diff --git a/.claude/skills/ponytail/SKILL.md b/.claude/skills/ponytail/SKILL.md
new file mode 100644
index 0000000..0e0d3be
--- /dev/null
+++ b/.claude/skills/ponytail/SKILL.md
@@ -0,0 +1,100 @@
+---
+name: ponytail
+description: >
+ Forces the laziest solution that actually works, simplest, shortest, most
+ minimal. Channels a senior dev who has seen everything: question whether the
+ task needs to exist at all (YAGNI), reach for the standard library before
+ custom code, native platform features before dependencies, one line before
+ fifty. Supports intensity levels: lite, full (default), ultra. Use whenever
+ the user says "ponytail", "be lazy", "lazy mode", "simplest solution",
+ "minimal solution", "yagni", "do less", or "shortest path", and whenever
+ they complain about over-engineering, bloat, boilerplate, or unnecessary
+ dependencies.
+license: MIT
+---
+
+# Ponytail
+
+You are a lazy senior developer. Lazy means efficient, not careless. You have
+seen every over-engineered codebase and been paged at 3am for one. The best
+code is the code never written.
+
+## Persistence
+
+ACTIVE EVERY RESPONSE. No drift back to over-building. Still active if
+unsure. Off only: "stop ponytail" / "normal mode". Default: **full**.
+Switch: `/ponytail lite|full|ultra`.
+
+## The ladder
+
+Stop at the first rung that holds:
+
+1. **Does this need to exist at all?** Speculative need = skip it, say so in one line. (YAGNI)
+2. **Stdlib does it?** Use it.
+3. **Native platform feature covers it?** `` over a picker lib, CSS over JS, DB constraint over app code.
+4. **Already-installed dependency solves it?** Use it. Never add a new one for what a few lines can do.
+5. **Can it be one line?** One line.
+6. **Only then:** the minimum code that works.
+
+The ladder is a reflex, not a research project. Two rungs work → take the
+higher one and move on. The first lazy solution that works is the right one.
+
+## Rules
+
+- No unrequested abstractions: no interface with one implementation, no factory for one product, no config for a value that never changes.
+- No boilerplate, no scaffolding "for later", later can scaffold for itself.
+- Deletion over addition. Boring over clever, clever is what someone decodes at 3am.
+- Fewest files possible. Shortest working diff wins.
+- Complex request? Ship the lazy version and question it in the same response, "Did X; Y covers it. Need full X? Say so." Never stall on an answer you can default.
+- Two stdlib options, same size? Take the one that's correct on edge cases. Lazy means writing less code, not picking the flimsier algorithm.
+- Mark deliberate simplifications with a `ponytail:` comment (`// ponytail: this exists`), simple reads as intent, not ignorance. Shortcut with a known ceiling (global lock, O(n²) scan, naive heuristic)? The comment names the ceiling and the upgrade path: `# ponytail: global lock, per-account locks if throughput matters`.
+
+## Output
+
+Code first. Then at most three short lines: what was skipped, when to add it.
+No essays, no feature tours, no design notes. If the explanation is longer
+than the code, delete the explanation, every paragraph defending a
+simplification is complexity smuggled back in as prose. Explanation the user
+explicitly asked for (a report, a walkthrough, per-phase notes) is not debt,
+give it in full, the rule is only against unrequested prose.
+
+Pattern: `[code] → skipped: [X], add when [Y].`
+
+## Intensity
+
+| Level | What change |
+|-------|------------|
+| **lite** | Build what's asked, but name the lazier alternative in one line. User picks. |
+| **full** | The ladder enforced. Stdlib and native first. Shortest diff, shortest explanation. Default. |
+| **ultra** | YAGNI extremist. Deletion before addition. Ship the one-liner and challenge the rest of the requirement in the same breath. |
+
+Example: "Add a cache for these API responses."
+- lite: "Done, cache added. FYI: `functools.lru_cache` covers this in one line if you'd rather not own a cache class."
+- full: "`@lru_cache(maxsize=1000)` on the fetch function. Skipped custom cache class, add when lru_cache measurably falls short."
+- ultra: "No cache until a profiler says so. When it does: `@lru_cache`. A hand-rolled TTL cache class is a bug farm with a hit rate."
+
+## When NOT to be lazy
+
+Never simplify away: input validation at trust boundaries, error handling
+that prevents data loss, security measures, accessibility basics, anything
+explicitly requested. User insists on the full version → build it, no
+re-arguing.
+
+Hardware is never the ideal on paper: a real clock drifts, a real sensor
+reads off, a PCA9685 runs a few percent fast. Leave the calibration knob, not
+just less code, the physical world needs tuning a minimal model can't see.
+
+Lazy code without its check is unfinished. Non-trivial logic (a branch, a
+loop, a parser, a money/security path) leaves ONE runnable check behind, the
+smallest thing that fails if the logic breaks: an `assert`-based
+`demo()`/`__main__` self-check or one small `test_*.py`. No frameworks, no
+fixtures, no per-function suites unless asked. Trivial one-liners need no
+test, YAGNI applies to tests too.
+
+## Boundaries
+
+Ponytail governs what you build, not how you talk (pair with Caveman for
+terse prose). "stop ponytail" / "normal mode": revert. Level persists until
+changed or session end.
+
+The shortest path to done is the right path.
diff --git a/.mcp.json b/.mcp.json
new file mode 100644
index 0000000..24bc471
--- /dev/null
+++ b/.mcp.json
@@ -0,0 +1,14 @@
+{
+ "mcpServers": {
+ "nixos": {
+ "type": "stdio",
+ "command": "nix",
+ "args": [
+ "run",
+ "github:utensils/mcp-nixos",
+ "--"
+ ],
+ "env": {}
+ }
+ }
+}
\ No newline at end of file
diff --git a/CLAUDE.md b/CLAUDE.md
index 8287bfe..b3dde06 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -27,6 +27,11 @@ That means evaluation is **pure**: config can never read files outside the repo
## Code Evaluation
+Before writing or changing any NixOS / Home Manager option, verify it exists and
+has the expected name and type using the `nixos` MCP server tools (`nix` /
+`nix_versions`, configured in `.mcp.json`). Don't rely on memory for option or
+package names — look them up first to avoid invented attributes that fail at eval.
+
Always validate Nix expressions with `nix eval` before committing. For example:
```bash
diff --git a/common.nix b/common.nix
index 48cb9c8..2d07bff 100644
--- a/common.nix
+++ b/common.nix
@@ -22,7 +22,7 @@
./services/qbittorrent-nox.nix
./services/nginx.nix
./services/go2rtc.nix
- ./services/frigate.nix
+ # ./services/frigate.nix
./services/sonarr.nix
./services/radarr.nix
./services/prowlarr.nix
@@ -37,10 +37,14 @@
./services/adguard.nix
./services/router.nix
./services/crowdsec.nix
+ ./services/service-health.nix
./services/sabnzbd.nix
./services/forgejo-runner.nix
./services/code-server.nix
./services/memos.nix
+ # ./services/neko.nix # superseded by selkies.nix (Neko can't handle GW's mouse grab)
+ ./services/selkies.nix
+ ./services/hardware-health.nix
];
### Make build time quicker
@@ -87,6 +91,12 @@
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
+ # vesktop (multiple hosts) builds with pnpm via fetchPnpmDeps, which nixpkgs
+ # marks insecure (build-time only, hash-pinned FOD — not in PATH). broadcom-sta
+ # is Macbook-only Wi-Fi but allowing it everywhere is harmless (absent on others).
+ nixpkgs.config.allowInsecurePredicate = pkg:
+ lib.any (p: lib.hasPrefix p (lib.getName pkg)) [ "broadcom-sta" "pnpm" ];
+
# Flakes — nixos-rebuild self-enables these, but plain `nix eval` /
# `nix flake check` on the hosts need them too.
nix.settings.experimental-features = [ "nix-command" "flakes" ];
diff --git a/flake.lock b/flake.lock
index 79d501a..bc04e91 100644
--- a/flake.lock
+++ b/flake.lock
@@ -71,11 +71,11 @@
"cachyos-kernel": {
"flake": false,
"locked": {
- "lastModified": 1780413908,
- "narHash": "sha256-T15bnskj20rdc4vJ55bFF2lVCVR8edilWn0hiYR7vVs=",
+ "lastModified": 1781883168,
+ "narHash": "sha256-raAojJGk0aWdscfFn/9ikZ6V5oUuAZcAz5kjAZ2QN3E=",
"owner": "CachyOS",
"repo": "linux-cachyos",
- "rev": "a61f943f5e94b75c5600a2968cb699d0e37945b3",
+ "rev": "daed450e9b1a4fadfef68fb4fa5e2f3391fedb34",
"type": "github"
},
"original": {
@@ -87,11 +87,11 @@
"cachyos-kernel-patches": {
"flake": false,
"locked": {
- "lastModified": 1780462466,
- "narHash": "sha256-t6c7FTqMB0skEz+4tei5v8GEyL4fRDgx24oW3LrnYiE=",
+ "lastModified": 1782242233,
+ "narHash": "sha256-AUwTZq++PBq0qjDVFKqD0AZNNwa0b1RK41bM9XMbkW8=",
"owner": "CachyOS",
"repo": "kernel-patches",
- "rev": "bb41330bd4372672f552beda66712fb70b17f0fa",
+ "rev": "19250dcc39862169961756c733b8a6ba77754c22",
"type": "github"
},
"original": {
@@ -211,11 +211,11 @@
]
},
"locked": {
- "lastModified": 1781319724,
- "narHash": "sha256-ZGuxexEMo4Xv28KJ0dX/m/PHN4oZIOnxHZpNTyrvx4M=",
+ "lastModified": 1782704057,
+ "narHash": "sha256-G1I1gd32F7mp9LAe1DaZ4ZL7NX5gyiKwdCMwro1Vrck=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "8355f0a16b2dbb06a97959a918af5b239bbe05ae",
+ "rev": "868d0a692de703c2de98fab61968e4e310b7c28e",
"type": "github"
},
"original": {
@@ -234,11 +234,11 @@
"nixpkgs": "nixpkgs"
},
"locked": {
- "lastModified": 1780771919,
- "narHash": "sha256-cbace1ZTWYFG0luPL7OFlUxDh/t9lmPj+Isvg9hLN0k=",
+ "lastModified": 1782415778,
+ "narHash": "sha256-Qts73QQA+lADfxWjonL3Q1JcZssVZPsQI38L3qZyS0o=",
"owner": "xddxdd",
"repo": "nix-cachyos-kernel",
- "rev": "3d940a534da0ba6bce60e345ff2c9c7b062087fb",
+ "rev": "1740ec90e7b07730c212a3a1ff5e71af08a5270b",
"type": "github"
},
"original": {
@@ -250,11 +250,11 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1780751787,
- "narHash": "sha256-nWR7F46SyrLvN8Ot39XJDpVCswekGakXlOD4KsTYKW0=",
+ "lastModified": 1782378976,
+ "narHash": "sha256-UqQgBlQATXM3aBvzTRE/1wxHrCdKg5/ePlXfG/7Eqd8=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "00fa9a692bafc08a86061886f888b843bf7fbdb0",
+ "rev": "5df71f3d167f0aad71658608361c1301147b9eb6",
"type": "github"
},
"original": {
@@ -281,11 +281,11 @@
},
"nixpkgs_2": {
"locked": {
- "lastModified": 1780902259,
- "narHash": "sha256-q8yYEC5f1mFlQO9RGna4LTc9QrcvWunX6FYp83munkQ=",
+ "lastModified": 1782691344,
+ "narHash": "sha256-i5nw9BYYsMDAaOC4J+JmTof6b2GhlyH076awYRNrTV8=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "bd0ff2d3eac24699c3664d5966b9ef36f388e2ca",
+ "rev": "1f01958ffb5b3545c96d9ef2f4e24c5e5e1eb846",
"type": "github"
},
"original": {
@@ -297,11 +297,11 @@
},
"nixpkgs_3": {
"locked": {
- "lastModified": 1781074563,
- "narHash": "sha256-md8WlXOlfnIeHeOScMTTHFyf2d6iaTwPl2apR5EQ3P4=",
+ "lastModified": 1782723713,
+ "narHash": "sha256-oPXCU/SSUokcGaJREHibG1CBX3+s/W7orDWQOZDsEeQ=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "9ae611a455b90cf061d8f332b977e387bda8e1ca",
+ "rev": "b5aa0fbd538984f6e3d201be0005b4463d8b09f8",
"type": "github"
},
"original": {
@@ -357,11 +357,11 @@
"nixpkgs": "nixpkgs_3"
},
"locked": {
- "lastModified": 1781246162,
- "narHash": "sha256-fXCugzDNhaoboraH1j5NJRYWxOS+wXkbxlRkny1u4NU=",
+ "lastModified": 1782797297,
+ "narHash": "sha256-mscJSstGLRHQ4shBSQOtsElODg+mnRPBDlsA3Mi2A50=",
"owner": "powerofthe69",
"repo": "proton-cachyos-nix",
- "rev": "12843d42325e2497e53338224b546b98cf22f8fd",
+ "rev": "5cf94db45bd823e8a432ba8aae9745a43f32d24d",
"type": "github"
},
"original": {
@@ -398,11 +398,11 @@
"tinted-zed": "tinted-zed"
},
"locked": {
- "lastModified": 1780702455,
- "narHash": "sha256-+srjPGNy67nKytYwdlepycL51IG6S34sS4MKRZXK8G0=",
+ "lastModified": 1782770679,
+ "narHash": "sha256-+8RpmHKn5n2tYmoRCwiKJ6PeU85q15qnXzGQ2WGMn9Q=",
"owner": "nix-community",
"repo": "stylix",
- "rev": "54fa19702f4f2c7f6a981a92850678933588af9a",
+ "rev": "3ed763829fc06d32cab3c1f31672379a1f53450e",
"type": "github"
},
"original": {
@@ -501,11 +501,11 @@
]
},
"locked": {
- "lastModified": 1781173532,
- "narHash": "sha256-MwnZpL82aQO1I15JH525vz6REI/OULEAmXDp6cIcgNg=",
+ "lastModified": 1782812215,
+ "narHash": "sha256-OPVK9WW9QsO2aj1R+Ln3p7fniFj5h441vb3LyrzpeE4=",
"owner": "0xc000022070",
"repo": "zen-browser-flake",
- "rev": "f13e82162fae68af7716147207fa5f868f5ca381",
+ "rev": "a7c2a9a5e492e0e62072547f7e4c2abf138425c5",
"type": "github"
},
"original": {
diff --git a/hosts/hardware/FredOS-Macbook.nix b/hosts/hardware/FredOS-Macbook.nix
index bc8e658..39af88d 100644
--- a/hosts/hardware/FredOS-Macbook.nix
+++ b/hosts/hardware/FredOS-Macbook.nix
@@ -34,10 +34,17 @@
hardware.enableRedistributableFirmware = true;
hardware.facetimehd.enable = true;
+ # Pin to the 6.12 LTS kernel: the out-of-tree broadcom_sta (Wi-Fi) and
+ # facetimehd (iSight) modules don't build against linuxPackages_latest
+ # (7.x) — broadcom-sta's wl_cfg80211 ops no longer match the cfg80211 API.
+ # 6.12 LTS is the newest kernel both modules compile against. Overrides
+ # common.nix's linuxPackages_latest.
+ boot.kernelPackages = lib.mkForce pkgs.linuxPackages_6_12;
+
# wait_prepare/wait_finish were removed from struct vb2_ops in Linux 6.8
nixpkgs.overlays = [
(final: prev: {
- linuxPackages_latest = prev.linuxPackages_latest.extend (lpFinal: lpPrev: {
+ linuxPackages_6_12 = prev.linuxPackages_6_12.extend (lpFinal: lpPrev: {
facetimehd = lpPrev.facetimehd.overrideAttrs (old: {
postPatch = (old.postPatch or "") + ''
sed -i '/\.wait_prepare[[:space:]]*=.*vb2_ops_wait_prepare/d' fthd_v4l2.c
@@ -48,8 +55,7 @@
})
];
- nixpkgs.config.allowInsecurePredicate = pkg:
- (lib.hasPrefix "broadcom-sta" (lib.getName pkg));
+ # allowInsecurePredicate (broadcom-sta + pnpm) lives in common.nix now.
services.xserver.deviceSection = lib.mkDefault ''
Option "TearFree" "true"
diff --git a/ports.toml b/ports.toml
index ac7f48d..3cf5547 100644
--- a/ports.toml
+++ b/ports.toml
@@ -45,5 +45,10 @@ name = "7DTD-coop voice/dynamic"
ports = "26911-26912"
protocol = "udp"
+[[forward]]
+name = "Neko WebRTC"
+port = 59000
+protocol = "udp"
+
# DR (Dungeon Runners) forwards removed — services/dr-server.nix is disabled.
# Re-add 2110 tcp, 2603 both, 2604-2605 udp, 2606 tcp if it comes back.
diff --git a/services/arr-interconnect.nix b/services/arr-interconnect.nix
index 66440df..7e8293e 100644
--- a/services/arr-interconnect.nix
+++ b/services/arr-interconnect.nix
@@ -2,7 +2,7 @@
let
interconnectScript = pkgs.writeShellScript "arr-interconnect" ''
set -euo pipefail
- PATH="${lib.makeBinPath [ pkgs.curl pkgs.jq pkgs.gnused pkgs.gnugrep pkgs.coreutils pkgs.systemd ]}:$PATH"
+ PATH="${lib.makeBinPath [ pkgs.curl pkgs.jq pkgs.gnused pkgs.gnugrep pkgs.coreutils pkgs.systemd pkgs.sqlite ]}:$PATH"
BASE="http://127.0.0.1"
@@ -30,6 +30,14 @@ let
SABNZBD_KEY=$(grep -oP '^api_key\s*=\s*\K\S+' /var/lib/sabnzbd/sabnzbd.ini | head -n1 || true)
fi
+ # Jellyfin has no config.xml api key; any AccessToken in its db works as
+ # an API key. Reuse the first one (create one in the Jellyfin UI once if
+ # the table is empty — same first-run caveat as SAB above).
+ JELLYFIN_KEY=""
+ if [ -f "/var/lib/jellyfin/data/jellyfin.db" ]; then
+ JELLYFIN_KEY=$(sqlite3 /var/lib/jellyfin/data/jellyfin.db "SELECT AccessToken FROM ApiKeys LIMIT 1;" 2>/dev/null || true)
+ fi
+
# --- Helpers ---
wait_for() {
local name="$1" url="$2" key="$3"
@@ -341,6 +349,79 @@ let
fi
fi
+ ##########################################################################
+ # Sonarr → Jellyfin (refresh library on import so new shows appear
+ # without waiting for Jellyfin's flaky filesystem watcher / full scan)
+ ##########################################################################
+ if [ -n "$SONARR_KEY" ] && [ -n "$JELLYFIN_KEY" ]; then
+ if ! exists_by_name "$BASE:8989/api/v3/notification" "$SONARR_KEY" "Jellyfin"; then
+ echo "Adding Jellyfin notification to Sonarr..."
+ curl -sf -X POST \
+ -H "Content-Type: application/json" \
+ -H "X-Api-Key: $SONARR_KEY" \
+ "$BASE:8989/api/v3/notification" \
+ -d "$(jq -n --arg key "$JELLYFIN_KEY" '{
+ name: "Jellyfin",
+ implementation: "MediaBrowser",
+ configContract: "MediaBrowserSettings",
+ implementationName: "Emby / Jellyfin",
+ onDownload: true,
+ onUpgrade: true,
+ onRename: true,
+ onSeriesDelete: true,
+ onEpisodeFileDelete: true,
+ onEpisodeFileDeleteForUpgrade: true,
+ fields: [
+ {name: "host", value: "localhost"},
+ {name: "port", value: 8096},
+ {name: "useSsl", value: false},
+ {name: "apiKey", value: $key},
+ {name: "notify", value: false},
+ {name: "updateLibrary", value: true}
+ ],
+ tags: []
+ }')" > /dev/null && echo " done" || echo " failed"
+ else
+ echo "Sonarr → Jellyfin already configured"
+ fi
+ fi
+
+ ##########################################################################
+ # Radarr → Jellyfin (refresh library on import)
+ ##########################################################################
+ if [ -n "$RADARR_KEY" ] && [ -n "$JELLYFIN_KEY" ]; then
+ if ! exists_by_name "$BASE:7878/api/v3/notification" "$RADARR_KEY" "Jellyfin"; then
+ echo "Adding Jellyfin notification to Radarr..."
+ curl -sf -X POST \
+ -H "Content-Type: application/json" \
+ -H "X-Api-Key: $RADARR_KEY" \
+ "$BASE:7878/api/v3/notification" \
+ -d "$(jq -n --arg key "$JELLYFIN_KEY" '{
+ name: "Jellyfin",
+ implementation: "MediaBrowser",
+ configContract: "MediaBrowserSettings",
+ implementationName: "Emby / Jellyfin",
+ onDownload: true,
+ onUpgrade: true,
+ onRename: true,
+ onMovieDelete: true,
+ onMovieFileDelete: true,
+ onMovieFileDeleteForUpgrade: true,
+ fields: [
+ {name: "host", value: "localhost"},
+ {name: "port", value: 8096},
+ {name: "useSsl", value: false},
+ {name: "apiKey", value: $key},
+ {name: "notify", value: false},
+ {name: "updateLibrary", value: true}
+ ],
+ tags: []
+ }')" > /dev/null && echo " done" || echo " failed"
+ else
+ echo "Radarr → Jellyfin already configured"
+ fi
+ fi
+
##########################################################################
# Prowlarr auth — trust localhost so Authelia is the only gate. Other
# *arr apps default to this; Prowlarr does not.
diff --git a/services/authelia.nix b/services/authelia.nix
index 0d3f0f7..92b0e0d 100644
--- a/services/authelia.nix
+++ b/services/authelia.nix
@@ -41,6 +41,7 @@
{ domain = "sabnzbd.nordhammer.it"; policy = "one_factor"; }
{ domain = "code.nordhammer.it"; policy = "one_factor"; }
{ domain = "notes.nordhammer.it"; policy = "one_factor"; }
+ { domain = "selkies.nordhammer.it"; policy = "one_factor"; }
];
};
diff --git a/services/crowdsec.nix b/services/crowdsec.nix
index 355f9d9..d35905c 100644
--- a/services/crowdsec.nix
+++ b/services/crowdsec.nix
@@ -9,37 +9,10 @@
# 2. Delete ../modules/crowdsec/ and the disabledModules + imports lines below
# 3. The settings/option API is the same as the PR's, so config below is forward-compatible
#
-# Before first deploy, create /var/secrets/ntfy-url with your topic URL:
-# echo 'https://ntfy.sh/nordhammer-' | sudo tee /var/secrets/ntfy-url
-# sudo chmod 600 /var/secrets/ntfy-url
+# CrowdSec bans silently — no ntfy pushes (they were constant noise).
+# The /var/secrets/ntfy-url topic is used by services/service-health.nix instead.
{ config, lib, pkgs, ... }:
let
- # The real URL is injected at service start (see ExecStartPre below) —
- # eval-time builtins.readFile can't see /var/secrets under pure flake
- # evaluation, which is how the `update` alias builds.
- ntfyUrlPlaceholder = "@NTFY_URL@";
-
- # The module renders settings.notifications into /etc/crowdsec/notifications/
- # as a symlink into /etc/static (the store). Re-render it from the static
- # source with the secret substituted on every service start; nixos-rebuild
- # restores the symlink on activation, so this never goes stale.
- injectNtfyUrl = pkgs.writeShellScript "crowdsec-inject-ntfy-url" ''
- set -euo pipefail
- src=/etc/static/crowdsec/notifications/0-nixos-generated.yaml
- dst=/etc/crowdsec/notifications/0-nixos-generated.yaml
- secret=/var/secrets/ntfy-url
- if [ ! -f "$secret" ]; then
- echo "WARNING: $secret not found; ntfy notifications will not work" >&2
- exit 0
- fi
- url=$(${pkgs.coreutils}/bin/tr -d '\n' < "$secret")
- tmp=$(${pkgs.coreutils}/bin/mktemp "$dst.XXXXXX")
- ${pkgs.gnused}/bin/sed "s|${ntfyUrlPlaceholder}|$url|g" "$src" > "$tmp"
- ${pkgs.coreutils}/bin/chmod 600 "$tmp"
- ${pkgs.coreutils}/bin/chown crowdsec:crowdsec "$tmp"
- ${pkgs.coreutils}/bin/mv "$tmp" "$dst"
- '';
-
# nixpkgs only builds the agent + cscli; the new module also expects
# notification plugins at $out/libexec/crowdsec/plugins/. Compile them
# from the same source tree (cmd/notification-*) and move them there.
@@ -142,52 +115,27 @@ in
}
];
- # Push notifications via ntfy.sh
- notifications = [
- {
- name = "ntfy_http";
- type = "http";
- log_level = "info";
- url = ntfyUrlPlaceholder;
- method = "POST";
- headers = {
- Title = "CrowdSec alert";
- Priority = "high";
- Tags = "rotating_light";
- };
- format = ''
- {{range . -}}
- {{.Scenario}} from {{.Source.IP}} ({{.Source.Cn}}) — {{len .Decisions}} decision(s) taken
- {{end -}}
- '';
- }
- ];
-
- # Override default profiles to attach the ntfy notifier
+ # Profiles set ban duration to 4h. No ntfy notifications: a push per
+ # ban was constant noise on a WAN-exposed box. ntfy is now reserved
+ # for service-down alerts (see services/service-health.nix); CrowdSec
+ # still bans silently.
profiles = [
{
name = "default_ip_remediation";
filters = [ "Alert.Remediation == true && Alert.GetScope() == 'Ip'" ];
decisions = [{ type = "ban"; duration = "4h"; }];
- notifications = [ "ntfy_http" ];
on_success = "break";
}
{
name = "default_range_remediation";
filters = [ "Alert.Remediation == true && Alert.GetScope() == 'Range'" ];
decisions = [{ type = "ban"; duration = "4h"; }];
- notifications = [ "ntfy_http" ];
on_success = "break";
}
];
};
};
- # Inject the ntfy topic URL into the rendered notification config before
- # every start. "+" runs the script with full privileges (it reads the
- # root-owned secret and replaces a root-owned /etc symlink).
- systemd.services.crowdsec.serviceConfig.ExecStartPre = [ "+${injectNtfyUrl}" ];
-
# Firewall bouncer enforces decisions via nftables; auto-registers with LAPI
services.crowdsec-firewall-bouncer = {
enable = true;
diff --git a/services/hardware-health.nix b/services/hardware-health.nix
new file mode 100644
index 0000000..6d2d525
--- /dev/null
+++ b/services/hardware-health.nix
@@ -0,0 +1,35 @@
+# services/hardware-health.nix — RAS error attribution + watchdog auto-recovery
+#
+# Context: Jun 2026 the dual Xeon E5-2697 v3 began throwing a storm of
+# *corrected* Machine Check Exceptions on both sockets (Bank 5 / Bank 20),
+# ~18k events in 36h, eventually hanging the box. Since this host is the
+# router, a hang takes the whole LAN offline until a manual power-cycle.
+#
+# This module:
+# - rasdaemon: decodes every MCE to a specific DIMM/channel/socket and
+# persists a per-component error DB, so a failing part can be named
+# (needed for the seller's warranty claim). Query with `ras-mc-ctl
+# --error-count` and `ras-mc-ctl --summary`.
+# - hardware watchdog: if userspace hangs again, systemd stops petting
+# /dev/watchdog0 and the chipset watchdog reboots the box (~30s),
+# restoring the LAN without physical access.
+
+{ config, lib, pkgs, ... }:
+{
+ config = lib.mkIf (config.networking.hostName == "FredOS-Mediaserver") {
+
+ # Decode + log + persist machine-check / memory errors per component.
+ hardware.rasdaemon.enable = true;
+
+ # ras-mc-ctl on PATH for manual inspection.
+ environment.systemPackages = [ pkgs.rasdaemon ];
+
+ # Hardware watchdog: auto-reboot a hung box instead of a dead LAN.
+ # systemd pets /dev/watchdog0 at half the runtime interval; if it stops
+ # (hang), the chipset resets after RuntimeWatchdogSec.
+ systemd.settings.Manager = {
+ RuntimeWatchdogSec = "30s";
+ RebootWatchdogSec = "10min";
+ };
+ };
+}
diff --git a/services/neko.nix b/services/neko.nix
new file mode 100644
index 0000000..46e04cf
--- /dev/null
+++ b/services/neko.nix
@@ -0,0 +1,92 @@
+# services/neko.nix — Guild Wars (2005) in a browser via Neko
+#
+# Streams an Xfce desktop running the Windows Guild Wars client (under Wine)
+# to a browser tab over WebRTC. Reach it at neko.nordhammer.it (Authelia-gated).
+#
+# Neko's stock images don't ship Wine, and apt installs land in /usr — which is
+# wiped whenever the container is recreated. So we bake Wine into a locally-built
+# image (FROM the upstream nvidia-xfce base) instead of relying on a volume.
+# Guild Wars' own data installs into the persistent /home/neko volume on first run.
+#
+# Rendering is software-only (no GPU): neko doesn't ship a prebuilt NVIDIA Xfce
+# desktop image, and building one from nvidia-base is a big detour for a 2005
+# game. Wine renders via llvmpipe (software OpenGL) and neko encodes via x264 —
+# both are heavily multithreaded and this box has 56 Xeon threads to spare, so
+# Guild Wars is comfortably playable this way.
+{ config, pkgs, lib, ... }:
+let
+ # Wine-enabled image definition. Fed to `docker build` over stdin (see below)
+ # so there's no build context — we have no COPY/ADD, and a Nix-store symlinked
+ # context dir breaks BuildKit's Dockerfile resolution. Pinned to the v3.1
+ # series so the NEKO_MEMBER_*/NEKO_WEBRTC_* env schema below stays valid.
+ dockerfile = pkgs.writeText "neko-gw.Dockerfile" ''
+ FROM ghcr.io/m1k1o/neko/xfce:3.1
+ USER root
+ RUN dpkg --add-architecture i386 \
+ && apt-get update \
+ && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+ wine wine64 wine32 winbind ca-certificates wget \
+ libgl1 libgl1:i386 libglx-mesa0 libglx-mesa0:i386 \
+ libgl1-mesa-dri libgl1-mesa-dri:i386 \
+ && rm -rf /var/lib/apt/lists/*
+ '';
+in
+{
+ config = lib.mkIf (config.networking.hostName == "FredOS-Mediaserver") {
+
+ virtualisation.docker.enable = true;
+
+ systemd.tmpfiles.rules = [
+ "d /var/lib/neko 0755 root root -"
+ # The container's neko user is uid/gid 1000 and must own its home, or the
+ # X server / Xfce can't create ~/.config, ~/.cache, etc. and the desktop
+ # never starts.
+ "d /var/lib/neko/home 0755 1000 1000 -"
+ ];
+
+ systemd.services.neko = {
+ description = "Neko — Guild Wars in a browser (Xfce + Wine + NVIDIA)";
+ after = [ "docker.service" "network-online.target" ];
+ requires = [ "docker.service" ];
+ wants = [ "network-online.target" ];
+ wantedBy = [ "multi-user.target" ];
+
+ # First start pulls a multi-GB base image and runs apt — give it room.
+ # If it fails, back off but don't crash-loop (see 7dtd veth-flood note).
+ startLimitIntervalSec = 600;
+ startLimitBurst = 3;
+
+ serviceConfig = {
+ Restart = "on-failure";
+ RestartSec = "30s";
+ TimeoutStartSec = "3600";
+ ExecStartPre = [
+ "-${pkgs.docker}/bin/docker rm -f neko"
+ "${pkgs.writeShellScript "neko-build" ''
+ exec ${pkgs.docker}/bin/docker build -t neko-gw:local - < ${dockerfile}
+ ''}"
+ ];
+ # Wrapped in a shell script so the ICE-server JSON survives quoting
+ # (systemd's own ExecStart parser would strip the inner double quotes).
+ ExecStart = pkgs.writeShellScript "neko-run" ''
+ exec ${pkgs.docker}/bin/docker run --rm --name neko \
+ --shm-size=1g \
+ -e LIBGL_ALWAYS_SOFTWARE=1 \
+ -p 127.0.0.1:8092:8080 \
+ -p 59000:59000/udp \
+ -e NEKO_DESKTOP_SCREEN=1280x720@30 \
+ -e NEKO_MEMBER_PROVIDER=multiuser \
+ -e NEKO_MEMBER_MULTIUSER_USER_PASSWORD=neko \
+ -e NEKO_MEMBER_MULTIUSER_ADMIN_PASSWORD=neko-admin \
+ -e NEKO_WEBRTC_UDPMUX=59000 \
+ -e NEKO_WEBRTC_NAT1TO1=10.0.0.1 \
+ -e 'NEKO_WEBRTC_ICESERVERS_FRONTEND=[{"urls":["stun:stun.l.google.com:19302"]}]' \
+ -e 'NEKO_WEBRTC_ICESERVERS_BACKEND=[{"urls":["stun:stun.l.google.com:19302"]}]' \
+ -v /var/lib/neko/home:/home/neko \
+ neko-gw:local
+ '';
+ ExecStop = "${pkgs.docker}/bin/docker stop neko";
+ };
+ };
+ };
+}
diff --git a/services/nginx.nix b/services/nginx.nix
index c340533..ac98d9e 100644
--- a/services/nginx.nix
+++ b/services/nginx.nix
@@ -123,6 +123,7 @@ in
'';
};
"notes.nordhammer.it" = protectedProxy 5230;
+ "selkies.nordhammer.it" = protectedProxy 8093;
# --- Local-only: serves update history JSON to Homepage's customapi widget ---
"homepage-updates.local" = {
diff --git a/services/selkies.nix b/services/selkies.nix
new file mode 100644
index 0000000..b8c8e03
--- /dev/null
+++ b/services/selkies.nix
@@ -0,0 +1,99 @@
+# services/selkies.nix — Guild Wars in a browser via Selkies
+#
+# Replaces the Neko attempt (services/neko.nix, now unimported): Neko's
+# absolute-pointer input model can't handle Guild Wars' exclusive mouse grab.
+# Selkies captures the mouse client-side with the browser Pointer Lock API and
+# sends *relative* movement, so the grab is a non-issue — and it uses the GPU
+# (NVENC + EGL) instead of software rendering.
+#
+# Reach it at selkies.nordhammer.it (Authelia-gated). The Wine prefix with
+# Guild Wars already installed is reused from the old Neko home, seeded into
+# /var/lib/selkies/home/.wine (see the deploy note in the repo).
+{ config, pkgs, lib, ... }:
+let
+ # Selkies' NVIDIA EGL desktop (Ubuntu 24.04) plus Wine for the 32-bit GW
+ # client. Built from stdin (no build context); see neko.nix for the why.
+ dockerfile = pkgs.writeText "selkies-gw.Dockerfile" ''
+ FROM ghcr.io/selkies-project/nvidia-egl-desktop:24.04
+ USER root
+ RUN add-apt-repository -y multiverse \
+ && dpkg --add-architecture i386 \
+ && apt-get update \
+ && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+ wine wine32 wine64 winbind cabextract ca-certificates wget \
+ && rm -rf /var/lib/apt/lists/*
+ # `gw` launcher: GW is 32-bit, so it needs the 32-bit NVIDIA GL libs (mounted
+ # at /usr/lib/i386-linux-gnu/nvidia by the service) on the loader path, and
+ # VirtualGL (EGL backend) to render on the M2000. Without this GW falls back
+ # to llvmpipe (software) and pegs ~18 CPU cores at <20 fps.
+ RUN printf '#!/bin/bash\nexport LD_LIBRARY_PATH=/usr/lib/i386-linux-gnu/nvidia\nexport VGL_DISPLAY=egl VGL_FPS=60\ncd "$HOME/.wine/drive_c/Program Files (x86)/Guild Wars/"\nexec vglrun wine Gw.exe "$@"\n' > /usr/local/bin/gw \
+ && chmod +x /usr/local/bin/gw
+ USER 1000
+ '';
+in
+{
+ config = lib.mkIf (config.networking.hostName == "FredOS-Mediaserver") {
+
+ virtualisation.docker.enable = true;
+ # GPU into the container via CDI (nvidia.com/gpu=all). The CDI spec only
+ # carries the 64-bit driver libs, so the 32-bit set (for 32-bit Wine/GW) is
+ # bind-mounted separately below; enable32Bit makes them exist on the host.
+ hardware.nvidia-container-toolkit.enable = true;
+ hardware.graphics.enable32Bit = true;
+
+ systemd.tmpfiles.rules = [
+ "d /var/lib/selkies 0755 root root -"
+ # Container user is uid/gid 1000 and must own its home.
+ "d /var/lib/selkies/home 0755 1000 1000 -"
+ ];
+
+ systemd.services.selkies = {
+ description = "Selkies — Guild Wars in a browser (EGL desktop + Wine + NVENC)";
+ after = [ "docker.service" "network-online.target" ];
+ requires = [ "docker.service" ];
+ wants = [ "network-online.target" ];
+ wantedBy = [ "multi-user.target" ];
+
+ startLimitIntervalSec = 600;
+ startLimitBurst = 3;
+
+ serviceConfig = {
+ Restart = "on-failure";
+ RestartSec = "30s";
+ TimeoutStartSec = "3600";
+ ExecStartPre = [
+ "-${pkgs.docker}/bin/docker rm -f selkies"
+ "${pkgs.writeShellScript "selkies-build" ''
+ exec ${pkgs.docker}/bin/docker build -t selkies-gw:local - < ${dockerfile}
+ ''}"
+ ];
+ ExecStart = pkgs.writeShellScript "selkies-run" ''
+ exec ${pkgs.docker}/bin/docker run --rm --name selkies \
+ --device=nvidia.com/gpu=all \
+ -e NVIDIA_VISIBLE_DEVICES=all \
+ -e NVIDIA_DRIVER_CAPABILITIES=all \
+ --shm-size=2g \
+ -p 127.0.0.1:8093:8080 \
+ -p 3478:3478 -p 3478:3478/udp \
+ -p 65532-65535:65532-65535/udp \
+ -e TZ=Europe/Stockholm \
+ -e DISPLAY_SIZEW=1280 -e DISPLAY_SIZEH=720 \
+ -e DISPLAY_REFRESH=60 -e DISPLAY_DPI=96 -e DISPLAY_CDEPTH=24 \
+ -e PASSWD=selkies \
+ -e SELKIES_ENCODER=nvh264enc \
+ -e SELKIES_VIDEO_BITRATE=8000 \
+ -e SELKIES_FRAMERATE=60 \
+ -e SELKIES_ENABLE_BASIC_AUTH=false \
+ -e SELKIES_TURN_HOST=10.0.0.1 \
+ -e SELKIES_TURN_PROTOCOL=udp \
+ -e SELKIES_TURN_PORT=3478 \
+ -e TURN_MIN_PORT=65532 -e TURN_MAX_PORT=65535 \
+ -v ${config.hardware.nvidia.package.lib32}/lib:/usr/lib/i386-linux-gnu/nvidia:ro \
+ -v /var/lib/selkies/home:/home/ubuntu \
+ selkies-gw:local
+ '';
+ ExecStop = "${pkgs.docker}/bin/docker stop selkies";
+ };
+ };
+ };
+}
diff --git a/services/service-health.nix b/services/service-health.nix
new file mode 100644
index 0000000..58335d5
--- /dev/null
+++ b/services/service-health.nix
@@ -0,0 +1,77 @@
+# services/service-health.nix — ntfy alert when a watched systemd unit fails,
+# and again when it recovers. Replaces the noisy per-ban CrowdSec pushes
+# (silenced in services/crowdsec.nix); both share the /var/secrets/ntfy-url topic.
+#
+# Detection is event-driven: each watched unit gets OnFailure=notify-failure@%n.
+# OnFailure fires only once a unit truly enters "failed" state — i.e. after it
+# has exhausted its Restart= attempts — so transient restarts stay silent and
+# you're only paged when a service has genuinely given up. The handler sends a
+# "down" push, then waits for the unit to come back and sends "recovered".
+#
+# Requires /var/secrets/ntfy-url (the same topic file CrowdSec used):
+# echo 'https://ntfy.sh/your-topic' | sudo tee /var/secrets/ntfy-url
+# sudo chmod 600 /var/secrets/ntfy-url
+{ config, lib, pkgs, ... }:
+let
+ # Core media + infra units to page on. All verified to exist on the box;
+ # adding a name that isn't a real unit would create a stray stub service.
+ watched = [
+ "jellyfin" "sonarr" "radarr" "prowlarr" "bazarr"
+ "qbittorrent-nox" "sabnzbd" "authelia-main" "nginx"
+ "adguardhome" "crowdsec" "go2rtc"
+ "homepage-dashboard" "cloudflare-dyndns" "gitea-runner-default"
+ ];
+
+ # Reads the topic at runtime (pure flake eval can't see /var/secrets).
+ # $1 = the failed unit's full name, e.g. "jellyfin.service".
+ notify = pkgs.writeShellScript "service-health-notify" ''
+ set -uo pipefail
+ unit="$1"
+ name="''${unit%.service}"
+ host="${config.networking.hostName}"
+ secret=/var/secrets/ntfy-url
+ if [ ! -f "$secret" ]; then
+ echo "service-health: $secret missing; cannot notify" >&2
+ exit 0
+ fi
+ url=$(${pkgs.coreutils}/bin/tr -d '\n' < "$secret")
+
+ post() { # title priority tags body
+ ${pkgs.curl}/bin/curl -fsS --max-time 10 \
+ -H "Title: $1" -H "Priority: $2" -H "Tags: $3" \
+ -d "$4" "$url" >/dev/null 2>&1 || true
+ }
+
+ post "Service down" high rotating_light "$name failed on $host"
+
+ # Wait for recovery: up to 2h, polling every 20s.
+ for _ in $(${pkgs.coreutils}/bin/seq 1 360); do
+ ${pkgs.coreutils}/bin/sleep 20
+ if ${pkgs.systemd}/bin/systemctl is-active --quiet "$unit"; then
+ post "Service recovered" default white_check_mark "$name is running again on $host"
+ exit 0
+ fi
+ done
+ '';
+in
+{
+ config = lib.mkIf (config.networking.hostName == "FredOS-Mediaserver") {
+
+ systemd.services = lib.mkMerge [
+ # Templated handler: %i is the failed unit's full name (jellyfin.service).
+ {
+ "notify-failure@" = {
+ description = "ntfy alert: %i failed";
+ serviceConfig = {
+ Type = "simple";
+ ExecStart = "${notify} %i";
+ };
+ };
+ }
+ # Wire OnFailure onto each watched unit (merges with its existing config).
+ (lib.genAttrs watched (_: {
+ unitConfig.OnFailure = [ "notify-failure@%n.service" ];
+ }))
+ ];
+ };
+}
diff --git a/settings/hyprland.nix b/settings/hyprland.nix
index 74a4287..a6b608a 100644
--- a/settings/hyprland.nix
+++ b/settings/hyprland.nix
@@ -227,12 +227,32 @@ in
hl.animation({ leaf = "workspaces", enabled = true, speed = 1, bezier = "snap" })
-- Window rules
+ -- Don't lock/idle while any window is fullscreen (video, games).
+ hl.window_rule({
+ match = { class = ".*" },
+ idle_inhibit = "fullscreen",
+ })
+
-- Battle.net tray icon leaks as a tiny floating XWayland window.
hl.window_rule({
match = { class = "steam_app_0", title = "^$", float = true },
workspace = "special silent",
})
+ -- Tiny Terraces opens floating by default; force it to tile.
+ hl.window_rule({
+ match = { class = "steam_app_3136330" },
+ tile = true,
+ })
+
+ -- Battle.net (a non-Steam shortcut, so class steam_app_0) spams
+ -- window-activation events that clear quickshell's focus grab and
+ -- instantly close the launcher / power menu. Drop those events.
+ hl.window_rule({
+ match = { class = "steam_app_0" },
+ suppress_event = "activate activatefocus",
+ })
+
-- Binds
local mod = "SUPER"
@@ -275,8 +295,10 @@ in
end
-- Screenshots — Shift+Super+S matches GNOME binding
- hl.bind(mod .. " + SHIFT + S", hl.dsp.exec_cmd("hyprshot -m region --clipboard-only"))
- hl.bind("Print", hl.dsp.exec_cmd("hyprshot -m output --clipboard-only"))
+ -- Pin/unpin quickshell's focus grab around the region select so an
+ -- open menu survives slurp's input grab (no-ops if qs isn't up).
+ hl.bind(mod .. " + SHIFT + S", hl.dsp.exec_cmd("sh -c 'qs ipc call screenshot pin; hyprshot -m region; qs ipc call screenshot unpin'"))
+ hl.bind("Print", hl.dsp.exec_cmd("hyprshot -m output"))
-- Settings shortcut — Super+I matches GNOME binding
hl.bind(mod .. " + I", hl.dsp.exec_cmd("pavucontrol"))
@@ -356,31 +378,38 @@ in
};
};
- services.hypridle = lib.mkIf isMacbook {
- enable = true;
- settings = {
- general = {
- lock_cmd = "pidof hyprlock || hyprlock";
- before_sleep_cmd = "loginctl lock-session";
- after_sleep_cmd = "hyprctl dispatch dpms on";
+ services.hypridle = lib.mkIf isMacbook (
+ let
+ # Skip the action if any MPRIS player is playing — covers windowed
+ # video (Jellyfin in a browser, mpv, …) that the fullscreen
+ # idle_inhibit rule misses. Browsers expose MPRIS via playerctl.
+ unlessPlaying = cmd: "playerctl -a status 2>/dev/null | grep -q Playing || ${cmd}";
+ in {
+ enable = true;
+ settings = {
+ general = {
+ lock_cmd = "pidof hyprlock || hyprlock";
+ before_sleep_cmd = "loginctl lock-session";
+ after_sleep_cmd = "hyprctl dispatch dpms on";
+ };
+ listener = [
+ {
+ timeout = 300; # 5 min — lock
+ on-timeout = unlessPlaying "loginctl lock-session";
+ }
+ {
+ timeout = 420; # 7 min — display off
+ on-timeout = unlessPlaying "hyprctl dispatch dpms off";
+ on-resume = "hyprctl dispatch dpms on";
+ }
+ {
+ timeout = 600; # 10 min — suspend
+ on-timeout = unlessPlaying "systemctl suspend";
+ }
+ ];
};
- listener = [
- {
- timeout = 300; # 5 min — lock
- on-timeout = "loginctl lock-session";
- }
- {
- timeout = 420; # 7 min — display off
- on-timeout = "hyprctl dispatch dpms off";
- on-resume = "hyprctl dispatch dpms on";
- }
- {
- timeout = 600; # 10 min — suspend
- on-timeout = "systemctl suspend";
- }
- ];
- };
- };
+ }
+ );
# Scope all HM Wayland services (hyprpaper, etc.) to the
# Hyprland session so they don't crash-loop in a GNOME session.
diff --git a/settings/quickshell.nix b/settings/quickshell.nix
index 77844c6..7c98ea1 100644
--- a/settings/quickshell.nix
+++ b/settings/quickshell.nix
@@ -153,15 +153,19 @@ in
readonly property color base03: "#${c.base03}"
readonly property color base04: "#${c.base04}"
readonly property color base05: "#${c.base05}"
- readonly property color base06: "#${c.base06}"
- readonly property color base07: "#${c.base07}"
readonly property color base08: "#${c.base08}"
readonly property color base0A: "#${c.base0A}"
readonly property color base0B: "#${c.base0B}"
readonly property color base0C: "#${c.base0C}"
readonly property color base0D: "#${c.base0D}"
readonly property color barBg: "#B3${c.base00}"
- readonly property color toastBg: "#E6${c.base00}"
+ // Card surfaces are translucent so the compositor's bar-layer
+ // blur shows through — a lessened blur over the panel tint.
+ readonly property color cardBg: "#CC${c.base01}"
+ // Transparent base02: hover highlights fade to/from this so the
+ // colour animation stays in-hue instead of dipping through
+ // transparent *black* (which reads as an extra flash colour).
+ readonly property color base02t: "#00${c.base02}"
readonly property string fontFamily: "${monoFont}"
// Ligature-based icon font: text "volume_up" renders the icon
readonly property string iconFont: "Material Symbols Rounded"
@@ -234,6 +238,16 @@ in
function reload(): void { Quickshell.reload(false); }
}
+ // Screenshot pin: the Shift+Super+S keybind brackets hyprshot
+ // with pin/unpin so the focus grab is suspended while slurp
+ // grabs input — otherwise the open menu would close like any
+ // click-outside. Self-heals via a watchdog if unpin is missed.
+ IpcHandler {
+ target: "screenshot"
+ function pin(): void { if (root.mainBar) root.mainBar.setScreenshotPin(true); }
+ function unpin(): void { if (root.mainBar) root.mainBar.setScreenshotPin(false); }
+ }
+
NotificationServer {
id: _notifServer
bodySupported: true
@@ -287,7 +301,7 @@ in
// (caelestia's): the grab redirects focus to this window and
// OnDemand lets the layer surface accept it. Exclusive fights
// the grab — it self-clears and instantly closes the panel.
- WlrLayershell.keyboardFocus: sessionMenu.open || launcherPanel.open ? WlrKeyboardFocus.OnDemand : WlrKeyboardFocus.None
+ WlrLayershell.keyboardFocus: (sessionMenu.open || launcherPanel.open || bar.activeDropdown !== null) && !bar.screenshotPinned ? WlrKeyboardFocus.OnDemand : WlrKeyboardFocus.None
anchors {
top: true
@@ -364,6 +378,38 @@ in
font.pixelSize: 16
}
+ // ── VolIcon: a slider's volume glyph that toggles its audio
+ // node's mute on click. Glyph reflects the mute state; pair it
+ // with a fill that greys when `audioNode.muted`.
+ component VolIcon: SIcon {
+ property var audioNode: null
+ text: (audioNode && audioNode.muted) ? "volume_off" : "volume_up"
+ MouseArea {
+ anchors.fill: parent
+ cursorShape: Qt.PointingHandCursor
+ onClicked: if (audioNode) audioNode.muted = !audioNode.muted
+ }
+ }
+
+ // ── HoverRow: a rounded clickable row that owns the shared
+ // base02 hover-fade + pointer cursor. Drop content inside and
+ // handle `onClicked`; override `radius` for non-radiusTiny rows.
+ component HoverRow: Rectangle {
+ default property alias rowData: _hrContent.data
+ signal clicked()
+ radius: Theme.radiusTiny
+ color: _hrMa.containsMouse ? Theme.base02 : Theme.base02t
+ Behavior on color { ColorAnimation { duration: Theme.animFade } }
+ Item { id: _hrContent; anchors.fill: parent }
+ MouseArea {
+ id: _hrMa
+ anchors.fill: parent
+ hoverEnabled: true
+ cursorShape: Qt.PointingHandCursor
+ onClicked: parent.clicked()
+ }
+ }
+
// ── Card: the rounded base01 section surface used by every
// dropdown. Children flow into a padded auto-height column,
// so callers just set `width` and drop content in.
@@ -371,7 +417,7 @@ in
default property alias cardData: _cardCol.data
property alias cardSpacing: _cardCol.spacing
radius: Theme.radius
- color: Theme.base01
+ color: Theme.cardBg
implicitHeight: _cardCol.height + 2 * Theme.cardPad
Column {
id: _cardCol
@@ -420,15 +466,38 @@ in
component NotifContent: Column {
id: _nc
property var notif
- property int summarySize: 11
- property int bodySize: 10
- property int bodyLines: 2
- property color chipBg: Theme.base02
- property color chipBgHover: Theme.base03
- property color chipBorder: Theme.base03
+ property int summarySize: 12
+ property int bodySize: 11
+ property int bodyLines: 3
+ property color chipBg: Theme.base01
+ property color chipBgHover: Theme.base02
+ property color chipBorder: Theme.base02
signal actionInvoked()
spacing: 2
+ // App header: icon + name of the sending app, when known.
+ Row {
+ width: parent.width
+ spacing: 4
+ visible: _nc.notif && (_nc.notif.appName !== "" || _appIcon.source != "")
+ Image {
+ id: _appIcon
+ width: 14; height: 14
+ sourceSize.width: 14; sourceSize.height: 14
+ anchors.verticalCenter: parent.verticalCenter
+ source: _nc.notif && _nc.notif.appIcon ? Quickshell.iconPath(_nc.notif.appIcon, true) : ""
+ visible: source != ""
+ }
+ SText {
+ anchors.verticalCenter: parent.verticalCenter
+ text: _nc.notif ? _nc.notif.appName : ""
+ color: Theme.base04
+ font.pixelSize: 10
+ elide: Text.ElideRight
+ width: parent.width - (_appIcon.visible ? 18 : 0)
+ }
+ }
+
SText {
width: parent.width
text: _nc.notif ? (_nc.notif.summary || _nc.notif.appName) : ""
@@ -444,7 +513,9 @@ in
elide: Text.ElideRight
maximumLineCount: _nc.bodyLines
wrapMode: Text.Wrap
- visible: text !== ""
+ // ponytail: hyprshot's body is a noisy file path; the
+ // "Screenshot saved" summary + the preview say enough.
+ visible: text !== "" && !(_nc.notif && _nc.notif.appName === "Hyprshot")
}
Row {
spacing: 4
@@ -558,7 +629,6 @@ in
if (open) {
selIdx = 0;
forceActiveFocus();
- _sessionAutoClose.restart();
}
}
@@ -570,25 +640,12 @@ in
focus: open
Keys.onEscapePressed: open = false
- Keys.onUpPressed: { selIdx = (selIdx + actions.length - 1) % actions.length; _sessionAutoClose.restart(); }
- Keys.onDownPressed: { selIdx = (selIdx + 1) % actions.length; _sessionAutoClose.restart(); }
- Keys.onTabPressed: { selIdx = (selIdx + 1) % actions.length; _sessionAutoClose.restart(); }
+ Keys.onUpPressed: selIdx = (selIdx + actions.length - 1) % actions.length
+ Keys.onDownPressed: selIdx = (selIdx + 1) % actions.length
+ Keys.onTabPressed: selIdx = (selIdx + 1) % actions.length
Keys.onReturnPressed: activate(actions[selIdx].act)
Keys.onEnterPressed: activate(actions[selIdx].act)
- Timer {
- id: _sessionAutoClose
- interval: 2500
- onTriggered: sessionMenu.open = false
- }
-
- HoverHandler {
- onHoveredChanged: {
- if (hovered) _sessionAutoClose.stop();
- else if (sessionMenu.open) _sessionAutoClose.restart();
- }
- }
-
// Content pinned to the column edge, revealed by the grow
Item {
anchors.fill: parent
@@ -607,7 +664,7 @@ in
width: 48
height: sessionCol.height + 8
radius: Theme.radius
- color: Theme.base01
+ color: Theme.cardBg
// Sliding selection pill — same tech as the power
// profile selector; glides between the buttons.
@@ -637,21 +694,17 @@ in
id: sessBtn
required property var modelData
required property int index
- readonly property bool selected: sessionMenu.selIdx === index
width: 40
height: 40
SIcon {
anchors.centerIn: parent
text: sessBtn.modelData.icon
- // Calendar palette: base05 icons; red only when
- // a destructive action is the armed selection
- color: sessBtn.selected && sessBtn.modelData.danger
- ? Theme.base08 : Theme.base05
- Behavior on color { ColorAnimation { duration: Theme.animFade } }
+ // All four buttons share the logout
+ // setup: base05, FILL on selection.
+ color: Theme.base05
font.pixelSize: 20
font.weight: 600
- font.variableAxes: { "FILL": sessBtn.selected ? 1.0 : 0.0 }
}
MouseArea {
@@ -677,7 +730,7 @@ in
property bool open: false
readonly property real panelW: 420
property real targetH: 36 + launcherList.contentHeight
- + (launcherList.count > 0 ? 8 : 0) + 24
+ + (launcherList.count > 0 ? 8 + 2 * Theme.cardPad : 0) + 24
// Both axes animate: expands from a small point on the
// bottom edge (like the top dropdowns' stub seed).
property real openH: open ? targetH : 0
@@ -762,10 +815,19 @@ in
width: launcherPanel.panelW - 24
spacing: 8
- ListView {
- id: launcherList
+ // Results sit in a base01 card segment, like the
+ // notification list and the other dropdowns.
+ Rectangle {
width: parent.width
- height: contentHeight
+ height: launcherList.contentHeight + 2 * Theme.cardPad
+ radius: Theme.radius
+ color: Theme.cardBg
+ visible: launcherList.count > 0
+
+ ListView {
+ id: launcherList
+ anchors.fill: parent
+ anchors.margins: Theme.cardPad
interactive: false
model: launcherPanel.entries
highlight: Rectangle {
@@ -816,12 +878,13 @@ in
}
}
}
+ }
Rectangle {
width: parent.width
height: 36
- radius: Theme.radiusSmall
- color: Theme.base01
+ radius: Theme.radius
+ color: Theme.cardBg
SIcon {
id: searchIcon
@@ -868,23 +931,54 @@ in
}
}
- // Click-outside dismissal for the keyboard-grabbing panels
+ // Click-outside dismissal for every panel — the launcher,
+ // session menu AND the bar dropdowns. Clicking into another
+ // window (or anywhere outside the bar) clears the grab and
+ // closes whatever is open. Suspended while screenshotPinned so
+ // slurp can grab input without dismissing the menu.
HyprlandFocusGrab {
- active: sessionMenu.open || launcherPanel.open
+ active: (sessionMenu.open || launcherPanel.open || bar.activeDropdown !== null) && !bar.screenshotPinned
windows: [bar]
onCleared: {
+ if (bar.screenshotPinned) return;
sessionMenu.open = false;
launcherPanel.open = false;
+ bar.closeAllDropdowns();
}
}
property var activeDropdown: null
+ // Set by the screenshot keybind (via IPC) to hold menus open
+ // while a region screenshot runs. Watchdog unpins if the
+ // bracketing unpin call is ever missed.
+ property bool screenshotPinned: false
+ Timer {
+ id: _pinWatchdog
+ interval: 30000
+ onTriggered: bar.screenshotPinned = false
+ }
+ function setScreenshotPin(v) {
+ screenshotPinned = v;
+ if (v) _pinWatchdog.restart(); else _pinWatchdog.stop();
+ }
+
function closeAllDropdowns() {
if (activeDropdown && activeDropdown.visible) {
activeDropdown.animateClose();
}
}
+
+ // Preview image for a notification: its image hint, else a
+ // file-path appIcon (e.g. hyprshot's saved shot). "" = none.
+ function notifPreviewSource(notif) {
+ if (!notif) return "";
+ if (notif.image && notif.image !== "") return notif.image;
+ let a = notif.appIcon || "";
+ if (a.startsWith("file://")) return a;
+ if (a.startsWith("/")) return "file://" + a;
+ return "";
+ }
function toggleDropdown(dd, setupFn) {
if (dd.visible && !dd.closing) {
dd.animateClose();
@@ -982,7 +1076,6 @@ in
onEntered: {
if (bar.activeDropdown) {
if (bar.activeDropdown !== calPopup) bar.toggleDropdown(calPopup, function() { calPopup.resetView(); });
- else bar.activeDropdown.resetAutoClose();
}
}
}
@@ -1062,7 +1155,6 @@ in
onEntered: {
if (bar.activeDropdown) {
if (bar.activeDropdown !== volDropdown) volWidget.openVolDropdown();
- else bar.activeDropdown.resetAutoClose();
}
}
}
@@ -1229,7 +1321,6 @@ in
onEntered: {
if (bar.activeDropdown) {
if (bar.activeDropdown !== netDropdown) netWidget.openNetDropdown();
- else bar.activeDropdown.resetAutoClose();
}
}
}
@@ -1310,7 +1401,6 @@ in
onEntered: {
if (bar.activeDropdown) {
if (bar.activeDropdown !== batteryDropdown) batteryWidget.openBatteryDropdown();
- else bar.activeDropdown.resetAutoClose();
}
}
}
@@ -1324,12 +1414,6 @@ in
height: Theme.barHeight
anchors.verticalCenter: parent.verticalCenter
- HoverHandler {
- onHoveredChanged: {
- if (hovered && bar.activeDropdown) bar.activeDropdown.resetAutoClose();
- }
- }
-
Repeater {
model: SystemTray.items
@@ -1363,7 +1447,6 @@ in
acceptedButtons: Qt.NoButton
onEntered: {
if (bar.activeDropdown) {
- bar.activeDropdown.resetAutoClose();
if (modelData.hasMenu && !(bar.activeDropdown === contextMenu && contextMenu.trayItem === modelData)) {
if (bar.activeDropdown === contextMenu) {
// Same dropdown, just switch content
@@ -1371,7 +1454,6 @@ in
contextMenu.dropdownX = pos.x;
contextMenu.trayItem = modelData;
menuOpener.menu = modelData.menu;
- contextMenu.resetAutoClose();
} else {
bar.toggleDropdown(contextMenu, function() {
let pos = parent.mapToItem(bar.contentItem, parent.width / 2, 0);
@@ -1415,7 +1497,6 @@ in
property real dropdownX: 0
property real fullWidth: 200
property real fullHeight: 200
- property int autoCloseMs: 1500
// Flush-right dropdowns merge into the screen frame's
// right column instead of centering on their widget.
property bool alignRight: false
@@ -1435,14 +1516,9 @@ in
bar.activeDropdown = null;
chrome.shrinkToButton(dropdown);
}
- _autoClose.stop();
_closeDelay.start();
}
- function resetAutoClose() {
- if (visible && !closing) _autoClose.restart();
- }
-
// Reopen a dropdown that's mid-close: the pending hide
// timer must be cancelled, otherwise it fires later and
// closes the revived dropdown (and the whole chrome).
@@ -1450,7 +1526,6 @@ in
_closeDelay.stop();
closing = false;
open = true;
- _autoClose.restart();
}
x: alignRight
@@ -1465,33 +1540,18 @@ in
if (visible) {
closing = false;
open = true;
- _autoClose.restart();
} else {
open = false;
closing = false;
- _autoClose.stop();
}
}
- Timer {
- id: _autoClose
- interval: dropdown.autoCloseMs
- onTriggered: bar.closeAllDropdowns()
- }
-
Timer {
id: _closeDelay
interval: 300
onTriggered: { dropdown.visible = false; dropdown.closing = false; if (bar.activeDropdown === dropdown) bar.activeDropdown = null; }
}
- HoverHandler {
- onHoveredChanged: {
- if (hovered) _autoClose.stop();
- else _autoClose.restart();
- }
- }
-
// Content is clipped to the chrome's ANIMATED geometry —
// revealed as the panel slides/grows over it and wiped as
// the panel leaves, instead of popping in place. The inner
@@ -1614,20 +1674,21 @@ in
id: menuOpener
}
- Column {
+ Card {
id: menuItems
anchors.centerIn: parent
width: 200
+ cardSpacing: 0
Repeater {
model: menuOpener.children
Rectangle {
required property var modelData
- width: 200
+ width: parent.width
height: modelData.isSeparator ? 9 : 28
color: !modelData.isSeparator && itemMouse.containsMouse && modelData.enabled
- ? Theme.base02 : "transparent"
+ ? Theme.base02 : Theme.base02t
Behavior on color { ColorAnimation { duration: Theme.animFade } }
radius: modelData.isSeparator ? 0 : 4
@@ -1688,7 +1749,6 @@ in
alignRight: true
fullWidth: volDropdownCol.width + 28
fullHeight: volDropdownCol.height + 20
- autoCloseMs: 3000
Column {
id: volDropdownCol
@@ -1702,7 +1762,7 @@ in
Row {
spacing: 6
- SIcon { anchors.verticalCenter: parent.verticalCenter; text: "volume_up" }
+ VolIcon { anchors.verticalCenter: parent.verticalCenter; audioNode: volWidget.sink ? volWidget.sink.audio : null }
SText {
anchors.verticalCenter: parent.verticalCenter
text: "Master"
@@ -1733,12 +1793,13 @@ in
}
// Mute button
- Rectangle {
+ HoverRow {
width: parent.width
height: 28
- color: masterMuteMa.containsMouse ? Theme.base02 : "transparent"
- Behavior on color { ColorAnimation { duration: Theme.animFade } }
- radius: Theme.radiusTiny
+ onClicked: {
+ if (volWidget.sink && volWidget.sink.audio)
+ volWidget.sink.audio.muted = !volWidget.sink.audio.muted;
+ }
Row {
anchors.centerIn: parent
@@ -1754,16 +1815,6 @@ in
font.pixelSize: 12
}
}
- MouseArea {
- id: masterMuteMa
- anchors.fill: parent
- hoverEnabled: true
- cursorShape: Qt.PointingHandCursor
- onClicked: {
- if (volWidget.sink && volWidget.sink.audio)
- volWidget.sink.audio.muted = !volWidget.sink.audio.muted;
- }
- }
}
}
@@ -1814,8 +1865,16 @@ in
width: parent.width
spacing: 8
+ VolIcon {
+ anchors.verticalCenter: parent.verticalCenter
+ width: 18
+ color: Theme.base04
+ font.pixelSize: 15
+ audioNode: modelData.audio
+ }
+
PillSlider {
- width: parent.width - appVolLabel.width - 8
+ width: parent.width - 18 - appVolLabel.width - 16
anchors.verticalCenter: parent.verticalCenter
height: 16
trackH: 4
@@ -1881,13 +1940,19 @@ in
}
}
- Rectangle {
+ HoverRow {
visible: netWidget.netState === "connected"
width: parent.width
height: 28
- color: disconnectMouse.containsMouse ? Theme.base02 : "transparent"
- Behavior on color { ColorAnimation { duration: Theme.animFade } }
- radius: Theme.radiusTiny
+ onClicked: {
+ netDisconnectProc.targetDevice = netWidget.netDevice;
+ netDisconnectProc.running = true;
+ netWidget.netState = "disconnected";
+ netWidget.netConn = "";
+ netWidget.netIcon = "wifi_off";
+ bar.closeAllDropdowns();
+ netRefreshDelay.start();
+ }
SText {
anchors.centerIn: parent
@@ -1895,22 +1960,6 @@ in
color: Theme.base08
font.pixelSize: 12
}
-
- MouseArea {
- id: disconnectMouse
- anchors.fill: parent
- hoverEnabled: true
- cursorShape: Qt.PointingHandCursor
- onClicked: {
- netDisconnectProc.targetDevice = netWidget.netDevice;
- netDisconnectProc.running = true;
- netWidget.netState = "disconnected";
- netWidget.netConn = "";
- netWidget.netIcon = "wifi_off";
- bar.closeAllDropdowns();
- netRefreshDelay.start();
- }
- }
}
}
@@ -1927,13 +1976,18 @@ in
Repeater {
model: netWidget.wifiNetworks
- Rectangle {
+ HoverRow {
required property var modelData
width: parent.width
height: 32
- color: netItemMouse.containsMouse ? Theme.base02 : "transparent"
- Behavior on color { ColorAnimation { duration: Theme.animFade } }
- radius: Theme.radiusTiny
+ onClicked: {
+ if (!modelData.active) {
+ wifiConnectProc.targetSsid = modelData.ssid;
+ wifiConnectProc.running = true;
+ netRefreshDelay.start();
+ }
+ bar.closeAllDropdowns();
+ }
Row {
anchors.verticalCenter: parent.verticalCenter
@@ -1974,20 +2028,6 @@ in
}
}
- MouseArea {
- id: netItemMouse
- anchors.fill: parent
- hoverEnabled: true
- cursorShape: Qt.PointingHandCursor
- onClicked: {
- if (!modelData.active) {
- wifiConnectProc.targetSsid = modelData.ssid;
- wifiConnectProc.running = true;
- netRefreshDelay.start();
- }
- bar.closeAllDropdowns();
- }
- }
}
}
}
@@ -2091,7 +2131,7 @@ in
height: 36
radius: Theme.radiusSmall
color: profMouse.containsMouse && batteryWidget.powerProfile !== modelData.name
- ? Theme.base02 : "transparent"
+ ? Theme.base02 : Theme.base02t
Behavior on color { ColorAnimation { duration: Theme.animFade } }
Column {
@@ -2141,8 +2181,7 @@ in
// ceil: Text metrics give fractional sizes; fractional rect
// edges render as soft 2px lines
fullWidth: Math.ceil(calRow.width) + 24
- fullHeight: Math.ceil(calRow.height) + 24
- autoCloseMs: 3000
+ fullHeight: Math.ceil(calRow.height + 8 + notifCard.height) + 24
// Month being viewed; reset to today when the popup opens
// (via the setup function passed to bar.toggleDropdown).
@@ -2208,13 +2247,27 @@ in
return "thunderstorm";
}
- // --- Media: prefer the actively playing MPRIS player ---
- property var player: {
- let ps = Mpris.players.values;
- for (let i = 0; i < ps.length; i++) {
- if (ps[i].playbackState === MprisPlaybackState.Playing) return ps[i];
+ // --- Media: one card per MPRIS player so Spotify, a
+ // browser tab, etc. stay separate instead of collapsing
+ // into a single combined player. ---
+ property var players: Mpris.players.values.filter(
+ p => p.trackTitle || p.playbackState === MprisPlaybackState.Playing)
+
+ // Best-effort link from an MPRIS player to its Pipewire
+ // audio stream (matched by app name), so a card can carry a
+ // volume slider via the same per-app path as the volume
+ // widget. null when no stream matches.
+ function streamFor(player) {
+ if (!player) return null;
+ let id = (player.identity || "").toLowerCase();
+ let ns = Pipewire.nodes.values;
+ for (let i = 0; i < ns.length; i++) {
+ let n = ns[i];
+ if (!n.isStream || !n.audio) continue;
+ let an = (n.properties["application.name"] || "").toLowerCase();
+ if (an && (an === id || an.includes(id) || id.includes(an))) return n;
}
- return ps.length > 0 ? ps[0] : null;
+ return null;
}
Row {
@@ -2243,24 +2296,16 @@ in
width: parent.width
height: 28
- Rectangle {
+ HoverRow {
width: 28; height: 28; radius: Theme.radiusSmall
anchors.left: parent.left
- color: calPrevMa.containsMouse ? Theme.base02 : "transparent"
- Behavior on color { ColorAnimation { duration: Theme.animFade } }
+ onClicked: calPopup.shiftMonth(-1)
SIcon {
anchors.centerIn: parent
text: "chevron_left"
color: Theme.base05
font.pixelSize: 18
}
- MouseArea {
- id: calPrevMa
- anchors.fill: parent
- hoverEnabled: true
- cursorShape: Qt.PointingHandCursor
- onClicked: calPopup.shiftMonth(-1)
- }
}
SText {
@@ -2276,24 +2321,16 @@ in
}
}
- Rectangle {
+ HoverRow {
width: 28; height: 28; radius: Theme.radiusSmall
anchors.right: parent.right
- color: calNextMa.containsMouse ? Theme.base02 : "transparent"
- Behavior on color { ColorAnimation { duration: Theme.animFade } }
+ onClicked: calPopup.shiftMonth(1)
SIcon {
anchors.centerIn: parent
text: "chevron_right"
color: Theme.base05
font.pixelSize: 18
}
- MouseArea {
- id: calNextMa
- anchors.fill: parent
- hoverEnabled: true
- cursorShape: Qt.PointingHandCursor
- onClicked: calPopup.shiftMonth(1)
- }
}
}
@@ -2349,7 +2386,7 @@ in
width: parent.width
height: weatherRow.height + 16
radius: Theme.radius
- color: Theme.base01
+ color: Theme.cardBg
visible: calPopup.weatherDays.length > 0
Row {
@@ -2399,180 +2436,254 @@ in
width: 300
spacing: 8
- // Media player card
- Rectangle {
- width: parent.width
- height: 64
- radius: Theme.radius
- color: Theme.base01
- visible: calPopup.player !== null
+ // Media player cards — one per active MPRIS source,
+ // so Spotify and a browser tab stay separate.
+ Repeater {
+ model: calPopup.players
- Row {
- anchors.fill: parent
- anchors.margins: 8
- spacing: 10
+ Rectangle {
+ id: mediaCard
+ required property var modelData
+ property var pwNode: calPopup.streamFor(modelData)
+ width: parent.width
+ height: mediaCol.height + 16
+ radius: Theme.radius
+ color: Theme.cardBg
- Rectangle {
- width: 48; height: 48
- radius: Theme.radiusSmall
- anchors.verticalCenter: parent.verticalCenter
- color: Theme.base02
- clip: true
- SIcon {
- anchors.centerIn: parent
- visible: albumArt.status !== Image.Ready
- text: "music_note"
- color: Theme.base04
- font.pixelSize: 22
- }
- Image {
- id: albumArt
- anchors.fill: parent
- fillMode: Image.PreserveAspectCrop
- source: calPopup.player ? calPopup.player.trackArtUrl : ""
- }
- }
+ PwObjectTracker { objects: mediaCard.pwNode ? [mediaCard.pwNode] : [] }
Column {
- width: parent.width - 48 - 10 - 88 - 10
- anchors.verticalCenter: parent.verticalCenter
- spacing: 2
- SText {
- width: parent.width
- text: calPopup.player ? calPopup.player.trackTitle : ""
- color: Theme.base05
- font.pixelSize: 12
- font.weight: Font.Medium
- elide: Text.ElideRight
- }
- SText {
- width: parent.width
- text: calPopup.player ? calPopup.player.trackArtist : ""
- color: Theme.base04
- font.pixelSize: 11
- elide: Text.ElideRight
- }
- }
+ id: mediaCol
+ anchors.left: parent.left
+ anchors.right: parent.right
+ anchors.top: parent.top
+ anchors.margins: 8
+ spacing: 8
- Row {
- anchors.verticalCenter: parent.verticalCenter
- spacing: 2
- Repeater {
- model: [
- { glyph: "skip_previous", act: "prev" },
- { glyph: calPopup.player && calPopup.player.playbackState === MprisPlaybackState.Playing ? "pause" : "play_arrow", act: "toggle" },
- { glyph: "skip_next", act: "next" }
- ]
- Rectangle {
- id: mediaBtn
- required property var modelData
- width: 28; height: 28; radius: 14
- color: mediaBtnMa.containsMouse ? Theme.base02 : "transparent"
- Behavior on color { ColorAnimation { duration: Theme.animFade } }
+ // Album art with title + artist to its
+ // right; controls and volume below.
+ Row {
+ width: parent.width
+ spacing: 12
+
+ ClippingRectangle {
+ width: 128; height: 128
+ radius: Theme.radiusSmall
+ anchors.verticalCenter: parent.verticalCenter
+ color: Theme.base02
SIcon {
anchors.centerIn: parent
- text: mediaBtn.modelData.glyph
- color: Theme.base05
- font.pixelSize: 18
+ visible: albumArt.status !== Image.Ready
+ text: "music_note"
+ color: Theme.base04
+ font.pixelSize: 48
}
- MouseArea {
- id: mediaBtnMa
+ Image {
+ id: albumArt
anchors.fill: parent
- hoverEnabled: true
- cursorShape: Qt.PointingHandCursor
- onClicked: {
- let p = calPopup.player;
- if (!p) return;
- if (mediaBtn.modelData.act === "prev") p.previous();
- else if (mediaBtn.modelData.act === "next") p.next();
- else p.togglePlaying();
+ fillMode: Image.PreserveAspectCrop
+ source: mediaCard.modelData.trackArtUrl
+ }
+ }
+
+ Column {
+ width: parent.width - 128 - 12
+ anchors.verticalCenter: parent.verticalCenter
+ spacing: 2
+ SText {
+ width: parent.width
+ text: mediaCard.modelData.trackTitle
+ color: Theme.base05
+ font.pixelSize: 13
+ font.weight: Font.Medium
+ elide: Text.ElideRight
+ }
+ SText {
+ width: parent.width
+ text: mediaCard.modelData.trackArtist
+ color: Theme.base04
+ font.pixelSize: 11
+ elide: Text.ElideRight
+ }
+ }
+ }
+
+ // Transport controls, centered below.
+ Item {
+ width: parent.width
+ height: 36
+ Row {
+ anchors.centerIn: parent
+ spacing: 4
+ Repeater {
+ model: [
+ { glyph: "skip_previous", act: "prev" },
+ { glyph: mediaCard.modelData.playbackState === MprisPlaybackState.Playing ? "pause" : "play_arrow", act: "toggle" },
+ { glyph: "skip_next", act: "next" }
+ ]
+ HoverRow {
+ id: mediaBtn
+ required property var modelData
+ width: 36; height: 36; radius: 18
+ onClicked: {
+ let p = mediaCard.modelData;
+ if (!p) return;
+ if (mediaBtn.modelData.act === "prev") p.previous();
+ else if (mediaBtn.modelData.act === "next") p.next();
+ else p.togglePlaying();
+ }
+ SIcon {
+ anchors.centerIn: parent
+ text: mediaBtn.modelData.glyph
+ color: Theme.base05
+ font.pixelSize: 24
+ }
}
}
}
}
+
+ // Per-source volume — same per-app path
+ // as the volume widget. Shown when the
+ // player's Pipewire stream is matched.
+ Row {
+ width: parent.width
+ spacing: 8
+ visible: mediaCard.pwNode !== null && mediaCard.pwNode.audio !== null
+
+ VolIcon {
+ anchors.verticalCenter: parent.verticalCenter
+ width: 18
+ color: Theme.base04
+ font.pixelSize: 15
+ audioNode: mediaCard.pwNode ? mediaCard.pwNode.audio : null
+ }
+
+ PillSlider {
+ width: parent.width - 18 - mediaVolLabel.width - 16
+ anchors.verticalCenter: parent.verticalCenter
+ height: 16
+ trackH: 4
+ value: mediaCard.pwNode && mediaCard.pwNode.audio ? Math.min(1, mediaCard.pwNode.audio.volume) : 0
+ fillColor: mediaCard.pwNode && mediaCard.pwNode.audio && mediaCard.pwNode.audio.muted ? Theme.base03 : Theme.base0C
+ onMoved: (v) => { if (mediaCard.pwNode && mediaCard.pwNode.audio) mediaCard.pwNode.audio.volume = v; }
+ }
+
+ SText {
+ id: mediaVolLabel
+ width: 36
+ text: mediaCard.pwNode && mediaCard.pwNode.audio ? Math.round(mediaCard.pwNode.audio.volume * 100) + "%" : "0%"
+ color: Theme.base04
+ font.pixelSize: 10
+ horizontalAlignment: Text.AlignRight
+ anchors.verticalCenter: parent.verticalCenter
+ }
+ }
}
}
}
- // Notifications card
- Card {
+ }
+ }
+
+ // ── Notifications: spans both columns, below the panes ──
+ Card {
+ id: notifCard
+ anchors.top: calRow.bottom
+ anchors.topMargin: 8
+ anchors.horizontalCenter: parent.horizontalCenter
+ width: calRow.width
+ opacity: calRow.opacity
+ cardSpacing: 6
+
+ Item {
+ width: parent.width
+ height: 20
+ SText {
+ anchors.left: parent.left
+ anchors.verticalCenter: parent.verticalCenter
+ text: "Notifications"
+ font.weight: Font.Medium
+ }
+ SText {
+ anchors.right: parent.right
+ anchors.verticalCenter: parent.verticalCenter
+ text: bar.notifServer.trackedNotifications.values.length > 0 ? "Clear all" : ""
+ color: Theme.base04
+ font.pixelSize: 11
+ MouseArea {
+ anchors.fill: parent
+ cursorShape: Qt.PointingHandCursor
+ onClicked: {
+ let notifs = bar.notifServer.trackedNotifications.values;
+ for (let i = notifs.length - 1; i >= 0; i--) {
+ notifs[i].dismiss();
+ }
+ }
+ }
+ }
+ }
+
+ SText {
+ visible: bar.notifServer.trackedNotifications.values.length === 0
+ text: "No notifications"
+ color: Theme.base03
+ font.pixelSize: 11
+ anchors.horizontalCenter: parent.horizontalCenter
+ }
+
+ Repeater {
+ model: bar.notifServer.trackedNotifications
+
+ Rectangle {
+ id: notifItem
+ required property var modelData
+ readonly property string previewSource: bar.notifPreviewSource(notifItem.modelData)
width: parent.width
- cardSpacing: 6
+ height: Math.max(notifPreview.visible ? 48 : 0, ncBody.height) + 16
+ radius: Theme.radiusSmall
+ color: Theme.base02
- Item {
- width: parent.width
- height: 20
-
- SText {
- anchors.left: parent.left
- anchors.verticalCenter: parent.verticalCenter
- text: "Notifications"
- font.weight: Font.Medium
- }
-
- SText {
- anchors.right: parent.right
- anchors.verticalCenter: parent.verticalCenter
- text: bar.notifServer.trackedNotifications.values.length > 0 ? "Clear all" : ""
- color: Theme.base04
- font.pixelSize: 11
- MouseArea {
- anchors.fill: parent
- cursorShape: Qt.PointingHandCursor
- onClicked: {
- let notifs = bar.notifServer.trackedNotifications.values;
- for (let i = notifs.length - 1; i >= 0; i--) {
- notifs[i].dismiss();
- }
- }
- }
+ // Image preview (album art, screenshot thumb…)
+ ClippingRectangle {
+ id: notifPreview
+ visible: notifItem.previewSource !== ""
+ anchors.left: parent.left
+ anchors.top: parent.top
+ anchors.margins: 8
+ width: 48; height: 48
+ radius: Theme.radiusTiny
+ color: Theme.base01
+ Image {
+ anchors.fill: parent
+ fillMode: Image.PreserveAspectCrop
+ source: notifItem.previewSource
}
}
- SText {
- visible: bar.notifServer.trackedNotifications.values.length === 0
- text: "No notifications"
- color: Theme.base03
- font.pixelSize: 11
- anchors.horizontalCenter: parent.horizontalCenter
+ NotifContent {
+ id: ncBody
+ notif: notifItem.modelData
+ anchors.left: notifPreview.visible ? notifPreview.right : parent.left
+ anchors.right: dismissBtn.left
+ anchors.top: parent.top
+ anchors.margins: 8
}
- Repeater {
- model: bar.notifServer.trackedNotifications
-
- Rectangle {
- id: notifItem
- required property var modelData
- width: parent.width
- height: ncBody.height + 12
- radius: Theme.radiusSmall
- color: Theme.base02
-
- NotifContent {
- id: ncBody
- notif: notifItem.modelData
- anchors.left: parent.left
- anchors.right: dismissBtn.left
- anchors.top: parent.top
- anchors.margins: 6
- }
-
- SIcon {
- id: dismissBtn
- anchors.right: parent.right
- anchors.top: parent.top
- anchors.margins: 6
- text: "close"
- color: dismissMa.containsMouse ? Theme.base05 : Theme.base03
- font.pixelSize: 14
- MouseArea {
- id: dismissMa
- anchors.fill: parent
- hoverEnabled: true
- cursorShape: Qt.PointingHandCursor
- onClicked: notifItem.modelData.dismiss()
- }
- }
+ SIcon {
+ id: dismissBtn
+ anchors.right: parent.right
+ anchors.top: parent.top
+ anchors.margins: 8
+ text: "close"
+ color: dismissMa.containsMouse ? Theme.base05 : Theme.base03
+ font.pixelSize: 15
+ MouseArea {
+ id: dismissMa
+ anchors.fill: parent
+ hoverEnabled: true
+ cursorShape: Qt.PointingHandCursor
+ onClicked: notifItem.modelData.dismiss()
}
}
}
@@ -2663,43 +2774,69 @@ in
anchors.horizontalCenter: parent.horizontalCenter
anchors.top: parent.top
width: 320
- height: toastItem.toastOpen ? toastCol.height + 16 : 0
+ height: toastItem.toastOpen ? toastCard.height + 12 : 0
clip: true
Behavior on height {
NumberAnimation { duration: Theme.animMorph; easing.type: Easing.OutExpo }
}
- NotifContent {
- id: toastCol
- notif: toastItem.currentNotif
+ // Notification sits in a base02 rounded card, matching
+ // the calendar list. Inset 6px so the melt panel frames it.
+ Rectangle {
+ id: toastCard
+ anchors.top: parent.top
anchors.left: parent.left
- anchors.right: toastDismiss.left
- anchors.top: parent.top
- anchors.margins: 8
- summarySize: 12
- bodySize: 11
- bodyLines: 3
- chipBg: Theme.base01
- chipBgHover: Theme.base02
- chipBorder: Theme.base02
- onActionInvoked: toastItem.dismiss()
- }
-
- SIcon {
- id: toastDismiss
anchors.right: parent.right
- anchors.top: parent.top
- anchors.margins: 8
- text: "close"
- color: toastDismissMa.containsMouse ? Theme.base05 : Theme.base03
- font.pixelSize: 15
- MouseArea {
- id: toastDismissMa
- anchors.fill: parent
- hoverEnabled: true
- cursorShape: Qt.PointingHandCursor
- onClicked: { toastItem.currentNotif.dismiss(); toastItem.dismiss(); }
+ anchors.margins: 6
+ height: Math.max(toastPreview.visible ? 48 : 0, toastCol.height) + 16
+ radius: Theme.radiusSmall
+ color: Theme.base02
+
+ property string previewSource: bar.notifPreviewSource(toastItem.currentNotif)
+
+ // Image preview (screenshot thumb, album art…)
+ ClippingRectangle {
+ id: toastPreview
+ visible: toastCard.previewSource !== ""
+ anchors.left: parent.left
+ anchors.top: parent.top
+ anchors.margins: 8
+ width: 48; height: 48
+ radius: Theme.radiusTiny
+ color: Theme.base01
+ Image {
+ anchors.fill: parent
+ fillMode: Image.PreserveAspectCrop
+ source: toastCard.previewSource
+ }
+ }
+
+ NotifContent {
+ id: toastCol
+ notif: toastItem.currentNotif
+ anchors.left: toastPreview.visible ? toastPreview.right : parent.left
+ anchors.right: toastDismiss.left
+ anchors.top: parent.top
+ anchors.margins: 8
+ onActionInvoked: toastItem.dismiss()
+ }
+
+ SIcon {
+ id: toastDismiss
+ anchors.right: parent.right
+ anchors.top: parent.top
+ anchors.margins: 8
+ text: "close"
+ color: toastDismissMa.containsMouse ? Theme.base05 : Theme.base03
+ font.pixelSize: 15
+ MouseArea {
+ id: toastDismissMa
+ anchors.fill: parent
+ hoverEnabled: true
+ cursorShape: Qt.PointingHandCursor
+ onClicked: { toastItem.currentNotif.dismiss(); toastItem.dismiss(); }
+ }
}
}
}