update helium to 0.10.5.1

move smb automount secrets to agenix
add jjui
2026-03-16 06:00:26 +00:00 · 2026-03-13 19:07:13 +00:00 · 2026-03-13 17:45:54 +00:00
8 changed files with 214 additions and 7 deletions
@@ -20,3 +20,36 @@ NixOS configuration using a dendritic structure — `flake.nix` at the root, wit
 ```bash
 sudo nixos-rebuild switch --flake .#nixos
 ```
 ## SMB share secrets (agenix)
 SMB automount is configured in `modules/hosts/nixos.nix` and activates once
 `secrets/smb-credentials.age` exists.
 1. Edit recipients in `secrets/secrets.nix` if needed.
 2. Create the encrypted secret (using the host SSH private key via sudo):
 ```bash
 sudo env RULES=secrets/secrets.nix nix run github:ryantm/agenix -- -e secrets/smb-credentials.age -i /etc/ssh/ssh_host_ed25519_key
 ```
 Use this content:
 ```text
 username=YOUR_SMB_USER
 password=YOUR_SMB_PASSWORD
 # optional
 # domain=WORKGROUP
 ```
 Configured shares mirror your Endeavour setup:
 - `//192.168.1.102/data` → `/mnt/unraid-data`
 - `//192.168.1.102/appdata` → `/mnt/unraid-appdata`
 Then apply:
 ```bash
 sudo nixos-rebuild switch --flake .#nixos
 ```
@@ -1,5 +1,48 @@
 {
  "nodes": {
    "agenix": {
      "inputs": {
        "darwin": "darwin",
        "home-manager": "home-manager",
        "nixpkgs": "nixpkgs",
        "systems": "systems"
      },
      "locked": {
        "lastModified": 1770165109,
        "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=",
        "owner": "ryantm",
        "repo": "agenix",
        "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb",
        "type": "github"
      },
      "original": {
        "owner": "ryantm",
        "repo": "agenix",
        "type": "github"
      }
    },
    "darwin": {
      "inputs": {
        "nixpkgs": [
          "agenix",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1744478979,
        "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
        "owner": "lnl7",
        "repo": "nix-darwin",
        "rev": "43975d782b418ebf4969e9ccba82466728c2851b",
        "type": "github"
      },
      "original": {
        "owner": "lnl7",
        "ref": "master",
        "repo": "nix-darwin",
        "type": "github"
      }
    },
    "flake-parts": {
      "inputs": {
        "nixpkgs-lib": [
@@ -20,6 +63,27 @@
        "type": "github"
      }
    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
          "agenix",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1745494811,
        "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
        "owner": "nix-community",
        "repo": "home-manager",
        "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "home-manager",
        "type": "github"
      }
    },
    "import-tree": {
      "locked": {
        "lastModified": 1772999353,
@@ -36,6 +100,22 @@
      }
    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1754028485,
        "narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "59e69648d345d6e8fef86158c555730fa12af9de",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-25.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1772773019,
        "narHash": "sha256-E1bxHxNKfDoQUuvriG71+f+s/NT0qWkImXsYZNFFfCs=",
@@ -53,9 +133,25 @@
    },
    "root": {
      "inputs": {
        "agenix": "agenix",
        "flake-parts": "flake-parts",
        "import-tree": "import-tree",
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": "nixpkgs_2"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    }
  },
@@ -9,6 +9,7 @@
    };
    import-tree.url = "github:vic/import-tree";
    agenix.url = "github:ryantm/agenix";
  };
  outputs =
@@ -3,9 +3,20 @@
  self,
  config,
  ...
-}: {
+}: let
-  flake.nixosModules.nixos-host = {pkgs, ...}: {
+  flakeConfig = config;
 in {
  flake.nixosModules.nixos-host = {
    pkgs,
    lib,
    config,
    ...
  }: let
    smbSecretFile = ../../secrets/smb-credentials.age;
    hasSmbSecret = builtins.pathExists smbSecretFile;
  in {
    imports = [
      inputs.agenix.nixosModules.default
      ../../hardware-configuration.nix
    ];
@@ -19,7 +30,7 @@
    # Custom EDID override for Samsung 240Hz on DP-1
    boot.kernelParams = ["drm.edid_firmware=DP-1:edid/g80.bin"];
    hardware.firmware = [
-      (pkgs.runCommandNoCC "g80-edid-firmware" {} ''
+      (pkgs.runCommand "g80-edid-firmware" {} ''
        install -Dm444 ${../assets/edid/g80.bin} $out/lib/firmware/edid/g80.bin
      '')
    ];
@@ -69,7 +80,7 @@
    };
    # User account
-    users.users.${config.username} = {
+    users.users.${flakeConfig.username} = {
      isNormalUser = true;
      description = "Thomas Gouveia Lopes";
      extraGroups = ["networkmanager" "wheel"];
@@ -91,6 +102,59 @@
    # State version
    system.stateVersion = "25.11";
    boot.supportedFilesystems = ["cifs"];
    warnings = lib.optional (!hasSmbSecret) ''
      SMB automount is disabled: missing ${toString smbSecretFile}.
      Create it with agenix:
      sudo env RULES=secrets/secrets.nix nix run github:ryantm/agenix -- -e secrets/smb-credentials.age -i /etc/ssh/ssh_host_ed25519_key
      and set:
      username=...
      password=...
      # optional
      # domain=WORKGROUP
    '';
    age.identityPaths = ["/etc/ssh/ssh_host_ed25519_key"];
    age.secrets."smb-credentials" = lib.mkIf hasSmbSecret {
      file = smbSecretFile;
      mode = "0400";
      owner = "root";
      group = "root";
    };
    fileSystems."/mnt/unraid-data" = lib.mkIf hasSmbSecret {
      device = "//192.168.1.102/data";
      fsType = "cifs";
      options = [
        "credentials=${config.age.secrets."smb-credentials".path}"
        "uid=1000"
        "gid=1000"
        "iocharset=utf8"
        "nofail"
        "x-systemd.automount"
        "x-systemd.idle-timeout=5min"
        "_netdev"
        "vers=3.0"
      ];
    };
    fileSystems."/mnt/unraid-appdata" = lib.mkIf hasSmbSecret {
      device = "//192.168.1.102/appdata";
      fsType = "cifs";
      options = [
        "credentials=${config.age.secrets."smb-credentials".path}"
        "uid=1000"
        "gid=1000"
        "iocharset=utf8"
        "nofail"
        "x-systemd.automount"
        "x-systemd.idle-timeout=5min"
        "_netdev"
        "vers=3.0"
      ];
    };
    fileSystems."/mnt/endeavour" = {
      device = "/dev/disk/by-uuid/a32ca052-12a5-4355-bd3b-b4515d9ea4a5";
      fsType = "ext4";
@@ -24,6 +24,7 @@
      ffmpeg
      tmux
      obs-studio
      jjui
    ];
  };
 }
@@ -2,11 +2,11 @@
  perSystem = { pkgs, ... }: {
    packages.helium = pkgs.appimageTools.wrapType2 rec {
      pname = "helium";
-      version = "0.10.2.1";
+      version = "0.10.5.1";
      src = pkgs.fetchurl {
        url = "https://github.com/imputnet/helium-linux/releases/download/${version}/${pname}-${version}-x86_64.AppImage";
-        hash = "sha256-Kh6UgdleK+L+G4LNiQL2DkQIwS43cyzX+Jo6K0/fX1M=";
+        hash = "sha256-c/ea8C1XjTkBo0/ujGHEbKWyCmRMxyuiuOzAO9AMf1o=";
      };
      extraInstallCommands = let
@@ -0,0 +1,7 @@
 let
  nixos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIg62Co6P+CYcvINrW9IYM1D8W7A3LNlEphAqP6vCzrv root@nixos";
 in {
  "secrets/smb-credentials.age".publicKeys = [
    nixos
  ];
 }
@@ -0,0 +1,5 @@
 age-encryption.org/v1
 -> ssh-ed25519 eoxNoQ +//j26EmOrSLqTMUaKWy4X/GZZ3XoJmKlT+ArQejODU
 olSV7FU5URhIcB4JczmPhGZsaQjQCs7kTm/IISCePsk
 --- r7Gpe55fXHr9lghoFvwAZZVvDVckENBxTDXW3sXEjUI
 ã{„Â&ffÇj?ÛSŠÈy´|Ô™tÀÜ¾_3äûOÇÒåjp»	‹tS!Î,†!5iÿó©¡�ÙGoê‹_?tFKË†%üÊ´ØÔh%up„ÁX;'•.ÿXÙðóœo=
Author	SHA1	Message	Date
gitea actions	a0f1957b13	update helium to 0.10.5.1	2026-03-16 06:00:26 +00:00
thomas	1d1afe1a43	move smb automount secrets to agenix helium update / update-helium (push) Successful in 10s Details zen browser update / update-zen-browser (push) Successful in 5s Details handy update / update-handy (push) Successful in 5s Details	2026-03-13 19:07:13 +00:00
thomas	b1b3f324d9	add jjui	2026-03-13 17:45:54 +00:00