update handy to 0.8.0

automated update of helium appimage version and hash

## changelog
from `0.10.5.1` to `0.10.6.1`

upstream release: https://github.com/imputnet/helium-linux/releases/tag/0.10.6.1

Co-authored-by: gitea actions <actions@localhost>
Reviewed-on: #17

README.md

@@ -20,3 +20,36 @@ NixOS configuration using a dendritic structure — `flake.nix` at the root, wit
 ```bash
 sudo nixos-rebuild switch --flake .#nixos
 ```
+
+## SMB share secrets (agenix)
+
+SMB automount is configured in `modules/hosts/nixos.nix` and activates once
+`secrets/smb-credentials.age` exists.
+
+1. Edit recipients in `secrets/secrets.nix` if needed.
+2. Create the encrypted secret (using the host SSH private key via sudo):
+
+```bash
+sudo env RULES=secrets/secrets.nix nix run github:ryantm/agenix -- -e secrets/smb-credentials.age -i /etc/ssh/ssh_host_ed25519_key
+```
+
+Use this content:
+
+```text
+username=YOUR_SMB_USER
+password=YOUR_SMB_PASSWORD
+# optional
+# domain=WORKGROUP
+```
+
+Configured shares mirror your Endeavour setup:
+
+- `//192.168.1.102/data` → `/mnt/unraid-data`
+- `//192.168.1.102/appdata` → `/mnt/unraid-appdata`
+
+Then apply:
+
+```bash
+sudo nixos-rebuild switch --flake .#nixos
+```
+

flake.lock

@@ -1,5 +1,48 @@
 {
   "nodes": {
+    "agenix": {
+      "inputs": {
+        "darwin": "darwin",
+        "home-manager": "home-manager",
+        "nixpkgs": "nixpkgs",
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1770165109,
+        "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ryantm",
+        "repo": "agenix",
+        "type": "github"
+      }
+    },
+    "darwin": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1744478979,
+        "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
+        "owner": "lnl7",
+        "repo": "nix-darwin",
+        "rev": "43975d782b418ebf4969e9ccba82466728c2851b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "lnl7",
+        "ref": "master",
+        "repo": "nix-darwin",
+        "type": "github"
+      }
+    },
     "flake-parts": {
       "inputs": {
         "nixpkgs-lib": [
@@ -20,6 +63,27 @@
         "type": "github"
       }
     },
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1745494811,
+        "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
     "import-tree": {
       "locked": {
         "lastModified": 1772999353,
@@ -36,6 +100,22 @@
       }
     },
     "nixpkgs": {
+      "locked": {
+        "lastModified": 1754028485,
+        "narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "59e69648d345d6e8fef86158c555730fa12af9de",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-25.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
       "locked": {
         "lastModified": 1772773019,
         "narHash": "sha256-E1bxHxNKfDoQUuvriG71+f+s/NT0qWkImXsYZNFFfCs=",
@@ -53,9 +133,25 @@
     },
     "root": {
       "inputs": {
+        "agenix": "agenix",
         "flake-parts": "flake-parts",
         "import-tree": "import-tree",
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": "nixpkgs_2"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
       }
     }
   },

flake.nix

@@ -9,6 +9,7 @@
     };
 
     import-tree.url = "github:vic/import-tree";
+    agenix.url = "github:ryantm/agenix";
   };
 
   outputs =

modules/development.nix

@@ -12,6 +12,7 @@
       lazygit
       pnpm
       ni
+      code-cursor-fhs
 
       # LSPs and formatters (previously via Mason)
       stylua

modules/hosts/nixos.nix

@@ -3,9 +3,20 @@
   self,
   config,
   ...
-}: {
+}: let
-  flake.nixosModules.nixos-host = {pkgs, ...}: {
+  flakeConfig = config;
+in {
+  flake.nixosModules.nixos-host = {
+    pkgs,
+    lib,
+    config,
+    ...
+  }: let
+    smbSecretFile = ../../secrets/smb-credentials.age;
+    hasSmbSecret = builtins.pathExists smbSecretFile;
+  in {
     imports = [
+      inputs.agenix.nixosModules.default
       ../../hardware-configuration.nix
     ];
 
@@ -19,7 +30,7 @@
     # Custom EDID override for Samsung 240Hz on DP-1
     boot.kernelParams = ["drm.edid_firmware=DP-1:edid/g80.bin"];
     hardware.firmware = [
-      (pkgs.runCommandNoCC "g80-edid-firmware" {} ''
+      (pkgs.runCommand "g80-edid-firmware" {} ''
         install -Dm444 ${../assets/edid/g80.bin} $out/lib/firmware/edid/g80.bin
       '')
     ];
@@ -69,7 +80,7 @@
     };
 
     # User account
-    users.users.${config.username} = {
+    users.users.${flakeConfig.username} = {
       isNormalUser = true;
       description = "Thomas Gouveia Lopes";
       extraGroups = ["networkmanager" "wheel"];
@@ -91,6 +102,59 @@
     # State version
     system.stateVersion = "25.11";
 
+    boot.supportedFilesystems = ["cifs"];
+
+    warnings = lib.optional (!hasSmbSecret) ''
+      SMB automount is disabled: missing ${toString smbSecretFile}.
+      Create it with agenix:
+      sudo env RULES=secrets/secrets.nix nix run github:ryantm/agenix -- -e secrets/smb-credentials.age -i /etc/ssh/ssh_host_ed25519_key
+      and set:
+      username=...
+      password=...
+      # optional
+      # domain=WORKGROUP
+    '';
+
+    age.identityPaths = ["/etc/ssh/ssh_host_ed25519_key"];
+    age.secrets."smb-credentials" = lib.mkIf hasSmbSecret {
+      file = smbSecretFile;
+      mode = "0400";
+      owner = "root";
+      group = "root";
+    };
+
+    fileSystems."/mnt/unraid-data" = lib.mkIf hasSmbSecret {
+      device = "//192.168.1.102/data";
+      fsType = "cifs";
+      options = [
+        "credentials=${config.age.secrets."smb-credentials".path}"
+        "uid=1000"
+        "gid=1000"
+        "iocharset=utf8"
+        "nofail"
+        "x-systemd.automount"
+        "_netdev"
+        "noserverino"
+        "vers=3.0"
+      ];
+    };
+
+    fileSystems."/mnt/unraid-appdata" = lib.mkIf hasSmbSecret {
+      device = "//192.168.1.102/appdata";
+      fsType = "cifs";
+      options = [
+        "credentials=${config.age.secrets."smb-credentials".path}"
+        "uid=1000"
+        "gid=1000"
+        "iocharset=utf8"
+        "nofail"
+        "x-systemd.automount"
+        "_netdev"
+        "noserverino"
+        "vers=3.0"
+      ];
+    };
+
     fileSystems."/mnt/endeavour" = {
       device = "/dev/disk/by-uuid/a32ca052-12a5-4355-bd3b-b4515d9ea4a5";
       fsType = "ext4";

modules/packages.nix

@@ -24,6 +24,8 @@
       ffmpeg
       tmux
       obs-studio
+      jjui
+      bat
     ];
   };
 }

modules/pkgs/handy.nix

@@ -2,11 +2,11 @@
   perSystem = {pkgs, ...}: {
     packages.handy = pkgs.appimageTools.wrapType2 rec {
       pname = "handy";
-      version = "0.7.10";
+      version = "0.8.0";
 
       src = pkgs.fetchurl {
         url = "https://github.com/cjpais/Handy/releases/download/v${version}/Handy_${version}_amd64.AppImage";
-        hash = "sha256-vBOcXCCJr9D0u0h27nN4XLPPngx4m+toAfi6O6Fuojk=";
+        hash = "sha256-PLcssfd6iMx51mglAJ7D4+67HFazwfhJMImgU9WiNDk=";
       };
 
       extraInstallCommands = let

modules/pkgs/helium.nix

@@ -2,11 +2,11 @@
   perSystem = { pkgs, ... }: {
     packages.helium = pkgs.appimageTools.wrapType2 rec {
       pname = "helium";
-      version = "0.10.2.1";
+      version = "0.10.6.1";
 
       src = pkgs.fetchurl {
         url = "https://github.com/imputnet/helium-linux/releases/download/${version}/${pname}-${version}-x86_64.AppImage";
-        hash = "sha256-Kh6UgdleK+L+G4LNiQL2DkQIwS43cyzX+Jo6K0/fX1M=";
+        hash = "sha256-6xqNRaP3aqitEseexRVEEjKkJClC0j1HHZoRGQanhSk=";
       };
 
       extraInstallCommands = let

modules/pkgs/zen-browser.nix

@@ -1,11 +1,11 @@
 {lib, ...}: {
   perSystem = {pkgs, ...}: let
     pname = "zen-browser";
-    version = "1.19.2b";
+    version = "1.19.3b";
 
     src = pkgs.fetchurl {
       url = "https://github.com/zen-browser/desktop/releases/download/${version}/zen-x86_64.AppImage";
-      hash = "sha256-lDn7rIYDgmyUnc3PdIASXfpXBXASL6TEdzyZfT716cI=";
+      hash = "sha256-p00Irv2z6brDXMx3cr0234lOZZ2a7FmJMDzN494nzMw=";
     };
 
     appimageContents = pkgs.appimageTools.extract {inherit pname version src;};

modules/ui.nix

@@ -2,6 +2,7 @@
 	flake.nixosModules.ui = { pkgs, lib, ... }: {
 		# Desktop environment
 		services.xserver.enable = true;
+		services.xserver.xkb.options = "compose:ralt,cedilla:cacute";
 		services.displayManager.gdm.enable = true;
 		services.displayManager.gdm.wayland = true;
 		services.desktopManager.gnome.enable = true;

secrets/secrets.nix

@@ -0,0 +1,7 @@
+let
+  nixos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIg62Co6P+CYcvINrW9IYM1D8W7A3LNlEphAqP6vCzrv root@nixos";
+in {
+  "secrets/smb-credentials.age".publicKeys = [
+    nixos
+  ];
+}

secrets/smb-credentials.age

@@ -0,0 +1,5 @@
+age-encryption.org/v1
+-> ssh-ed25519 eoxNoQ +//j26EmOrSLqTMUaKWy4X/GZZ3XoJmKlT+ArQejODU
+olSV7FU5URhIcB4JczmPhGZsaQjQCs7kTm/IISCePsk
+--- r7Gpe55fXHr9lghoFvwAZZVvDVckENBxTDXW3sXEjUI
+ã{„Â&ffÇj?ÛSŠÈy´|Ô™tÀܾ_3äûOÇÒåjp»	‹tS!Î,†!5iÿó©¡�ÙGoê‹_?tFKˆ%üÊ´ØÔh%up„ÁX;'•.ÿXÙðóœo=