From 69783966465b1923616b33021ee065cd02c573ee Mon Sep 17 00:00:00 2001 From: OlivierChiasson Date: Mon, 25 May 2026 13:48:47 -0300 Subject: [PATCH] Rebase to flake parts #11 --- flake.lock | 158 +++++++------- modules/desktop/gui.nix | 10 +- modules/desktop/hyprland/default.nix | 6 + modules/desktop/niri/default.nix | 21 +- .../14900k/_private/jellyfin-nfs-export.nix | 23 +-- modules/hosts/14900k/_private/media-disk.nix | 41 ++-- modules/hosts/14900k/_private/nvidia.nix | 2 +- modules/hosts/14900k/_private/platform.nix | 1 + modules/hosts/14900k/configuration.nix | 18 +- modules/hosts/ideapad/configuration.nix | 2 - .../_services/attic-cache-server.nix | 41 +++- .../hosts/nix-server/_services/jellyfin.nix | 2 +- .../_services/nixdesk-nfs-client.nix | 8 +- modules/hosts/uConsole/_private/cockpit.nix | 2 +- modules/system/caching/attic.nix | 118 ++++++++--- modules/system/default.nix | 1 + modules/system/flatpak.nix | 4 +- modules/system/gaming.nix | 36 +++- modules/system/users/catalog-default.nix | 3 + modules/wisdom/apps/spacedrive/default.nix | 26 --- .../apps/spacedrive/package/default.nix | 112 ---------- modules/wisdom/browsers/chromium-hevc.nix | 192 ++++++++++++++++++ modules/wisdom/default.nix | 1 - modules/wisdom/editors/cursor.nix | 37 +++- secrets/attic-secrets.yaml | 7 +- 25 files changed, 567 insertions(+), 305 deletions(-) delete mode 100644 modules/wisdom/apps/spacedrive/default.nix delete mode 100644 modules/wisdom/apps/spacedrive/package/default.nix create mode 100644 modules/wisdom/browsers/chromium-hevc.nix diff --git a/flake.lock b/flake.lock index 3dce54c..99366be 100644 --- a/flake.lock +++ b/flake.lock @@ -23,11 +23,11 @@ ] }, "locked": { - "lastModified": 1778241768, - "narHash": "sha256-vyKpTnkTD0GId4PZUg21oBdWZhuHl/c3YgO5Ruehq2M=", + "lastModified": 1779537840, + "narHash": "sha256-IS3aolEKgyL0VuMfd/QX2AHvur1YukCTa6eZdxQWe1A=", "ref": "refs/heads/main", - "rev": "735b1cc776a8d7e26763bf1ac121866b326bd98f", - "revCount": 104, + "rev": "8d9c19f98abf47aa4504efa8d2233730b4afed50", + "revCount": 109, "type": "git", "url": "https://git.chiasson.cloud/Olivier/cursor-nixos-flake" }, @@ -63,11 +63,11 @@ ] }, "locked": { - "lastModified": 1776181116, - "narHash": "sha256-aUNKF+jzGY+jRlR7Bp82v/zNHdI9bFELLuYYWbaM6fo=", + "lastModified": 1778679554, + "narHash": "sha256-zoPgnxIlDja91/4TmnCui+Fzc/xU/1jdJFu9bovtOk8=", "owner": "AvengeMedia", "repo": "dgop", - "rev": "e2078a7c5620be2e4897e7dabc08ade6dac9a454", + "rev": "06574b54fa4878a93d8605962d50b13e9528a4ca", "type": "github" }, "original": { @@ -84,11 +84,11 @@ "quickshell": "quickshell" }, "locked": { - "lastModified": 1775588644, - "narHash": "sha256-iYBdSBvcW7bJtc84G6k5TFJEbPHQrif9KzZyE9Lbq8M=", + "lastModified": 1777431599, + "narHash": "sha256-g6r/Gx8PTDzO3jCNzzySA+Ff1lmLF9nDlMCNyyoQjoE=", "owner": "AvengeMedia", "repo": "DankMaterialShell", - "rev": "9798d78300d402178896f6ee1c370baed490158a", + "rev": "eb5afcdc40ea5446c27e18552ff4a19f9daf9484", "type": "github" }, "original": { @@ -132,11 +132,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1775087534, - "narHash": "sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA=", + "lastModified": 1778716662, + "narHash": "sha256-m1Yf0wZ8j1OHjTc2UwHwyQRSnNeSgLJOd7q5Y45hzi4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "3107b77cd68437b9a76194f0f7f9c55f2329ca5b", + "rev": "f7c1a2d347e4c52d5fb8d10cb4d94b5884e546fb", "type": "github" }, "original": { @@ -150,11 +150,11 @@ "nixpkgs-lib": "nixpkgs-lib_2" }, "locked": { - "lastModified": 1775087534, - "narHash": "sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA=", + "lastModified": 1778716662, + "narHash": "sha256-m1Yf0wZ8j1OHjTc2UwHwyQRSnNeSgLJOd7q5Y45hzi4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "3107b77cd68437b9a76194f0f7f9c55f2329ca5b", + "rev": "f7c1a2d347e4c52d5fb8d10cb4d94b5884e546fb", "type": "github" }, "original": { @@ -209,11 +209,11 @@ ] }, "locked": { - "lastModified": 1776721614, - "narHash": "sha256-zGuW7C4tsScib2560yE5VV6lY/MdRs30aU9cbg3RP+U=", + "lastModified": 1779507042, + "narHash": "sha256-7wOwi8B6D0BYsieZCnHZZj2sNUzgJhLoIVSfkwB7lxQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "c555a4a34a260493be5adb795c54e013c58f2d34", + "rev": "509ed3c603349a9d43de9e2ae6613baea6bd5b34", "type": "github" }, "original": { @@ -230,11 +230,11 @@ ] }, "locked": { - "lastModified": 1776184304, - "narHash": "sha256-No6QGBmIv5ChiwKCcbkxjdEQ/RO2ZS1gD7SFy6EZ7rc=", + "lastModified": 1778805320, + "narHash": "sha256-nGFJ01m2CTBKD4ABtcY4vLhHrRN91LKr/pn41PcU78A=", "owner": "nix-community", "repo": "home-manager", - "rev": "3c7524c68348ef79ce48308e0978611a050089b2", + "rev": "9846abe15e7d0d36b8acbd4d05f2b87461744c92", "type": "github" }, "original": { @@ -245,11 +245,11 @@ }, "import-tree": { "locked": { - "lastModified": 1773693634, - "narHash": "sha256-BtZ2dtkBdSUnFPPFc+n0kcMbgaTxzFNPv2iaO326Ffg=", + "lastModified": 1778781969, + "narHash": "sha256-Jjuz5CmSkur8KvLDoGa+vylEp+RkQtv4mt/qcMznpH0=", "owner": "vic", "repo": "import-tree", - "rev": "c41e7d58045f9057880b0d85e1152d6a4430dbf1", + "rev": "d321337efd0f23a9eb14a42adb7b2c29313ab274", "type": "github" }, "original": { @@ -299,11 +299,11 @@ "nixpkgs-nixcord": "nixpkgs-nixcord" }, "locked": { - "lastModified": 1777125640, - "narHash": "sha256-jKmRu5PknoI0pk3WEqMhVReosUubUCq3M/izEQWzb+4=", + "lastModified": 1779498537, + "narHash": "sha256-6LQjFDS69JufrN4sVsMNsXxeSF6BbDzMSbN7sVApsaA=", "owner": "KaylorBen", "repo": "nixcord", - "rev": "0e738683dd7551a9cbfa343397b1592dfd785b7e", + "rev": "45a98c17b0d9e695bdee92ab00c76657eddf47e7", "type": "github" }, "original": { @@ -348,11 +348,11 @@ ] }, "locked": { - "lastModified": 1775857096, - "narHash": "sha256-+eSij7C0oMqz76rGnB99RuWptBuEkJBm9vgb5fIwRrg=", + "lastModified": 1779023229, + "narHash": "sha256-MInilg7B/06c34SwOuGSBho4l0H1EZcmvxTkSWCs5pE=", "owner": "nvmd", "repo": "nixos-raspberrypi", - "rev": "1dc4ca5f93587932383c0b61e1753f5eed1c3bba", + "rev": "06c6e3513e1ee64b651913193fc6ac38aa4963f5", "type": "github" }, "original": { @@ -364,11 +364,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1776548001, - "narHash": "sha256-ZSK0NL4a1BwVbbTBoSnWgbJy9HeZFXLYQizjb2DPF24=", + "lastModified": 1779357205, + "narHash": "sha256-cCO8aTqss5x9Ky8GWkpY0Hy5fyTZEbtifSUV8QjSzic=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b12141ef619e0a9c1c84dc8c684040326f27cdcc", + "rev": "f83fc3c307e74bc5fd5adb7eb6b8b13ffd2a36e1", "type": "github" }, "original": { @@ -380,11 +380,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1774748309, - "narHash": "sha256-+U7gF3qxzwD5TZuANzZPeJTZRHS29OFQgkQ2kiTJBIQ=", + "lastModified": 1777168982, + "narHash": "sha256-GOkGPcboWE9BmGCRMLX3worL4EMnsnG8MyKmXNeYuhQ=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "333c4e0545a6da976206c74db8773a1645b5870a", + "rev": "f5901329dade4a6ea039af1433fb087bd9c1fe14", "type": "github" }, "original": { @@ -395,11 +395,11 @@ }, "nixpkgs-lib_2": { "locked": { - "lastModified": 1774748309, - "narHash": "sha256-+U7gF3qxzwD5TZuANzZPeJTZRHS29OFQgkQ2kiTJBIQ=", + "lastModified": 1777168982, + "narHash": "sha256-GOkGPcboWE9BmGCRMLX3worL4EMnsnG8MyKmXNeYuhQ=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "333c4e0545a6da976206c74db8773a1645b5870a", + "rev": "f5901329dade4a6ea039af1433fb087bd9c1fe14", "type": "github" }, "original": { @@ -410,11 +410,11 @@ }, "nixpkgs-nixcord": { "locked": { - "lastModified": 1776734388, - "narHash": "sha256-vl3dkhlE5gzsItuHoEMVe+DlonsK+0836LIRDnm6MXQ=", + "lastModified": 1779102034, + "narHash": "sha256-vZJZjLo513IeI8hjzHFc6TDezUd4uCE2Eq4SNO3DNNg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "10e7ad5bbcb421fe07e3a4ad53a634b0cd57ffac", + "rev": "687f05a9184cad4eaf905c48b63649e3a86f5433", "type": "github" }, "original": { @@ -426,11 +426,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1775579569, - "narHash": "sha256-/m3yyS/EnXqoPGBJYVy4jTOsirdgsEZ3JdN2gGkBr14=", + "lastModified": 1778869304, + "narHash": "sha256-30sZNZoA1cqF5JNO9fVX+wgiQYjB7HJqqJ4ztCDeBZE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dfd9566f82a6e1d55c30f861879186440614696e", + "rev": "d233902339c02a9c334e7e593de68855ad26c4cb", "type": "github" }, "original": { @@ -448,11 +448,11 @@ ] }, "locked": { - "lastModified": 1776720544, - "narHash": "sha256-SjaFRV8Oqu3LtEGxr1q5K+bMPbxPPjc7z1adadC8yE8=", + "lastModified": 1779493406, + "narHash": "sha256-70dCjL6KdsNG+hPHqUsrTF/gQtnucRMo2B/oGvf8aOw=", "owner": "nix-community", "repo": "NUR", - "rev": "fe8c1a700dbbfb474f7e80f6ca6223d0bd61d79d", + "rev": "e27d8a76f2167da18bd37ab38f463c13daf2bc21", "type": "github" }, "original": { @@ -471,11 +471,11 @@ ] }, "locked": { - "lastModified": 1773135655, - "narHash": "sha256-eb4/TZEU1cMpUPtUuxcr2sfiCciHtesBtPHzS1zh2Uo=", + "lastModified": 1778402771, + "narHash": "sha256-WS8hQ8Yk4M1rfkp2aUCaUkGVBU0ppCYAhklBk5kBdFU=", "owner": "robertjakub", "repo": "oom-hardware", - "rev": "ad592fd988ee7a7c1bd68ff8b819973e1ae900ef", + "rev": "9f338e9250b7c01ac97750851867fc8158e8f54c", "type": "github" }, "original": { @@ -493,16 +493,16 @@ ] }, "locked": { - "lastModified": 1766725085, - "narHash": "sha256-O2aMFdDUYJazFrlwL7aSIHbUSEm3ADVZjmf41uBJfHs=", + "lastModified": 1776854048, + "narHash": "sha256-lLbV66V3RMNp1l8/UelmR4YzoJ5ONtgvEtiUMJATH/o=", "ref": "refs/heads/master", - "rev": "41828c4180fb921df7992a5405f5ff05d2ac2fff", - "revCount": 715, + "rev": "783c953987dc56ff0601abe6845ed96f1d00495a", + "revCount": 806, "type": "git", "url": "https://git.outfoxxed.me/quickshell/quickshell" }, "original": { - "rev": "41828c4180fb921df7992a5405f5ff05d2ac2fff", + "rev": "783c953987dc56ff0601abe6845ed96f1d00495a", "type": "git", "url": "https://git.outfoxxed.me/quickshell/quickshell" } @@ -540,11 +540,11 @@ ] }, "locked": { - "lastModified": 1776119890, - "narHash": "sha256-Zm6bxLNnEOYuS/SzrAGsYuXSwk3cbkRQZY0fJnk8a5M=", + "lastModified": 1777944972, + "narHash": "sha256-VfGRo1qTBKOe3s2gOv8LSoA6Fk19PvBlwQ1ECN0Evn8=", "owner": "Mic92", "repo": "sops-nix", - "rev": "d4971dd58c6627bfee52a1ad4237637c0a2fb0cd", + "rev": "c591bf665727040c6cc5cb409079acb22dcce33c", "type": "github" }, "original": { @@ -561,11 +561,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1776578704, - "narHash": "sha256-4+JHYCweZ/SSrMcu2nJ5gc7gop2scBk0JIIfaUKuTaQ=", + "lastModified": 1779000518, + "narHash": "sha256-wdtytSnzMe85J/qeXJALMzSLRFTZ1gBHwn81l1PtT8k=", "owner": "Gerg-L", "repo": "spicetify-nix", - "rev": "73f6d24b4f5bdacc3b41ddcf9965bef2781f97dd", + "rev": "5dde76b38418892ccb3d99e99bed7f8a43ac294c", "type": "github" }, "original": { @@ -582,11 +582,11 @@ ] }, "locked": { - "lastModified": 1777652580, - "narHash": "sha256-CO4RXrd0eQ2INc8/S2CTWCIHUdvVkqwKZ/9o7a/pcFg=", + "lastModified": 1779059662, + "narHash": "sha256-PkBItyS1oZ4MJ+eEgF5iLKxx28rmSyk/bHp63tjW/5g=", "ref": "refs/heads/main", - "rev": "42575990389388d8d07da6fb4110d77ea7493159", - "revCount": 75, + "rev": "030da2f52d3cbe3c577ce12b5abbd35e90e1f093", + "revCount": 79, "type": "git", "url": "https://git.chiasson.cloud/Olivier/SwiftShare" }, @@ -632,11 +632,11 @@ ] }, "locked": { - "lastModified": 1775302822, - "narHash": "sha256-QoK8SYoIc0d/PoRdIUo+fkDNAHZIP2+AJ6PDM9ehGiY=", + "lastModified": 1777412856, + "narHash": "sha256-WrcIo3y9uFCuzgzbxc465FBS3zAZMQlfYszefkOUCWc=", "owner": "GnomedDev", "repo": "T2FanRD", - "rev": "5b1c0c10785b8e8dfe124a4d6aaa7c2becdac65c", + "rev": "48baf962697ec3d4d969c74cf601ee8e15b7aeaa", "type": "github" }, "original": { @@ -648,11 +648,11 @@ "t2linux-patches": { "flake": false, "locked": { - "lastModified": 1776111571, - "narHash": "sha256-1neTptNNPtwbBYSQOE48GM8CYx780eI5JQTFYmwN0og=", + "lastModified": 1779369552, + "narHash": "sha256-vDcWjgjhYAQcXZH40QN17ZV9BS0zqZeme9APXBqjlHs=", "owner": "t2linux", "repo": "linux-t2-patches", - "rev": "76589a89790c33c137d173f2d98b6096cd16b132", + "rev": "716093d3244566cd708362661de269ab7e67ff0f", "type": "github" }, "original": { @@ -682,11 +682,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1776464146, - "narHash": "sha256-XwLFfJDz71vIF7BAhnbLhrzQjmDC2uXdo7N0oHUrYzA=", + "lastModified": 1779297405, + "narHash": "sha256-VFoBwH7ZjVxCnvZTb5ODRXt70sLtWMxstive0N+RS50=", "owner": "BirdeeHub", "repo": "nix-wrapper-modules", - "rev": "75febede14a0845f4ef429da692a0698bf433600", + "rev": "e7ed7a1205945befdf2e0d73ba7df91d935e5af1", "type": "github" }, "original": { @@ -703,11 +703,11 @@ ] }, "locked": { - "lastModified": 1776663782, - "narHash": "sha256-qzBBuxZbn7vPD9ZDl3xmCBGa6qEc8Q//76Cbx4W0tE4=", + "lastModified": 1779455631, + "narHash": "sha256-svU6Ro4xiMxMA1KJGwQ/nfKwz3yXE/SONCw2Z1qTXHA=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "b93be06dc91630bf0ced69c54d0e1e05e56ae460", + "rev": "5bcdfcef664bf62831dcb4b947004d9c5fbf7201", "type": "github" }, "original": { diff --git a/modules/desktop/gui.nix b/modules/desktop/gui.nix index f247b8c..7ceb866 100644 --- a/modules/desktop/gui.nix +++ b/modules/desktop/gui.nix @@ -126,8 +126,14 @@ (lib.mkIf (guiEnabled && cfg.keyring.enable && hmAvailable) { "home-manager".sharedModules = [ ({ lib, pkgs, ... }: { - services.gnome-keyring.enable = lib.mkDefault true; - home.packages = [ pkgs.gcr ]; + services.gnome-keyring = { + enable = lib.mkDefault true; + components = [ "secrets" ]; + }; + home.packages = [ + pkgs.gcr + pkgs.libsecret + ]; }) ]; }) diff --git a/modules/desktop/hyprland/default.nix b/modules/desktop/hyprland/default.nix index cbb6adb..a9caab6 100644 --- a/modules/desktop/hyprland/default.nix +++ b/modules/desktop/hyprland/default.nix @@ -38,6 +38,7 @@ }: let hyprlandEnabled = osConfig.chiasson.desktop.hyprland.enable or false; + keyringEnabled = osConfig.chiasson.desktop.keyring.enable or false; # nixpkgs hyprland-plugins pin is stale for current Hyprland — override to a known-good rev. hyprbarsPatched = let @@ -66,6 +67,11 @@ ''; settings = lib.mkMerge [ + (lib.mkIf keyringEnabled { + exec-once = lib.mkBefore [ + "dbus-update-activation-environment --systemd --all" + ]; + }) { monitor = [ ",preferred,auto,auto" ]; general = { diff --git a/modules/desktop/niri/default.nix b/modules/desktop/niri/default.nix index e6d70f7..8fe55d3 100644 --- a/modules/desktop/niri/default.nix +++ b/modules/desktop/niri/default.nix @@ -124,17 +124,27 @@ let }; }; + keyringNiriStartupKdl = '' + spawn-at-startup "dbus-update-activation-environment" "--systemd" "--all" + ''; + mergeNiriSettings = - pkgs: niriCfg: + pkgs: niriCfg: keyringEnable: let lib = pkgs.lib; pi5 = self.lib.pi5NiriKdl; rpi5Extra = lib.optionalString (niriCfg.raspberryPi5DrmWorkaround or false) pi5.drmExtraConfig; + base = niriBaseSettings pkgs; userExtra = niriCfg.extraSettings or { }; - extraConfigMerged = rpi5Extra + (userExtra.extraConfig or ""); + keyringExtra = lib.optionalString keyringEnable keyringNiriStartupKdl; + extraConfigMerged = keyringExtra + rpi5Extra + (userExtra.extraConfig or ""); + windowRules = (base.window-rules or [ ]) ++ (userExtra.window-rules or [ ]); in - lib.recursiveUpdate (niriBaseSettings pkgs) ( - userExtra + lib.recursiveUpdate base ( + lib.removeAttrs userExtra [ "window-rules" "extraConfig" ] + // lib.optionalAttrs (windowRules != [ ]) { + window-rules = windowRules; + } // lib.optionalAttrs (rpi5Extra != "" || (userExtra.extraConfig or "") != "") { extraConfig = extraConfigMerged; } @@ -146,7 +156,8 @@ in let niriOs = osConfig.chiasson.desktop.niri or { }; niriEnabled = osConfig.chiasson.desktop.niri.enable or false; - mergedSettings = mergeNiriSettings pkgs niriOs; + keyringEnabled = osConfig.chiasson.desktop.keyring.enable or false; + mergedSettings = mergeNiriSettings pkgs niriOs keyringEnabled; niriConfigPkg = inputs.wrapper-modules.wrappers.niri.wrap { inherit pkgs; settings = mergedSettings; diff --git a/modules/hosts/14900k/_private/jellyfin-nfs-export.nix b/modules/hosts/14900k/_private/jellyfin-nfs-export.nix index 68dd80c..48336f5 100644 --- a/modules/hosts/14900k/_private/jellyfin-nfs-export.nix +++ b/modules/hosts/14900k/_private/jellyfin-nfs-export.nix @@ -1,8 +1,7 @@ # NFS exports from nixdesk (14900k) to nix-server (192.168.2.238): -# - /mnt/test/jellyfin → nix-server /mnt/nixdesk-jellyfin (Jellyfin bulk libraries) -# - /mnt/media → nix-server /mnt/media (Btrfs MediaLibrary disk; see media-disk.nix) +# - /mnt/deep/jellyfin → nix-server /mnt/nixdesk-jellyfin (Jellyfin bulk libraries) # -# NTFS on nixdesk uses uid=olivier + gid=nfsmedia (990); dirs here are olivier:nfsmedia 2775 so +# Jellyfin root on nixdesk uses owner olivier + group nfsmedia (990); dirs here are 2775 so # local writes and NFS all_squash (anonuid=olivier, anongid=990) get rwx via owner or group. # # Legacy trees may still need a one-time `chgrp -R nfsmedia` / `chmod -R g+rwX` on deep folders. @@ -20,16 +19,9 @@ in group = "nfsmedia"; }; - # olivier: owner for local use; nfsmedia: group matches NTFS gid=990 and NFS all_squash (990). + # olivier: owner for local use; nfsmedia: group used by NFS all_squash (990). systemd.tmpfiles.settings."14900k-nfs-export-paths" = { - "/mnt/test"."d" = { mode = "2775"; user = "olivier"; group = "nfsmedia"; }; - "/mnt/test/jellyfin"."d" = { mode = "2775"; user = "olivier"; group = "nfsmedia"; }; - "/mnt/test/jellyfin/movies"."d" = { mode = "2775"; user = "olivier"; group = "nfsmedia"; }; - "/mnt/test/jellyfin/tv"."d" = { mode = "2775"; user = "olivier"; group = "nfsmedia"; }; - "/mnt/media"."d" = { mode = "2775"; user = "olivier"; group = "nfsmedia"; }; - "/mnt/media/Movies"."d" = { mode = "2775"; user = "olivier"; group = "nfsmedia"; }; - "/mnt/media/TV"."d" = { mode = "2775"; user = "olivier"; group = "nfsmedia"; }; - "/mnt/media/Videos"."d" = { mode = "2775"; user = "olivier"; group = "nfsmedia"; }; + "/mnt/deep/jellyfin"."d" = { mode = "2775"; user = "olivier"; group = "nfsmedia"; }; }; # After exports are up, ensure group nfsmedia can write throughout library roots (idempotent; @@ -37,9 +29,7 @@ in system.activationScripts.nfs-export-group-write = { deps = [ "specialfs" ]; text = '' - for d in \ - /mnt/media/TV /mnt/media/Movies /mnt/media/Videos \ - /mnt/test/jellyfin/tv /mnt/test/jellyfin/movies + for d in /mnt/deep/jellyfin do [ -d "$d" ] || continue ${pkgs.acl}/bin/setfacl -R -m g:nfsmedia:rwx "$d" 2>/dev/null || true @@ -58,8 +48,7 @@ in # Squash nix-server clients to olivier:nfsmedia so Jellyfin can write .nfo/posters into # existing olivier-owned library folders (990-only squash was "other" r-x on typical 755 trees). exports = '' - /mnt/test/jellyfin 192.168.2.238(rw,sync,no_subtree_check,crossmnt,root_squash,all_squash,anonuid=${toString olivierUid},anongid=990,fsid=1) - /mnt/media 192.168.2.238(rw,sync,no_subtree_check,crossmnt,root_squash,all_squash,anonuid=${toString olivierUid},anongid=990,fsid=2) + /mnt/deep/jellyfin 192.168.2.238(rw,sync,no_subtree_check,crossmnt,root_squash,all_squash,anonuid=${toString olivierUid},anongid=990,fsid=1) ''; }; diff --git a/modules/hosts/14900k/_private/media-disk.nix b/modules/hosts/14900k/_private/media-disk.nix index 58c4f7f..2c76932 100644 --- a/modules/hosts/14900k/_private/media-disk.nix +++ b/modules/hosts/14900k/_private/media-disk.nix @@ -6,29 +6,42 @@ let in { users.users.olivier.uid = lib.mkDefault 1000; - - fileSystems."/mnt/media" = { + # LABEL="MediaLibrary" (btrfs on sda1 by UUID). No subvol=@ — this disk has no @ subvolume. + fileSystems."/mnt/2nd" = { device = "/dev/disk/by-uuid/17d8a981-db3b-415e-a0f7-7dbc519e04ab"; fsType = "btrfs"; options = [ - "subvol=@" "compress=zstd" "noatime" + "nofail" + "x-systemd.device-timeout=30" + ]; + }; + +#new deep storage unit + fileSystems."/mnt/deep" = { + device = "/dev/disk/by-uuid/64fb08fe-da5d-4405-afa3-1603a411e9e5"; + fsType = "btrfs"; + options = [ + "compress=zstd" + "noatime" + "nofail" + "x-systemd.device-timeout=30" ]; }; # LABEL="Deep Storage Unit". Owner olivier, group nfsmedia (990) so: # - local logins write as user 1000 (owner rwx); # - NFS (all_squash → uid/gid 990) matches group 990 → rwx (see jellyfin-nfs-export). - fileSystems."/mnt/test" = { - device = "/dev/disk/by-uuid/BC12E55E12E51DE0"; - fsType = "ntfs-3g"; - options = [ - "rw" - "force" - "uid=${toString olivierUid}" - "gid=990" - "umask=0002" - ]; - }; + #fileSystems."/mnt/test" = { + # device = "/dev/disk/by-uuid/BC12E55E12E51DE0"; + # fsType = "ntfs-3g"; + # options = [ + # "rw" + # "force" + # "uid=${toString olivierUid}" + # "gid=990" + # "umask=0002" + # ]; + #}; } diff --git a/modules/hosts/14900k/_private/nvidia.nix b/modules/hosts/14900k/_private/nvidia.nix index ebfa9c4..9a83700 100644 --- a/modules/hosts/14900k/_private/nvidia.nix +++ b/modules/hosts/14900k/_private/nvidia.nix @@ -12,7 +12,7 @@ powerManagement.finegrained = false; open = true; nvidiaSettings = true; - package = config.boot.kernelPackages.nvidiaPackages.stable; + package = config.boot.kernelPackages.nvidiaPackages.latest; }; hardware.nvidia-container-toolkit.enable = true; diff --git a/modules/hosts/14900k/_private/platform.nix b/modules/hosts/14900k/_private/platform.nix index 72705ee..72d6942 100644 --- a/modules/hosts/14900k/_private/platform.nix +++ b/modules/hosts/14900k/_private/platform.nix @@ -7,6 +7,7 @@ hardware.enableRedistributableFirmware = true; hardware.enableAllFirmware = true; + hardware.cpu.intel.updateMicrocode = true; nix.settings.experimental-features = [ "nix-command" "flakes" ]; diff --git a/modules/hosts/14900k/configuration.nix b/modules/hosts/14900k/configuration.nix index 5e560bb..10dd87a 100644 --- a/modules/hosts/14900k/configuration.nix +++ b/modules/hosts/14900k/configuration.nix @@ -45,6 +45,7 @@ services.cloudflare-warp.enable = true; # This fixes common NixOS issues like `vaInitialize failed` and missing QSV encoders in apps. hardware.graphics = { enable = true; + enable32Bit = true; # Required by Wine/DXVK for 32-bit Vulkan userspace. extraPackages = with pkgs; [ intel-media-driver # iHD (Gen8+) vpl-gpu-rt # oneVPL runtime (QSV) @@ -84,17 +85,22 @@ services.cloudflare-warp.enable = true; }; }; + chiasson.system.chromiumHevc.enable = true; + chiasson.system = { ytDlpTelequebecPatch.enable = true; audio.enable = true; docker.enable = true; gaming.enable = true; + gaming.launchers.enableBottles = false; + gaming.gamescope.enable = true; gaming.steam.steamTinkerLaunch.enable = true; monitorInput.enable = true; flatpak.enable = true; + flatpak.flathub.appIds = [ "com.usebottles.bottles" ]; palera1n.enable = true; uconsoleKernelBuilder.enable = true; @@ -116,6 +122,8 @@ services.cloudflare-warp.enable = true; vlc element-desktop thunderbird + + prismlauncher ]; @@ -134,6 +142,8 @@ services.cloudflare-warp.enable = true; self.homeManagerModules.wisdomBrowsersEdge self.homeManagerModules.wisdomBrowsersFlow self.homeManagerModules.wisdomBrowsersOrion + self.homeManagerModules.wisdomBrowsersZen + self.homeManagerModules.wisdomBrowsersChromiumHevc self.homeManagerModules.wisdomEditorsCursor self.homeManagerModules.wisdomEditorsObsidian self.homeManagerModules.wisdomShellYazi @@ -142,7 +152,6 @@ services.cloudflare-warp.enable = true; self.homeManagerModules.wisdomAppsDiscord self.homeManagerModules.wisdomAppsSpotify self.homeManagerModules.wisdomAppsLocalsend - self.homeManagerModules.wisdomAppsSpacedrive self.homeManagerModules.wisdomAppsPokeclicker self.homeManagerModules.wisdomDesktopScreenshot self.homeManagerModules.wisdomDesktopGtkQtTheming @@ -169,6 +178,12 @@ services.cloudflare-warp.enable = true; browsers.edge.enable = true; browsers.flow.enable = false; browsers.orion.enable = true; + browsers.zen.enable = true; + browsers.chromiumHevc = { + enable = true; + packages = [ "google-chrome" ]; + vaapi.gpu = "intel"; # Chromium + NVIDIA VA-API → frame pool errors in Jellyfin cuz chrome is proprietary rats nests, gecko engine might support NVIDIA VA-API + }; editors.cursor.enable = true; editors.obsidian.enable = true; @@ -178,7 +193,6 @@ services.cloudflare-warp.enable = true; spotify.enable = true; spotify.openDiscoveryFirewall = true; localsend.enable = true; - spacedrive.enable = true; pokeclicker.enable = true; }; diff --git a/modules/hosts/ideapad/configuration.nix b/modules/hosts/ideapad/configuration.nix index d663ccc..4eec50c 100644 --- a/modules/hosts/ideapad/configuration.nix +++ b/modules/hosts/ideapad/configuration.nix @@ -141,7 +141,6 @@ self.homeManagerModules.wisdomShellOhMyPosh self.homeManagerModules.wisdomAppsSpotify self.homeManagerModules.wisdomAppsLocalsend - self.homeManagerModules.wisdomAppsSpacedrive self.homeManagerModules.wisdomDesktopScreenshot { chiasson.home = { @@ -156,7 +155,6 @@ editors.cursor.enable = true; apps.spotify.enable = true; apps.localsend.enable = true; - apps.spacedrive.enable = true; desktop = { screenshot = { enable = true; diff --git a/modules/hosts/nix-server/_services/attic-cache-server.nix b/modules/hosts/nix-server/_services/attic-cache-server.nix index 15a8999..3dd8c9a 100644 --- a/modules/hosts/nix-server/_services/attic-cache-server.nix +++ b/modules/hosts/nix-server/_services/attic-cache-server.nix @@ -1,4 +1,5 @@ -{ config, ... }: { +{ config, lib, ... }: +{ sops = { templates."atticd.env" = { owner = "root"; @@ -17,14 +18,48 @@ mode = "0400"; }; + # SQLite on disk was the main source of random multi-minute stalls (see attic#113). + # NAR blobs stay in /var/lib/atticd/storage; only metadata moves to Postgres. + services.postgresql = { + enable = true; + ensureDatabases = [ "atticd" ]; + ensureUsers = [ + { + name = "atticd"; + ensureDBOwnership = true; + } + ]; + }; + services.atticd = { enable = true; environmentFile = config.sops.templates."atticd.env".path; settings = { - listen = "[::]:8080"; + listen = "0.0.0.0:8080"; jwt = { }; + # Use a libpq socket URI format accepted by Attic's parser. + database.url = "postgresql:///atticd?host=/run/postgresql&user=atticd"; + chunking = { + nar-size-threshold = 65536; + min-size = 16384; + avg-size = 65536; + max-size = 262144; + }; + storage = { + type = "local"; + path = "/var/lib/atticd/storage"; + }; + }; + }; + + systemd.services.atticd = { + serviceConfig = { + Restart = lib.mkForce "always"; + RestartSec = lib.mkForce 5; + # Large closures; default limits can wedge uploads under load. + LimitNOFILE = 1048576; }; }; chiasson.system.networking.firewall.allowedTCPPorts = [ 8080 ]; -} \ No newline at end of file +} diff --git a/modules/hosts/nix-server/_services/jellyfin.nix b/modules/hosts/nix-server/_services/jellyfin.nix index 0060756..ac45075 100644 --- a/modules/hosts/nix-server/_services/jellyfin.nix +++ b/modules/hosts/nix-server/_services/jellyfin.nix @@ -53,7 +53,7 @@ # not writable by uid jellyfin (it only had group `jellyfin`), so deletes fail. systemd.services.jellyfin.serviceConfig = { SupplementaryGroups = [ "media" ]; - # Jellyfin libraries on NFS (e.g. /mnt/media, /mnt/nixdesk-jellyfin). PrivateUsers breaks + # Jellyfin libraries on NFS (e.g. /mnt/nixdesk-jellyfin). PrivateUsers breaks # uid mapping for NFS auth in practice; disable so metadata writes use the real jellyfin uid # (squashed to olivier:nfsmedia on nixdesk exports). PrivateUsers = lib.mkForce false; diff --git a/modules/hosts/nix-server/_services/nixdesk-nfs-client.nix b/modules/hosts/nix-server/_services/nixdesk-nfs-client.nix index ac9e0e5..76422f3 100644 --- a/modules/hosts/nix-server/_services/nixdesk-nfs-client.nix +++ b/modules/hosts/nix-server/_services/nixdesk-nfs-client.nix @@ -28,13 +28,7 @@ let in { fileSystems."/mnt/nixdesk-jellyfin" = { - device = "${nfsExportHost}:/mnt/test/jellyfin"; - fsType = "nfs"; - options = nfsClientOpts; - }; - - fileSystems."/mnt/media" = { - device = "${nfsExportHost}:/mnt/media"; + device = "${nfsExportHost}:/mnt/deep/jellyfin"; fsType = "nfs"; options = nfsClientOpts; }; diff --git a/modules/hosts/uConsole/_private/cockpit.nix b/modules/hosts/uConsole/_private/cockpit.nix index acbee79..a5d6075 100644 --- a/modules/hosts/uConsole/_private/cockpit.nix +++ b/modules/hosts/uConsole/_private/cockpit.nix @@ -10,7 +10,7 @@ in openFirewall = true; allowed-origins = [ "https://${config.networking.hostName}:${toString config.services.cockpit.port}" - "https://192.168.2.60:${toString config.services.cockpit.port}" + "https://192.168.2.99:${toString config.services.cockpit.port}" ]; plugins = with pkgs; [ cockpit-files diff --git a/modules/system/caching/attic.nix b/modules/system/caching/attic.nix index 4c77d43..74eef4a 100644 --- a/modules/system/caching/attic.nix +++ b/modules/system/caching/attic.nix @@ -56,6 +56,42 @@ ''; }; + retries = mkOption { + type = types.int; + default = 3; + description = "Attempts per push before giving up (handles transient Attic/network stalls)."; + }; + + background = mkOption { + type = types.bool; + default = true; + description = '' + Run `attic push` in the background so the build finishes immediately. + Failures/timeouts are logged; they do not fail the build. + ''; + }; + + timeoutSec = mkOption { + type = types.int; + default = 600; + description = "Kill `attic push` after this many seconds (background or foreground)."; + }; + + uploadJobs = mkOption { + type = types.int; + default = 3; + description = "Parallel upload workers (`attic push -j`). Lower if the server stalls under load."; + }; + + logFile = mkOption { + type = types.str; + default = ""; + description = '' + Append push logs here. Empty → `$XDG_RUNTIME_DIR/nix-attic-push.log` + (or `/tmp/nix-attic-push-$UID.log`). + ''; + }; + excludedPatterns = mkOption { type = types.listOf types.str; default = [ ]; @@ -96,6 +132,7 @@ enabled = cfg.enable && cfg.cacheName != "" && endpointBase != "" && cfg.publicKey != ""; cacheUrl = "${endpointBase}/${cfg.cacheName}"; pushTokenFile = if cfg.push.tokenFile != null then cfg.push.tokenFile else cfg.tokenFile; + atticTomlServersSection = "[servers.ci]"; hmAtticCliModule = { lib, osConfig ? { }, ... }: let @@ -146,11 +183,16 @@ set -eu set -f + export PATH="${lib.makeBinPath [ + pkgs.attic-client + pkgs.nix + pkgs.gnused + pkgs.coreutils + ]}:$PATH" + echo "attic: hook start drv=''${DRV_PATH:-}" >&2 echo "attic: endpoint=${lib.escapeShellArg endpointBase} cache=${lib.escapeShellArg cfg.cacheName}" >&2 - export PATH="${lib.makeBinPath [ pkgs.attic-client pkgs.nix pkgs.gnused ]}:$PATH" - ${lib.optionalString (pushTokenFile != null) '' token_path=${lib.escapeShellArg pushTokenFile} if [ ! -r "$token_path" ]; then echo "attic: skipping push (token not readable at $token_path)" >&2 @@ -158,31 +200,17 @@ fi ATTIC_TOKEN="$(tr -d '\n' < "$token_path")" - ''} if [ -z "$ATTIC_TOKEN" ]; then echo "attic: skipping push (token is empty)" >&2 exit 0 fi - ATTIC_CONFIG_HOME="$(mktemp -d /tmp/attic-hook-XXXXXX)" - export XDG_CONFIG_HOME="$ATTIC_CONFIG_HOME" - cleanup() { - rm -rf "$ATTIC_CONFIG_HOME" - } - trap cleanup EXIT - - if ! attic login --set-default ci ${lib.escapeShellArg endpointBase} "$ATTIC_TOKEN" >/dev/null 2>&1; then - echo "attic: login failed (build succeeded; check token/server URL)" >&2 - exit 0 - fi - push_paths="" skipped_roots=0 pushed_roots=0 seen_roots=0 for path in $OUT_PATHS; do seen_roots=$((seen_roots + 1)) - echo "attic: evaluating OUT_PATH $path" >&2 skip=0 skip_reason="" @@ -217,17 +245,59 @@ echo "attic: summary seen=$seen_roots selected=$pushed_roots skipped=$skipped_roots" >&2 - if [ -n "$push_paths" ]; then - echo "attic: pushing to ci:${cfg.cacheName}" >&2 - if ! attic push ${lib.escapeShellArg "ci:${cfg.cacheName}"} $push_paths; then - echo "attic: push failed (build succeeded; check token/network)" >&2 - else - echo "attic: push succeeded" >&2 - fi - else + if [ -z "$push_paths" ]; then echo "attic: nothing selected for push" >&2 + exit 0 fi + + runtime_dir="''${XDG_RUNTIME_DIR:-/run/user/$(id -u)}" + attic_config_home="$runtime_dir/nix-attic-hook" + export XDG_CONFIG_HOME="$attic_config_home" + mkdir -p "$attic_config_home/attic" + { + printf '%s\n' 'default-server = "ci"' + printf '\n' + printf '%s\n' ${builtins.toJSON atticTomlServersSection} + printf 'endpoint = %s\n' ${builtins.toJSON endpointBase} + printf 'token = "%s"\n' "$ATTIC_TOKEN" + } > "$attic_config_home/attic/config.toml" + + log_file=${lib.escapeShellArg cfg.push.logFile} + if [ -z "$log_file" ]; then + log_file="$runtime_dir/nix-attic-push.log" + fi + mkdir -p "$(dirname "$log_file")" + + push_cmd() { + attempt=1 + max_attempts=${toString cfg.push.retries} + while [ "$attempt" -le "$max_attempts" ]; do + echo "attic: push attempt $attempt/$max_attempts $(date -Is) paths:$push_paths" >&2 + if timeout ${toString cfg.push.timeoutSec} \ + attic push -j ${toString cfg.push.uploadJobs} \ + ${lib.escapeShellArg "ci:${cfg.cacheName}"} \ + $push_paths; then + echo "attic: push succeeded $(date -Is)" >&2 + return 0 + fi + echo "attic: push failed or timed out (attempt $attempt/$max_attempts)" >&2 + attempt=$((attempt + 1)) + [ "$attempt" -le "$max_attempts" ] && sleep 5 + done + return 1 + } + + ${lib.optionalString cfg.push.background '' + echo "attic: scheduling background push → $log_file" >&2 + ( + push_cmd + ) >> "$log_file" 2>&1 & exit 0 + ''} + ${lib.optionalString (!cfg.push.background) '' + push_cmd 2>&1 | tee -a "$log_file" + exit 0 + ''} ''); environment.systemPackages = lib.mkIf cfg.userCli.enable [ pkgs.attic-client ]; diff --git a/modules/system/default.nix b/modules/system/default.nix index 1d05fcc..a33339f 100644 --- a/modules/system/default.nix +++ b/modules/system/default.nix @@ -6,6 +6,7 @@ self.nixosModules.systemFonts self.nixosModules.systemNetworking self.nixosModules.systemLocalsend + self.nixosModules.systemChromiumHevcVaapi self.nixosModules.systemMonitorInput self.nixosModules.systemSpotify self.nixosModules.systemPackagesDefaults diff --git a/modules/system/flatpak.nix b/modules/system/flatpak.nix index 6ec52f3..c731f78 100644 --- a/modules/system/flatpak.nix +++ b/modules/system/flatpak.nix @@ -75,9 +75,9 @@ # Never remote-delete flathub here — interactive and breaks unattended rebuilds. ${pkgs.flatpak}/bin/flatpak --system remote-add --if-not-exists flathub \ - https://flathub.org/repo/flathub.flatpakrepo || true + https://dl.flathub.org/repo/ || true ${pkgs.flatpak}/bin/flatpak --system remote-modify flathub \ - --url=https://flathub.org/repo/flathub.flatpakrepo 2>/dev/null || true + --url=https://dl.flathub.org/repo/ 2>/dev/null || true allowed=( ${lib.concatStringsSep " " (map lib.escapeShellArg allowedAppIds)} ) diff --git a/modules/system/gaming.nix b/modules/system/gaming.nix index 6cd4288..01017f7 100644 --- a/modules/system/gaming.nix +++ b/modules/system/gaming.nix @@ -7,13 +7,13 @@ with pkgs; [ lutris - bottles wine winetricks gamemode mangohud goverlay ] + ++ lib.optionals cfg.launchers.enableBottles [ bottles ] ++ lib.optionals pkgs.stdenv.isx86_64 [ heroic ]; steamExtraPkgs = @@ -66,6 +66,19 @@ description = "`programs.gamemode` (Feral GameMode)."; }; + gamescope = { + enable = lib.mkEnableOption '' + `programs.gamescope` — isolated compositor for Steam/Proton on Wayland + (fixes games embedding inside the Steam window). + ''; + + capSysNice = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Allow gamescope to renice itself for smoother frame pacing."; + }; + }; + jack.enable = lib.mkOption { type = lib.types.bool; default = true; @@ -76,6 +89,11 @@ }; launchers = { + enableBottles = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Install native `pkgs.bottles` in the launcher bundle."; + }; forUsers = lib.mkOption { type = lib.types.nullOr (lib.types.listOf lib.types.str); default = null; @@ -93,6 +111,17 @@ config = lib.mkIf cfg.enable (lib.mkMerge [ { + # openldap's upstream test suite is flaky in the Nix sandbox (test017, test001, …). + # Disabling checks avoids cascading failures in lutris, apache, gnupg, nfs-utils, etc. + # Upstream: https://github.com/NixOS/nixpkgs/issues/514113 + nixpkgs.overlays = [ + (_: prev: { + openldap = prev.openldap.overrideAttrs (_: { + doCheck = false; + }); + }) + ]; + programs.steam = { enable = true; remotePlay.openFirewall = cfg.steam.remotePlay.openFirewall; @@ -106,6 +135,11 @@ programs.gamemode.enable = cfg.gamemode.enable; + programs.gamescope = lib.mkIf cfg.gamescope.enable { + enable = true; + inherit (cfg.gamescope) capSysNice; + }; + chiasson.system.audio.pipewire.jack.enable = lib.mkIf (cfg.jack.enable) (lib.mkDefault true); assertions = [ diff --git a/modules/system/users/catalog-default.nix b/modules/system/users/catalog-default.nix index 02bd5fd..3ef3409 100644 --- a/modules/system/users/catalog-default.nix +++ b/modules/system/users/catalog-default.nix @@ -19,6 +19,9 @@ # to /sys/class/backlight/*/brightness without sudo. Harmless on hosts without a # backlight (servers, desktop towers): the group simply has no devices to own. "video" + # DRI render nodes and input devices for gamescope / Steam on Wayland (no sudo). + "render" + "input" ]; # Host must set `sops.secrets."users/olivier/hashedPassword".neededForUsers = true`. diff --git a/modules/wisdom/apps/spacedrive/default.nix b/modules/wisdom/apps/spacedrive/default.nix deleted file mode 100644 index 4057702..0000000 --- a/modules/wisdom/apps/spacedrive/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ ... }: { - flake.homeManagerModules.wisdomAppsSpacedrive = - { config, lib, pkgs, ... }: - let - root = config.chiasson.home; - cfg = config.chiasson.home.apps.spacedrive; - spacedrivePkg = pkgs.callPackage ./package { }; - in - { - options.chiasson.home.apps.spacedrive = { - enable = lib.mkEnableOption '' - [Spacedrive](https://spacedrive.com/) v2 alpha — upstream `.deb` repackaged for NixOS. - ''; - - package = lib.mkOption { - type = lib.types.package; - default = spacedrivePkg; - description = "Spacedrive package (defaults to upstream v2.0.0-alpha.2)."; - }; - }; - - config = lib.mkIf (root.enable && cfg.enable) { - home.packages = [ cfg.package ]; - }; - }; -} diff --git a/modules/wisdom/apps/spacedrive/package/default.nix b/modules/wisdom/apps/spacedrive/package/default.nix deleted file mode 100644 index 0f2caca..0000000 --- a/modules/wisdom/apps/spacedrive/package/default.nix +++ /dev/null @@ -1,112 +0,0 @@ -{ - lib, - stdenv, - fetchurl, - dpkg, - makeWrapper, - autoPatchelfHook, - wrapGAppsHook3, - adwaita-icon-theme, - ffmpeg, - gdk-pixbuf, - glib, - glib-networking, - gst_all_1, - gtk3, - hicolor-icon-theme, - libsoup_3, - webkitgtk_4_1, - xdotool, -}: - -let - version = "2.0.0-alpha.2"; - - srcInfo = - if stdenv.hostPlatform.system == "x86_64-linux" then - { - url = "https://github.com/spacedriveapp/spacedrive/releases/download/v${version}/Spacedrive-linux-x86_64.deb"; - hash = "sha256-KzRPBtyX5x4ZLlZd6SgAS/cy/7irXt7v+b3Yuq9GETo="; - } - else if stdenv.hostPlatform.system == "aarch64-linux" then - { - url = "https://github.com/spacedriveapp/spacedrive/releases/download/v${version}/Spacedrive-linux-aarch64.deb"; - hash = "sha256-Arq4seJxd69XdraIaYJSv1p9g+Bz/7rez/l9EP6dc9k="; - } - else - throw "spacedrive ${version}: unsupported platform: ${stdenv.hostPlatform.system}"; -in -stdenv.mkDerivation { - pname = "spacedrive"; - inherit version; - - src = fetchurl srcInfo; - - nativeBuildInputs = [ - dpkg - makeWrapper - autoPatchelfHook - wrapGAppsHook3 - ]; - - buildInputs = [ - adwaita-icon-theme - ffmpeg - gdk-pixbuf - glib - glib-networking - gtk3 - hicolor-icon-theme - libsoup_3 - webkitgtk_4_1 - xdotool - gst_all_1.gst-plugins-ugly - gst_all_1.gst-plugins-bad - gst_all_1.gst-plugins-base - gst_all_1.gstreamer - ]; - - # WebKitGTK + TLS + icons; ffmpeg/ffprobe on PATH (alpha Linux builds omit bundled ffmpeg). - preFixup = '' - gappsWrapperArgs+=( - "--prefix" "PATH" ":" "${lib.makeBinPath [ ffmpeg ]}" - "--set-default" "WEBKIT_DISABLE_DMABUF_RENDERER" "1" - ) - ''; - - postFixup = '' - # Core daemon is not GTK-linked; wrapGAppsHook3 skips it — still needs ffmpeg for media paths. - wrapProgram $out/bin/sd-daemon --prefix PATH : "${lib.makeBinPath [ ffmpeg ]}" - ''; - - unpackPhase = "dpkg-deb -x $src source"; - - installPhase = '' - runHook preInstall - - mkdir -p $out/{bin,lib,share} - cp -r source/usr/bin/* $out/bin/ - cp -r source/usr/lib/* $out/lib/ - cp -r source/usr/share/* $out/share/ - - ln -sf Spacedrive $out/bin/spacedrive - - substituteInPlace $out/share/applications/Spacedrive.desktop \ - --replace-fail 'Exec=Spacedrive' 'Exec=spacedrive' - - runHook postInstall - ''; - - meta = with lib; { - description = "Local-first file manager and virtual distributed filesystem (v2 alpha)"; - homepage = "https://spacedrive.com"; - changelog = "https://github.com/spacedriveapp/spacedrive/releases/tag/v${version}"; - license = licenses.agpl3Plus; - platforms = [ - "x86_64-linux" - "aarch64-linux" - ]; - mainProgram = "spacedrive"; - sourceProvenance = with sourceTypes; [ binaryNativeCode ]; - }; -} diff --git a/modules/wisdom/browsers/chromium-hevc.nix b/modules/wisdom/browsers/chromium-hevc.nix new file mode 100644 index 0000000..0ae3f7b --- /dev/null +++ b/modules/wisdom/browsers/chromium-hevc.nix @@ -0,0 +1,192 @@ +{ ... }: { + flake.nixosModules.systemChromiumHevcVaapi = + { config, lib, pkgs, ... }: + let + cfg = config.chiasson.system.chromiumHevc; + in + { + options.chiasson.system.chromiumHevc.enable = lib.mkEnableOption '' + VA-API packages for Chromium HEVC (Intel iHD + optional NVIDIA nvidia-vaapi-driver). + Pair with `wisdomBrowsersChromiumHevc` on the user side. + ''; + + config = lib.mkIf cfg.enable { + hardware.graphics.enable = lib.mkDefault true; + hardware.graphics.extraPackages = lib.mkAfter ( + with pkgs; + [ nvidia-vaapi-driver ] + ); + }; + }; + + flake.homeManagerModules.wisdomBrowsersChromiumHevc = + { config, lib, pkgs, ... }: + let + root = config.chiasson.home; + cfg = config.chiasson.home.browsers.chromiumHevc; + + browserCatalog = { + "google-chrome" = { + package = pkgs.google-chrome; + binary = "google-chrome-stable"; + launcher = "google-chrome-hevc"; + desktopName = "Google Chrome (HEVC)"; + icon = "google-chrome"; + }; + chromium = { + package = pkgs.chromium; + binary = "chromium"; + launcher = "chromium-hevc"; + desktopName = "Chromium (HEVC)"; + icon = "chromium"; + }; + "microsoft-edge" = { + package = pkgs.microsoft-edge; + binary = "microsoft-edge-stable"; + launcher = "microsoft-edge-hevc"; + desktopName = "Microsoft Edge (HEVC)"; + icon = "microsoft-edge"; + }; + }; + + gpuProfiles = { + intel = { + driver = "iHD"; + drmDevice = "/dev/dri/renderD128"; + nvdBackend = "direct"; + enableFeatures = [ + "VaapiVideoDecodeLinuxGL" + "VaapiVideoDecoder" + "VaapiIgnoreDriverChecks" + "PlatformHEVCDecoderSupport" + "UseMultiPlaneFormatForHardwareVideo" + "AcceleratedVideoDecodeLinuxGL" + ]; + disableFeatures = [ + "AcceleratedVideoDecodeLinuxZeroCopyGL" + ]; + }; + nvidia = { + driver = "nvidia"; + drmDevice = "/dev/dri/renderD129"; + nvdBackend = "direct"; + enableFeatures = [ + "VaapiVideoDecoder" + "VaapiIgnoreDriverChecks" + "PlatformHEVCDecoderSupport" + "VaapiOnNvidiaGPUs" + "AcceleratedVideoDecodeLinuxGL" + ]; + disableFeatures = [ + "AcceleratedVideoDecodeLinuxZeroCopyGL" + "UseMultiPlaneFormatForHardwareVideo" + "VaapiVideoDecodeLinuxGL" + ]; + }; + }; + + activeGpu = gpuProfiles.${cfg.vaapi.gpu}; + + mkChromiumHevc = + packageName: + let + spec = browserCatalog.${packageName}; + browser = spec.package; + launcherName = spec.launcher; + enableFeatures = lib.concatStringsSep "," activeGpu.enableFeatures; + disableFeatures = lib.concatStringsSep "," activeGpu.disableFeatures; + desktopItem = pkgs.makeDesktopItem { + name = launcherName; + desktopName = spec.desktopName; + genericName = "Web Browser"; + exec = "${launcherName} %U"; + icon = spec.icon; + categories = [ + "Network" + "WebBrowser" + ]; + mimeTypes = [ + "text/html" + "text/xml" + "application/xhtml+xml" + "x-scheme-handler/http" + "x-scheme-handler/https" + ]; + }; + in + pkgs.runCommand launcherName + { + inherit (browser) version; + nativeBuildInputs = [ pkgs.makeWrapper ]; + passthru = { inherit browser; }; + } + '' + mkdir -p $out/bin $out/share/applications + + makeWrapper ${browser}/bin/${spec.binary} $out/bin/${launcherName} \ + --set LIBVA_DRIVER_NAME ${lib.escapeShellArg activeGpu.driver} \ + --set LIBVA_DRM_DEVICE ${lib.escapeShellArg activeGpu.drmDevice} \ + --set NVD_BACKEND ${lib.escapeShellArg activeGpu.nvdBackend} \ + --add-flags "--enable-features=${enableFeatures}" \ + --add-flags "--disable-features=${disableFeatures}" \ + ${lib.concatMapStringsSep " " (a: "--add-flags ${lib.escapeShellArg a}") cfg.extraCommandLineArgs} + + cp ${desktopItem}/share/applications/${launcherName}.desktop \ + $out/share/applications/${launcherName}.desktop + ''; + + selectedPackages = lib.filter ( + name: + let + spec = browserCatalog.${name}; + in + lib.meta.availableOn pkgs.stdenv.hostPlatform spec.package + ) cfg.packages; + + wrappers = map mkChromiumHevc selectedPackages; + in + { + options.chiasson.home.browsers.chromiumHevc = { + enable = lib.mkEnableOption '' + `google-chrome-hevc`: Chromium with VA-API HEVC for Jellyfin / MSE playback. + + Default GPU is **Intel** (`vaapi.gpu = "intel"`): Chromium + NVIDIA VA-API is + unsupported upstream (`nvidia-vaapi-driver` README) and fails with + `failed Initialize()ing the frame pool` in Jellyfin. + + Requires `chiasson.system.chromiumHevc.enable` on NixOS. + ''; + + packages = lib.mkOption { + type = lib.types.listOf ( + lib.types.enum (lib.attrNames browserCatalog) + ); + default = [ "google-chrome" ]; + description = "Chromium-based browsers to wrap."; + }; + + vaapi.gpu = lib.mkOption { + type = lib.types.enum [ + "intel" + "nvidia" + ]; + default = "intel"; + description = '' + VA-API stack for `google-chrome-hevc`. Use **intel** for Jellyfin (Chromium + + nvidia-vaapi-driver is unsupported and hits frame-pool init errors). **nvidia** + keeps renderD129 + VaapiOnNvidiaGPUs for experiments only. + ''; + }; + + extraCommandLineArgs = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ ]; + description = "Extra Chromium flags appended after the HEVC profile flags."; + }; + }; + + config = lib.mkIf (root.enable && cfg.enable) { + home.packages = wrappers; + }; + }; +} diff --git a/modules/wisdom/default.nix b/modules/wisdom/default.nix index 17c565b..4e337f6 100644 --- a/modules/wisdom/default.nix +++ b/modules/wisdom/default.nix @@ -3,7 +3,6 @@ imports = [ ./apps/discord.nix ./apps/localsend.nix - ./apps/spacedrive ./apps/pokeclicker ./apps/spotify.nix ./browsers/orion.nix diff --git a/modules/wisdom/editors/cursor.nix b/modules/wisdom/editors/cursor.nix index 0786c27..2eb3d88 100644 --- a/modules/wisdom/editors/cursor.nix +++ b/modules/wisdom/editors/cursor.nix @@ -21,6 +21,23 @@ pkgs.cursor-cli else null; + nixIdeTools = [ pkgs.nixd pkgs.nixfmt ]; + cursorWithNixIde = + if cursorPkg == null then + null + else + pkgs.symlinkJoin { + name = "cursor-with-nix-ide"; + paths = [ cursorPkg ]; + buildInputs = [ pkgs.makeWrapper ]; + postBuild = '' + for prog in $out/bin/*; do + if [ -x "$prog" ]; then + wrapProgram "$prog" --prefix PATH : "${lib.makeBinPath nixIdeTools}" + fi + done + ''; + }; in { options.chiasson.home.editors.cursor = { @@ -45,12 +62,28 @@ ''; }; }; + nixIde = { + enable = lib.mkEnableOption '' + Nix IDE extension tooling (`nixd` LSP, `nixfmt` formatter). + + Installs `nixd` / `nixfmt` and wraps Cursor so they are on the editor `PATH` + (the GUI does not inherit your shell profile). + '' // { + default = true; + }; + }; }; config = lib.mkIf (root.enable && cfg.enable && cursorPkg != null) { home.packages = - [ cursorPkg ] - ++ lib.optionals (cfg.agent.enable && cfg.agent.package != null) [ cfg.agent.package ]; + [ + (if cfg.nixIde.enable && cursorWithNixIde != null then + cursorWithNixIde + else + cursorPkg) + ] + ++ lib.optionals (cfg.agent.enable && cfg.agent.package != null) [ cfg.agent.package ] + ++ lib.optionals cfg.nixIde.enable nixIdeTools; home.sessionVariables = lib.mkIf cfg.setAsDefaultEditor { EDITOR = "cursor --wait"; VISUAL = "cursor --wait"; diff --git a/secrets/attic-secrets.yaml b/secrets/attic-secrets.yaml index f6ec6fe..7428f63 100644 --- a/secrets/attic-secrets.yaml +++ b/secrets/attic-secrets.yaml @@ -1,5 +1,6 @@ attic: server-token-rs256-secret-base64: ENC[AES256_GCM,data:OKsb3z4t7bKyiPIspsdSboy7nWteWbM6amZaBuqgkbH8mpbuk3cyLzRZG28BPZx+rXisCsjF/u8oe6IhQQ3vNxvQzKyvSSUEyWjgnP2Q8ChJf585SI9RWpp/FrSIPzBqdkRLIl3MaTEfQ9+usPDK0eZdpsuW5yqQMR7mlSTczxuEKMkrDPnJvKNt2pe60x7qdjihVWOFKcShIeFpR0O2o7J863d4W57PTXXXAmsmt5hPzKP8PSBcxDtIxhsDZtgDsHjD51YLQYpIPLiw+PI0KraEJOQ2YkQ4qpG3DMryF1W9VDgT/46WlHuG1TGyK2sBXnm0Sxfes6ytRjOWMO9LXXZphAnAKeBaf3C1HPkwhTR03HRBcRzZOVJJpI/7JWk3hncS5BS0n3ZYDHNTEejVgIxr8kAxa1j/VcyvNOXoJbQFlqlNICPjDscHV/OhdZ+7v26WNQgBy4AWqWTfG63EZAgMyBR3GOb6TWBC+ngyxy/qw9i1kEiZKXdqsr/ot8K55Un69i3sOrwK3fQvH2FAIt+6ku7ls9742nHL+NmwjBnLlxEiuQ2XVR0W/2qlLuVY+U/1UKlXPZOErSVLRp/xTBCvonQ9bPSB4DbYCVQiVCHT3j4z9cn9sahwuLT+DrOaiHxaaUPJxYvi/joDPG8WIgRAENvSDhwMzlY6H/+JXNxLS/jp/tW1hNpfPzD2mjus7hw6m3snQuhG4s9TmJVGO86bWtD9gFroSxSS1R/S13SzogkLatUS5O2afpNI34VuYm+CVW9gQSw68jrxrZSiwBx/E/mN6bQ7RT5avn4wbxWFDc6wNxHuwQYV8bEe5Zprvpi2/NfTPE/mCkAtoxcJKhXwOHbKLcT7kgVLIcmoVV5jmwss+NtiSGnEZ1OB6lu6p4V9dvjkBviXshbIFTsLXqFTNDsD62/r13wGFGEBB1+JLl5uBT7ms/bXyRpkfcugrvHsAQwIcIc4MSiiV7eVfBAV7uV771+wZohJ0QZqkcq7Ryzg61VOtX3N2F3HwauuzsxWvYatW1EawoBKSqV7WqubtviGC4aixjE/m+Kdrwt9OVz0XPh+X7eUu27By4fpLNmndfoEHJksIpy7klGoYwarSUFw8t52SX5UiYBG2iRjdcgNMcvC3NOzA/UIf2rZvMSYIyP62n6VNLydHxiO4eT9MNbnNmmeaJrv9QKQ9/s07fLaNBvFIbwe4Up7uwX8O8cyu8f5ETmxH0i3pGTLxjAfXQy5+gYi94AQQ98OaF6iY41nVmQYbGk76MnC3EFzcFTOHr/eVgohSaVjLB+SOXshfD18g/sC98kMzULv4YandjQYLWcE2aPLNKShbW9hNvRFHL1RxlGcwVGHHGxs0cVhNjfjLn5XBQUivbt5BhP4TYUcaUQQFkJpqD8Bu2CUSfqMHiZ4kbjFzdTeQYhvTSeSaKq5P4IvEsWMhlH2ijur3Bg5yBGHR1lkm4B0VlWgRIWBN3oQ5FbLHHHY1T1Y57jyXnGmgXtdKA8+9U1m356wqX/BArd+7JBEon4XAGEppgosA4qJU3q+78IQM3+Nyp4nldfssxqL13UJ+F8WyJQR+fDlSzdUIYPA9vTalQ8sSZwqmwGhgnSfckrCQpRMIKQHkqxCy9XwUPpmxE2ktJJkgw58Mzb3BMfUbmoLuqI3/WCdtzxUBhFqxZpTZrfi+qiQ7E5c/vFBRaj0n6yi9CVucBCSemHREDM7DuF9sO4WDlqCY8x5IIQ/7DUJJHmX7JPi0k5qYdgdUEhr/EZtkhX5clpMHmqsz3GC4wONR71tyRSPqVABh1dqN6kAcTD9NacnUH0whyfI6azOwbQwqH147WkdF0gJHzCEvvlu2iaJutmbeitttz/cy/Xt4C8zo0U0NAeUzd6hSE3J6gZFLDWipPIjS9zmxUv2K0DQ0bEKcNFAcvuabeV0dj32nXrtF/a0ZpJeKmHbLlo9tFiz7NNPQn9N0C5g3CqOxs5UIt7kInSBjRo9p2gWyLav+mngukdA8Jf7CI2GihxQmebfw3mYoo/m9bO8dpXYmyHyF1hOMGCArSBiVq9YvqmwIAP14W8bagz+uXOypYw7PQaqz0jNdyffQZFH3V9ZgkVAQyCAgO3TLit6Sk0IelV9O7XU+AFixr3vO0d0XycX1ub2Zxc1GrmeCMe/7Xt0341evH1hfehtzfl5ixL6VZej5QRezErBa0Cm+L+V8DAHalXCPNzO8uOi3ADrD1dbn2RxS16sbx/RV+QaHCI2R3ZEwsdY+qXYBwtcA1qatLIrlJ0jUAbeslp+Hz4RgRIF2MoR5JgXNG+PkCnQwxhJNRwbfttLfw+jrnxXHmydb/PNcxTNjXkzroJxHGgfDgVFoODjbIAjt4M3gkDkQEs2zYtZf/se+PI1WmrBHgJ6FfWAKh1Kafc9vLKKvdYwGTtaIjOFNIfw3+uEMf4z10EJBgNbuJRm4yxw44oFPvGZV2UmCLVtdv5UGl/egUYbC+EhE6oQJOy7IQVu339v5ZmABOkz18FX007012GYHnA6DmUYgwq/RehFQsT4I4ggy3AF62o7W+UD3kiymB2iqWHkZmKk6wu8XanIWFArvVvUHKlODzSB8YdxYdVOJpT/FOcAtM4YWotL3SLZyusqA+QVgQ/YCV2Ybx+XYZQRLlh5bXyWPMpTgZSuIe0CEmhhIsgh8et953hseFXkoAGWgzBtssXUBc/awsqi49fvJdCynxKPmDY7ZCWxa2yy01FMz5orvQocZQ0JeR3eh6W7JaFcS2lKuFV8Y3K5/KfGW+nuQ9L/f7+9a1oXcMBvOjadALNkl4TRGc4pv1XCXzPSi4ZPs/fFEdyUH3bil+O4Yc3X/Hqxn04PTHF7PFObk3YDEsxJOw/XQFufep/YG3fnM/z7u7PnWuFUWH3mOSn1RGfdxQ6ieegRdRA8fJOqVPhvXU9gmHuMX77BIHURdEhCVBUSLJwO07kejG2hGUcqVNzXqdzAeNB1VAQfZJgPgOQ0bNyOLFODPmly1DdB21eTe66f44Nf0Vzzeq7IaA3aodV7OWRt4b6kKcuEIpSZ5Xy6VcEKtKgvZmW2i4fZHEz/QNfLeuYwsTnIW9tNzz4O6byna/Kr8lIO9y8UzV6rPglY8xUrx80MI+5WffavK/ydGEmR7I9cciSIuYUjWofZbU/2+SiMiA6ddOc4IIRZJpxZ1oZUCYaam17BsKVGnRfVt2zCvXvmViFMq1DVr3DPplnj9OTpk92EFmbXVuNIEn39ANuoU/pOW2b3lVhTXk+kwfISli7/37gVsCxX9mwfI8ubRrFO5hgC9nSv4YBysQwa93Ba/dylcFgORvsABLvmhf/GPU+4GoFEYfNjBNQdJv+wWWiKPiHcD/v2Li2Uu5Ke7J1syu3TpH9OS/0r1H9dukDZT7+gq1pZAfTnZu7hWMJLvk5Y9X093/6GT3510Q1ksCMbvLpStpdz0cusqaXZMrTQUODE6P8aDdXuWVQ44MChX7jXZVldsmyRX7Sgz0yh06cebgmBm8uHBlheeu9oPj1eo6lx6/JNiGeY4ELvyA6RvVyEStc1MoxDXvxSLH97McPvJfNgGV8x/TTFV+hDESWlegHPPDq9voQhjRelRuOlZnKk436Yxg7Bs/Z70DWf+nc9u0tQQH7RWbrVV4kTLY9noVM+ngJQEdq1eYnS4I8SSDZKcWRz7goSANQhiDjrviHdVPzBHrsKitQqMGYvG/KYiXdIk1GhZCX+HEhq3Orh6JyyRCfjyFUfyJrrSgI3iE97d7uxiqMKGqH6VGaaFXc4Kt6TqZbRvZ/SC0jI8DaGL3BFjBcT0G4arJr6oYHIQWwAHi0CzRgwWGSCcQPx7crrziHLpbohOt4sw5EqFC2Oabw6LpJqDO6UH3sluxdxNm281RTd9FuKV+9Bm8bJK0zRhBv/GHOLAgzbvsqKPYg+vPFt9aOufabJUbsZse0teGAsBFDa7M1gx1HOohCS2qw+ZxdU++fJezK3qYFY6r2C0CJTZoaFv+imBxZCQUwVXithWKfEXzFEui4JyUuwJzkHQgNevQPNSmZ85b8g7eCFQ//BkEiqz9Ywz0HuuuHYsu77WBRk1w7R1Ks4AXkuZM1GYzUcAT37wN9G8QwdTx9H4zWQvxgRUlygZ8ommOzdirbifGqR6SQnC8LuUgmWpf3bmmeGx6O/lkbi2meLUKL1CcBeZpIZzBWsByawUxAETS5dhZWlpYWQ3ViOOgjv9kfAugwBwuOEsbPWtZWp/p9PAcNcsL/gm6+gHn4Jw7Gd8/XUNfU9ROcLGaVUeDSvLKQl+Qc0Qk8RMn0iAUDF627gLebZjd8be3YFgAQ+n3GXCb18/Ox/P5nm70wBON0BpE99B9imZ/UN1vHgUwaUWN+e5TvYo7T7n/pTR+WXWzoJ2rL6UfZOKopQE2g4QE+8U26GjlvnmCByv9PdRaz2ebCMHk5HGbiob00NVtYGDoJT+wcrlhp8vsfvw2OQlNh/kZzyPGeX3yWsvs/gkXY9rQ3GryViGlNA6DrNApopxp9ZO9S8ica8xXP+yxs/GPtfr14FgyU4BMMl1WqBe1LgtDc4UCaQEdZCTl7ZlMVnAXm/p2HYcbtUdTrCKLTjmj5TEliXCAewPHsLUWhIks5Dq9hhLj9J2nW8E3DzAIPRe3chlgZsQkNr7GM+uxUoedsFYWISaZ3u9BTyHsX9mQn8+SpWiBYoyUmH+bOirzuUbq2kt6HroSqXWDUvTU+K0fUfa4hNDLR3YhyebJAdvVjGG1KMlM4c2QVTcg1gNzhLAAkPgDyRM+Y3fdCy7YUdfSIoV991DcP3oKnGUnSzxV3HFJcVgTPHZvyq/bKmkGVv9Wl3ajcIpJhYO1EkXFE/roxDLm/fpjt8e9oB6jnXSlFQBAJaOSMFOSu2dvgBdLaqZEYodP30aJZD42O4PNfkN18b8uzOFlcnHV+JXqKzG4H1HHkq85LLGkb18g+wRIPQTkpr7kEEKsf/qAm41deZaemQgXFc21ECJhM7Pd387H6B7CrqYJ0zOMT42a13zkNqaD+XOecsPRmlLZqCudWAiTCTCNfzNOuXp2Z2gS8rPe3VNTohgPt09f0r2RxY5Nvz4BV26oY7eAjnJ/EBZE7O1cnJ+iUfixU3hFsOy5xNLeWxglpjon8wTjCPYbOhb/fJDUzezeCZIeknGb7+xksW42gFD3wOayWfjJWIQ1vOPnv5KORh6o9oJ7TCfZzEXq9wQAyEx7aPoFRa1r8JaOhviWEjh3cEg0SX3isNM+o19G31z/kssMZ4/lgWfaMukzneIUth5u7z8ePhxSqu7N8ekDNUEHs2wbyeZrO8GLufhhPe5rz+XdJVtVwpb2rtUDVDEAsGfFbcuc2J6rgyID4lDH3FbH0YvQkz+nWcMAKXG3KGk3StpyPrBs6auDjfjnYNAIfSLGII4y/pnmUCx45QlomCeDWqSuL/g8I8gxMGthD26Zzp7frHOElughmmY45XTMJRQ7AfaNNWgIiHXTT24cP/gC02Dq5czpEi6e1ivenHzJ4RpljNvucuy7QnaKDGOS3BQ4uKF5sU5hXsi6OuRoKszZsh2YeLw+tNcHAXzQpxptv49MDl/DCpRD3Fm3RcpQzuXATSZ48/akj4B4pItbSDrlFtzOuSpk3PDIB4ikvSjirkEt/vekasnKVVvwk7MCt1+m7HFvfVPwhneUjkrxHrsJTgVN7c//c+T1NGKKfR9h6fUNyvH564U5DzXhXkn0ol+4vkv2y9YbHz33+33w==,iv:bWODv/1k3PptgB4QtZZuOI5wPmTGedyRF3GgbGcCg74=,tag:k9a1+TFA6JlflTFfcEOHsA==,type:str] + database-password: ENC[AES256_GCM,data:Hl7zqnkAhtVjzIr66DBtNH2GfgSfAeJ/VuX4RbNnT/bKjXlYXiizyqYlsSs=,iv:MR+e4DV/Z/TKAbaQosbBYZLwVZQ4/s2RZYoNDCkoPt8=,tag:2p32FvldRhoBLAhLAthuww==,type:str] sops: age: - recipient: age1yyzgmazjxkvwtfcv9re3lqmt2ru5dcrfu3sauysm0wzfwzvyap8qkjkq32 @@ -56,7 +57,7 @@ sops: bjlyQ3BDOVRkMFROdk1veEgyYVZuK3cKAbhQPk1T0o6bGYBT9EggACViunccjSgG G1vZMTJbLCOU9G3JNFGWVEnpIkY3fqLJGDpVTinRLh1fN3VNpNRowQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-03-24T00:25:39Z" - mac: ENC[AES256_GCM,data:fl3MByuB+MrsRdsmpvLbH8ebnJ+4RKfKLu26aO50tRpdvMqi8lqpcYb9FKwTksGM1qb84rU/Q/NK4/mkwqGr3hAftLJ1J2pcR+GcnBbnihJs5uA3jfb59fine855QLaWbfk61LbQk3GWJs45jRGMAGSCqZMqXZNM5N55KSWSmjw=,iv:j3ev3sVc41TsyPVP1570uGxOOmmogYPQHPPDklt9qtM=,tag:JwXmI7/FMdyZg4w6v6Rq4g==,type:str] + lastmodified: "2026-05-18T19:30:28Z" + mac: ENC[AES256_GCM,data:HAilje8Dn0TrIr/0BRne3JFglBjvpYwmnLxvKdb4UnNmw+7mgyo2Y/rFVOHDtQoY64YGfBXrdZcJLHGReOFKkQTaosDGk7xpnLRQakfLChprivjtqs/GPs8dep/k1o2CA99bf8G9RmwLTJ/fCp484+RekAtK7wuRV5wb6gOhyhA=,iv:vysJrZOoe5BX0HgUSuloKAVj9V/7zMqMj9L0foqCDa4=,tag:mYjUYmapRZRA6vJnG0vWdw==,type:str] unencrypted_suffix: _unencrypted - version: 3.12.1 + version: 3.12.2