeDelay.stop(); closing = false; open = true; - _autoClose.restart(); } x: alignRight @@ -1465,33 +1540,18 @@ in if (visible) { closing = false; open = true; - _autoClose.restart(); } else { open = false; closing = false; - _autoClose.stop(); } } - Timer { - id: _autoClose - interval: dropdown.autoCloseMs - onTriggered: bar.closeAllDropdowns() - } - Timer { id: _closeDelay interval: 300 onTriggered: { dropdown.visible = false; dropdown.closing = false; if (bar.activeDropdown === dropdown) bar.activeDropdown = null; } } - HoverHandler { - onHoveredChanged: { - if (hovered) _autoClose.stop(); - else _autoClose.restart(); - } - } - // Content is clipped to the chrome's ANIMATED geometry — // revealed as the panel slides/grows over it and wiped as // the panel leaves, instead of popping in place. The inner @@ -1614,20 +1674,21 @@ in id: menuOpener } - Column { + Card { id: menuItems anchors.centerIn: parent width: 200 + cardSpacing: 0 Repeater { model: menuOpener.children Rectangle { required property var modelData - width: 200 + width: parent.width height: modelData.isSeparator ? 9 : 28 color: !modelData.isSeparator && itemMouse.containsMouse && modelData.enabled - ? Theme.base02 : "transparent" + ? Theme.base02 : Theme.base02t Behavior on color { ColorAnimation { duration: Theme.animFade } } radius: modelData.isSeparator ? 0 : 4 @@ -1688,7 +1749,6 @@ in alignRight: true fullWidth: volDropdownCol.width + 28 fullHeight: volDropdownCol.height + 20 - autoCloseMs: 3000 Column { id: volDropdownCol @@ -1702,7 +1762,7 @@ in Row { spacing: 6 - SIcon { anchors.verticalCenter: parent.verticalCenter; text: "volume_up" } + VolIcon { anchors.verticalCenter: parent.verticalCenter; audioNode: volWidget.sink ? volWidget.sink.audio : null } SText { anchors.verticalCenter: parent.verticalCenter text: "Master" @@ -1733,12 +1793,13 @@ in } // Mute button - Rectangle { + HoverRow { width: parent.width height: 28 - color: masterMuteMa.containsMouse ? Theme.base02 : "transparent" - Behavior on color { ColorAnimation { duration: Theme.animFade } } - radius: Theme.radiusTiny + onClicked: { + if (volWidget.sink && volWidget.sink.audio) + volWidget.sink.audio.muted = !volWidget.sink.audio.muted; + } Row { anchors.centerIn: parent @@ -1754,16 +1815,6 @@ in font.pixelSize: 12 } } - MouseArea { - id: masterMuteMa - anchors.fill: parent - hoverEnabled: true - cursorShape: Qt.PointingHandCursor - onClicked: { - if (volWidget.sink && volWidget.sink.audio) - volWidget.sink.audio.muted = !volWidget.sink.audio.muted; - } - } } } @@ -1814,8 +1865,16 @@ in width: parent.width spacing: 8 + VolIcon { + anchors.verticalCenter: parent.verticalCenter + width: 18 + color: Theme.base04 + font.pixelSize: 15 + audioNode: modelData.audio + } + PillSlider { - width: parent.width - appVolLabel.width - 8 + width: parent.width - 18 - appVolLabel.width - 16 anchors.verticalCenter: parent.verticalCenter height: 16 trackH: 4 @@ -1881,13 +1940,19 @@ in } } - Rectangle { + HoverRow { visible: netWidget.netState === "connected" width: parent.width height: 28 - color: disconnectMouse.containsMouse ? Theme.base02 : "transparent" - Behavior on color { ColorAnimation { duration: Theme.animFade } } - radius: Theme.radiusTiny + onClicked: { + netDisconnectProc.targetDevice = netWidget.netDevice; + netDisconnectProc.running = true; + netWidget.netState = "disconnected"; + netWidget.netConn = ""; + netWidget.netIcon = "wifi_off"; + bar.closeAllDropdowns(); + netRefreshDelay.start(); + } SText { anchors.centerIn: parent @@ -1895,22 +1960,6 @@ in color: Theme.base08 font.pixelSize: 12 } - - MouseArea { - id: disconnectMouse - anchors.fill: parent - hoverEnabled: true - cursorShape: Qt.PointingHandCursor - onClicked: { - netDisconnectProc.targetDevice = netWidget.netDevice; - netDisconnectProc.running = true; - netWidget.netState = "disconnected"; - netWidget.netConn = ""; - netWidget.netIcon = "wifi_off"; - bar.closeAllDropdowns(); - netRefreshDelay.start(); - } - } } } @@ -1927,13 +1976,18 @@ in Repeater { model: netWidget.wifiNetworks - Rectangle { + HoverRow { required property var modelData width: parent.width height: 32 - color: netItemMouse.containsMouse ? Theme.base02 : "transparent" - Behavior on color { ColorAnimation { duration: Theme.animFade } } - radius: Theme.radiusTiny + onClicked: { + if (!modelData.active) { + wifiConnectProc.targetSsid = modelData.ssid; + wifiConnectProc.running = true; + netRefreshDelay.start(); + } + bar.closeAllDropdowns(); + } Row { anchors.verticalCenter: parent.verticalCenter @@ -1974,20 +2028,6 @@ in } } - MouseArea { - id: netItemMouse - anchors.fill: parent - hoverEnabled: true - cursorShape: Qt.PointingHandCursor - onClicked: { - if (!modelData.active) { - wifiConnectProc.targetSsid = modelData.ssid; - wifiConnectProc.running = true; - netRefreshDelay.start(); - } - bar.closeAllDropdowns(); - } - } } } } @@ -2091,7 +2131,7 @@ in height: 36 radius: Theme.radiusSmall color: profMouse.containsMouse && batteryWidget.powerProfile !== modelData.name - ? Theme.base02 : "transparent" + ? Theme.base02 : Theme.base02t Behavior on color { ColorAnimation { duration: Theme.animFade } } Column { @@ -2141,8 +2181,7 @@ in // ceil: Text metrics give fractional sizes; fractional rect // edges render as soft 2px lines fullWidth: Math.ceil(calRow.width) + 24 - fullHeight: Math.ceil(calRow.height) + 24 - autoCloseMs: 3000 + fullHeight: Math.ceil(calRow.height + 8 + notifCard.height) + 24 // Month being viewed; reset to today when the popup opens // (via the setup function passed to bar.toggleDropdown). @@ -2208,13 +2247,27 @@ in return "thunderstorm"; } - // --- Media: prefer the actively playing MPRIS player --- - property var player: { - let ps = Mpris.players.values; - for (let i = 0; i < ps.length; i++) { - if (ps[i].playbackState === MprisPlaybackState.Playing) return ps[i]; + // --- Media: one card per MPRIS player so Spotify, a + // browser tab, etc. stay separate instead of collapsing + // into a single combined player. --- + property var players: Mpris.players.values.filter( + p => p.trackTitle || p.playbackState === MprisPlaybackState.Playing) + + // Best-effort link from an MPRIS player to its Pipewire + // audio stream (matched by app name), so a card can carry a + // volume slider via the same per-app path as the volume + // widget. null when no stream matches. + function streamFor(player) { + if (!player) return null; + let id = (player.identity || "").toLowerCase(); + let ns = Pipewire.nodes.values; + for (let i = 0; i < ns.length; i++) { + let n = ns[i]; + if (!n.isStream || !n.audio) continue; + let an = (n.properties["application.name"] || "").toLowerCase(); + if (an && (an === id || an.includes(id) || id.includes(an))) return n; } - return ps.length > 0 ? ps[0] : null; + return null; } Row { @@ -2243,24 +2296,16 @@ in width: parent.width height: 28 - Rectangle { + HoverRow { width: 28; height: 28; radius: Theme.radiusSmall anchors.left: parent.left - color: calPrevMa.containsMouse ? Theme.base02 : "transparent" - Behavior on color { ColorAnimation { duration: Theme.animFade } } + onClicked: calPopup.shiftMonth(-1) SIcon { anchors.centerIn: parent text: "chevron_left" color: Theme.base05 font.pixelSize: 18 } - MouseArea { - id: calPrevMa - anchors.fill: parent - hoverEnabled: true - cursorShape: Qt.PointingHandCursor - onClicked: calPopup.shiftMonth(-1) - } } SText { @@ -2276,24 +2321,16 @@ in } } - Rectangle { + HoverRow { width: 28; height: 28; radius: Theme.radiusSmall anchors.right: parent.right - color: calNextMa.containsMouse ? Theme.base02 : "transparent" - Behavior on color { ColorAnimation { duration: Theme.animFade } } + onClicked: calPopup.shiftMonth(1) SIcon { anchors.centerIn: parent text: "chevron_right" color: Theme.base05 font.pixelSize: 18 } - MouseArea { - id: calNextMa - anchors.fill: parent - hoverEnabled: true - cursorShape: Qt.PointingHandCursor - onClicked: calPopup.shiftMonth(1) - } } } @@ -2349,7 +2386,7 @@ in width: parent.width height: weatherRow.height + 16 radius: Theme.radius - color: Theme.base01 + color: Theme.cardBg visible: calPopup.weatherDays.length > 0 Row { @@ -2399,180 +2436,254 @@ in width: 300 spacing: 8 - // Media player card - Rectangle { - width: parent.width - height: 64 - radius: Theme.radius - color: Theme.base01 - visible: calPopup.player !== null + // Media player cards — one per active MPRIS source, + // so Spotify and a browser tab stay separate. + Repeater { + model: calPopup.players - Row { - anchors.fill: parent - anchors.margins: 8 - spacing: 10 + Rectangle { + id: mediaCard + required property var modelData + property var pwNode: calPopup.streamFor(modelData) + width: parent.width + height: mediaCol.height + 16 + radius: Theme.radius + color: Theme.cardBg - Rectangle { - width: 48; height: 48 - radius: Theme.radiusSmall - anchors.verticalCenter: parent.verticalCenter - color: Theme.base02 - clip: true - SIcon { - anchors.centerIn: parent - visible: albumArt.status !== Image.Ready - text: "music_note" - color: Theme.base04 - font.pixelSize: 22 - } - Image { - id: albumArt - anchors.fill: parent - fillMode: Image.PreserveAspectCrop - source: calPopup.player ? calPopup.player.trackArtUrl : "" - } - } + PwObjectTracker { objects: mediaCard.pwNode ? [mediaCard.pwNode] : [] } Column { - width: parent.width - 48 - 10 - 88 - 10 - anchors.verticalCenter: parent.verticalCenter - spacing: 2 - SText { - width: parent.width - text: calPopup.player ? calPopup.player.trackTitle : "" - color: Theme.base05 - font.pixelSize: 12 - font.weight: Font.Medium - elide: Text.ElideRight - } - SText { - width: parent.width - text: calPopup.player ? calPopup.player.trackArtist : "" - color: Theme.base04 - font.pixelSize: 11 - elide: Text.ElideRight - } - } + id: mediaCol + anchors.left: parent.left + anchors.right: parent.right + anchors.top: parent.top + anchors.margins: 8 + spacing: 8 - Row { - anchors.verticalCenter: parent.verticalCenter - spacing: 2 - Repeater { - model: [ - { glyph: "skip_previous", act: "prev" }, - { glyph: calPopup.player && calPopup.player.playbackState === MprisPlaybackState.Playing ? "pause" : "play_arrow", act: "toggle" }, - { glyph: "skip_next", act: "next" } - ] - Rectangle { - id: mediaBtn - required property var modelData - width: 28; height: 28; radius: 14 - color: mediaBtnMa.containsMouse ? Theme.base02 : "transparent" - Behavior on color { ColorAnimation { duration: Theme.animFade } } + // Album art with title + artist to its + // right; controls and volume below. + Row { + width: parent.width + spacing: 12 + + ClippingRectangle { + width: 128; height: 128 + radius: Theme.radiusSmall + anchors.verticalCenter: parent.verticalCenter + color: Theme.base02 SIcon { anchors.centerIn: parent - text: mediaBtn.modelData.glyph - color: Theme.base05 - font.pixelSize: 18 + visible: albumArt.status !== Image.Ready + text: "music_note" + color: Theme.base04 + font.pixelSize: 48 } - MouseArea { - id: mediaBtnMa + Image { + id: albumArt anchors.fill: parent - hoverEnabled: true - cursorShape: Qt.PointingHandCursor - onClicked: { - let p = calPopup.player; - if (!p) return; - if (mediaBtn.modelData.act === "prev") p.previous(); - else if (mediaBtn.modelData.act === "next") p.next(); - else p.togglePlaying(); + fillMode: Image.PreserveAspectCrop + source: mediaCard.modelData.trackArtUrl + } + } + + Column { + width: parent.width - 128 - 12 + anchors.verticalCenter: parent.verticalCenter + spacing: 2 + SText { + width: parent.width + text: mediaCard.modelData.trackTitle + color: Theme.base05 + font.pixelSize: 13 + font.weight: Font.Medium + elide: Text.ElideRight + } + SText { + width: parent.width + text: mediaCard.modelData.trackArtist + color: Theme.base04 + font.pixelSize: 11 + elide: Text.ElideRight + } + } + } + + // Transport controls, centered below. + Item { + width: parent.width + height: 36 + Row { + anchors.centerIn: parent + spacing: 4 + Repeater { + model: [ + { glyph: "skip_previous", act: "prev" }, + { glyph: mediaCard.modelData.playbackState === MprisPlaybackState.Playing ? "pause" : "play_arrow", act: "toggle" }, + { glyph: "skip_next", act: "next" } + ] + HoverRow { + id: mediaBtn + required property var modelData + width: 36; height: 36; radius: 18 + onClicked: { + let p = mediaCard.modelData; + if (!p) return; + if (mediaBtn.modelData.act === "prev") p.previous(); + else if (mediaBtn.modelData.act === "next") p.next(); + else p.togglePlaying(); + } + SIcon { + anchors.centerIn: parent + text: mediaBtn.modelData.glyph + color: Theme.base05 + font.pixelSize: 24 + } } } } } + + // Per-source volume — same per-app path + // as the volume widget. Shown when the + // player's Pipewire stream is matched. + Row { + width: parent.width + spacing: 8 + visible: mediaCard.pwNode !== null && mediaCard.pwNode.audio !== null + + VolIcon { + anchors.verticalCenter: parent.verticalCenter + width: 18 + color: Theme.base04 + font.pixelSize: 15 + audioNode: mediaCard.pwNode ? mediaCard.pwNode.audio : null + } + + PillSlider { + width: parent.width - 18 - mediaVolLabel.width - 16 + anchors.verticalCenter: parent.verticalCenter + height: 16 + trackH: 4 + value: mediaCard.pwNode && mediaCard.pwNode.audio ? Math.min(1, mediaCard.pwNode.audio.volume) : 0 + fillColor: mediaCard.pwNode && mediaCard.pwNode.audio && mediaCard.pwNode.audio.muted ? Theme.base03 : Theme.base0C + onMoved: (v) => { if (mediaCard.pwNode && mediaCard.pwNode.audio) mediaCard.pwNode.audio.volume = v; } + } + + SText { + id: mediaVolLabel + width: 36 + text: mediaCard.pwNode && mediaCard.pwNode.audio ? Math.round(mediaCard.pwNode.audio.volume * 100) + "%" : "0%" + color: Theme.base04 + font.pixelSize: 10 + horizontalAlignment: Text.AlignRight + anchors.verticalCenter: parent.verticalCenter + } + } } } } - // Notifications card - Card { + } + } + + // ── Notifications: spans both columns, below the panes ── + Card { + id: notifCard + anchors.top: calRow.bottom + anchors.topMargin: 8 + anchors.horizontalCenter: parent.horizontalCenter + width: calRow.width + opacity: calRow.opacity + cardSpacing: 6 + + Item { + width: parent.width + height: 20 + SText { + anchors.left: parent.left + anchors.verticalCenter: parent.verticalCenter + text: "Notifications" + font.weight: Font.Medium + } + SText { + anchors.right: parent.right + anchors.verticalCenter: parent.verticalCenter + text: bar.notifServer.trackedNotifications.values.length > 0 ? "Clear all" : "" + color: Theme.base04 + font.pixelSize: 11 + MouseArea { + anchors.fill: parent + cursorShape: Qt.PointingHandCursor + onClicked: { + let notifs = bar.notifServer.trackedNotifications.values; + for (let i = notifs.length - 1; i >= 0; i--) { + notifs[i].dismiss(); + } + } + } + } + } + + SText { + visible: bar.notifServer.trackedNotifications.values.length === 0 + text: "No notifications" + color: Theme.base03 + font.pixelSize: 11 + anchors.horizontalCenter: parent.horizontalCenter + } + + Repeater { + model: bar.notifServer.trackedNotifications + + Rectangle { + id: notifItem + required property var modelData + readonly property string previewSource: bar.notifPreviewSource(notifItem.modelData) width: parent.width - cardSpacing: 6 + height: Math.max(notifPreview.visible ? 48 : 0, ncBody.height) + 16 + radius: Theme.radiusSmall + color: Theme.base02 - Item { - width: parent.width - height: 20 - - SText { - anchors.left: parent.left - anchors.verticalCenter: parent.verticalCenter - text: "Notifications" - font.weight: Font.Medium - } - - SText { - anchors.right: parent.right - anchors.verticalCenter: parent.verticalCenter - text: bar.notifServer.trackedNotifications.values.length > 0 ? "Clear all" : "" - color: Theme.base04 - font.pixelSize: 11 - MouseArea { - anchors.fill: parent - cursorShape: Qt.PointingHandCursor - onClicked: { - let notifs = bar.notifServer.trackedNotifications.values; - for (let i = notifs.length - 1; i >= 0; i--) { - notifs[i].dismiss(); - } - } - } + // Image preview (album art, screenshot thumb…) + ClippingRectangle { + id: notifPreview + visible: notifItem.previewSource !== "" + anchors.left: parent.left + anchors.top: parent.top + anchors.margins: 8 + width: 48; height: 48 + radius: Theme.radiusTiny + color: Theme.base01 + Image { + anchors.fill: parent + fillMode: Image.PreserveAspectCrop + source: notifItem.previewSource } } - SText { - visible: bar.notifServer.trackedNotifications.values.length === 0 - text: "No notifications" - color: Theme.base03 - font.pixelSize: 11 - anchors.horizontalCenter: parent.horizontalCenter + NotifContent { + id: ncBody + notif: notifItem.modelData + anchors.left: notifPreview.visible ? notifPreview.right : parent.left + anchors.right: dismissBtn.left + anchors.top: parent.top + anchors.margins: 8 } - Repeater { - model: bar.notifServer.trackedNotifications - - Rectangle { - id: notifItem - required property var modelData - width: parent.width - height: ncBody.height + 12 - radius: Theme.radiusSmall - color: Theme.base02 - - NotifContent { - id: ncBody - notif: notifItem.modelData - anchors.left: parent.left - anchors.right: dismissBtn.left - anchors.top: parent.top - anchors.margins: 6 - } - - SIcon { - id: dismissBtn - anchors.right: parent.right - anchors.top: parent.top - anchors.margins: 6 - text: "close" - color: dismissMa.containsMouse ? Theme.base05 : Theme.base03 - font.pixelSize: 14 - MouseArea { - id: dismissMa - anchors.fill: parent - hoverEnabled: true - cursorShape: Qt.PointingHandCursor - onClicked: notifItem.modelData.dismiss() - } - } + SIcon { + id: dismissBtn + anchors.right: parent.right + anchors.top: parent.top + anchors.margins: 8 + text: "close" + color: dismissMa.containsMouse ? Theme.base05 : Theme.base03 + font.pixelSize: 15 + MouseArea { + id: dismissMa + anchors.fill: parent + hoverEnabled: true + cursorShape: Qt.PointingHandCursor + onClicked: notifItem.modelData.dismiss() } } } @@ -2663,43 +2774,69 @@ in anchors.horizontalCenter: parent.horizontalCenter anchors.top: parent.top width: 320 - height: toastItem.toastOpen ? toastCol.height + 16 : 0 + height: toastItem.toastOpen ? toastCard.height + 12 : 0 clip: true Behavior on height { NumberAnimation { duration: Theme.animMorph; easing.type: Easing.OutExpo } } - NotifContent { - id: toastCol - notif: toastItem.currentNotif + // Notification sits in a base02 rounded card, matching + // the calendar list. Inset 6px so the melt panel frames it. + Rectangle { + id: toastCard + anchors.top: parent.top anchors.left: parent.left - anchors.right: toastDismiss.left - anchors.top: parent.top - anchors.margins: 8 - summarySize: 12 - bodySize: 11 - bodyLines: 3 - chipBg: Theme.base01 - chipBgHover: Theme.base02 - chipBorder: Theme.base02 - onActionInvoked: toastItem.dismiss() - } - - SIcon { - id: toastDismiss anchors.right: parent.right - anchors.top: parent.top - anchors.margins: 8 - text: "close" - color: toastDismissMa.containsMouse ? Theme.base05 : Theme.base03 - font.pixelSize: 15 - MouseArea { - id: toastDismissMa - anchors.fill: parent - hoverEnabled: true - cursorShape: Qt.PointingHandCursor - onClicked: { toastItem.currentNotif.dismiss(); toastItem.dismiss(); } + anchors.margins: 6 + height: Math.max(toastPreview.visible ? 48 : 0, toastCol.height) + 16 + radius: Theme.radiusSmall + color: Theme.base02 + + property string previewSource: bar.notifPreviewSource(toastItem.currentNotif) + + // Image preview (screenshot thumb, album art…) + ClippingRectangle { + id: toastPreview + visible: toastCard.previewSource !== "" + anchors.left: parent.left + anchors.top: parent.top + anchors.margins: 8 + width: 48; height: 48 + radius: Theme.radiusTiny + color: Theme.base01 + Image { + anchors.fill: parent + fillMode: Image.PreserveAspectCrop + source: toastCard.previewSource + } + } + + NotifContent { + id: toastCol + notif: toastItem.currentNotif + anchors.left: toastPreview.visible ? toastPreview.right : parent.left + anchors.right: toastDismiss.left + anchors.top: parent.top + anchors.margins: 8 + onActionInvoked: toastItem.dismiss() + } + + SIcon { + id: toastDismiss + anchors.right: parent.right + anchors.top: parent.top + anchors.margins: 8 + text: "close" + color: toastDismissMa.containsMouse ? Theme.base05 : Theme.base03 + font.pixelSize: 15 + MouseArea { + id: toastDismissMa + anchors.fill: parent + hoverEnabled: true + cursorShape: Qt.PointingHandCursor + onClicked: { toastItem.currentNotif.dismiss(); toastItem.dismiss(); } + } } } }