update helium to 0.10.2.1

2026-03-13 12:47:30 +00:00
19 changed files with 228 additions and 550 deletions
@@ -4,6 +4,7 @@ set -euo pipefail
 : "${FILE:?FILE is required}"
 : "${LATEST_RELEASE_URL:?LATEST_RELEASE_URL is required}"
 : "${DOWNLOAD_URL_TEMPLATE:?DOWNLOAD_URL_TEMPLATE is required}"
 : "${RELEASE_API_REPO:?RELEASE_API_REPO is required}"
 if command -v python >/dev/null 2>&1; then
  PYTHON_BIN=python
@@ -59,14 +60,184 @@ s=re.sub(r'hash\s*=\s*"[^"]+"', f'hash = "{os.environ["NEW_HASH"]}"', s, count=1
 open(p,"w").write(s)
 PY
 echo "updated=true" >> "$GITHUB_OUTPUT"
 echo "version=$latest_version" >> "$GITHUB_OUTPUT"
 echo "previous_version=$current_version" >> "$GITHUB_OUTPUT"
 release_tag="${release_tag_template//\{version\}/$latest_version}"
 release_tag="${release_tag#\{}"
 release_tag="${release_tag%\}}"
 release_tag="${release_tag#\'}"
 release_tag="${release_tag%\'}"
 release_url="${LATEST_RELEASE_URL%/latest}/tag/${release_tag}"
-echo "updated=true" >> "$GITHUB_OUTPUT"
+release_url="${LATEST_RELEASE_URL%/latest}/tag/${release_tag}"
-echo "version=$latest_version" >> "$GITHUB_OUTPUT"
+release_html=$(curl -fsSL "$release_url" || true)
-echo "previous_version=$current_version" >> "$GITHUB_OUTPUT"
+
-echo "release_url=$release_url" >> "$GITHUB_OUTPUT"
+release_notes=""
 if [ -n "$release_html" ]; then
  release_notes=$(printf '%s' "$release_html" | "$PYTHON_BIN" -c '
 import re
 import sys
 from html.parser import HTMLParser
 html = sys.stdin.read()
 m = re.search(r"<div[^>]*data-test-selector=\"body-content\"[^>]*class=\"[^\"]*markdown-body[^\"]*\"[^>]*>(.*?)</div>", html, re.S)
 if not m:
  print("")
  raise SystemExit(0)
 fragment = m.group(1)
 class MdExtractor(HTMLParser):
  def __init__(self):
    super().__init__()
    self.out = []
    self.list_depth = 0
    self.in_pre = False
    self.in_code_inline = False
    self.link_stack = []
  def _append(self, text):
    self.out.append(text)
  def _ensure_newline(self):
    if not self.out:
      return
    if not self.out[-1].endswith("\n"):
      self.out.append("\n")
  def _ensure_blank_line(self):
    if not self.out:
      return
    joined = "".join(self.out)
    if joined.endswith("\n\n"):
      return
    if joined.endswith("\n"):
      self.out.append("\n")
    else:
      self.out.append("\n\n")
  def handle_starttag(self, tag, attrs):
    attrs_d = dict(attrs)
    if tag in ("h1", "h2", "h3", "h4", "h5", "h6"):
      self._ensure_blank_line()
      level = int(tag[1])
      self._append("#" * level + " ")
      return
    if tag in ("p", "div"):
      self._ensure_blank_line()
      return
    if tag in ("ul", "ol"):
      self._ensure_blank_line()
      self.list_depth += 1
      return
    if tag == "li":
      self._ensure_newline()
      indent = "  " * max(self.list_depth - 1, 0)
      self._append(f"{indent}- ")
      return
    if tag == "br":
      self._append("\n")
      return
    if tag == "pre":
      self._ensure_blank_line()
      self._append("```\n")
      self.in_pre = True
      return
    if tag == "code":
      if not self.in_pre:
        self._append("`")
        self.in_code_inline = True
      return
    if tag == "a":
      href = attrs_d.get("href", "")
      self.link_stack.append(href)
      self._append("[")
      return
    if tag in ("strong", "b"):
      self._append("**")
      return
    if tag in ("em", "i"):
      self._append("*")
      return
  def handle_endtag(self, tag):
    if tag in ("h1", "h2", "h3", "h4", "h5", "h6", "p", "div"):
      self._ensure_blank_line()
      return
    if tag in ("ul", "ol"):
      self.list_depth = max(self.list_depth - 1, 0)
      self._ensure_blank_line()
      return
    if tag == "li":
      self._ensure_newline()
      return
    if tag == "pre":
      self._ensure_newline()
      self._append("```\n\n")
      self.in_pre = False
      return
    if tag == "code":
      if not self.in_pre and self.in_code_inline:
        self._append("`")
        self.in_code_inline = False
      return
    if tag == "a":
      href = self.link_stack.pop() if self.link_stack else ""
      if href:
        self._append("]("
          + href
          + ")")
      else:
        self._append("]")
      return
    if tag in ("strong", "b"):
      self._append("**")
      return
    if tag in ("em", "i"):
      self._append("*")
      return
  def handle_data(self, data):
    if data:
      self._append(data)
 parser = MdExtractor()
 parser.feed(fragment)
 text = "".join(parser.out)
 text = re.sub(r"\n{3,}", "\n\n", text)
 text = re.sub(r"[ \t]+\n", "\n", text)
 print(text.strip())
 ' || true)
 else
  echo "warning: failed to fetch release page ${release_url}"
 fi
 if [ -z "$release_notes" ]; then
  release_notes="_No changelog found on upstream release page. Check ${release_url}._"
 fi
 delimiter="CHANGELOG_$(date +%s%N)"
 {
  echo "changelog<<${delimiter}"
  printf '%s\n' "$release_notes"
  echo "${delimiter}"
 } >> "$GITHUB_OUTPUT"
@@ -25,7 +25,9 @@ jobs:
          FILE: modules/pkgs/handy.nix
          LATEST_RELEASE_URL: https://github.com/cjpais/Handy/releases/latest
          DOWNLOAD_URL_TEMPLATE: https://github.com/cjpais/Handy/releases/download/v{version}/Handy_{version}_amd64.AppImage
          RELEASE_API_REPO: cjpais/Handy
          RELEASE_TAG_TEMPLATE: v{version}
          GITHUB_TOKEN: ${{ secrets.github_token || secrets.GITHUB_TOKEN }}
        shell: bash
        run: bash .gitea/scripts/update-appimage-nix.sh
@@ -45,13 +47,14 @@ jobs:
        if: steps.update.outputs.updated == 'true'
        env:
          GITEA_TOKEN: ${{ secrets.tea_token || secrets.TEA_TOKEN }}
          CHANGELOG: ${{ steps.update.outputs.changelog }}
        shell: bash
        run: |
          set -euo pipefail
          version="${{ steps.update.outputs.version }}"
          previous_version="${{ steps.update.outputs.previous_version }}"
-          release_url="${{ steps.update.outputs.release_url }}"
+          release_url="https://github.com/cjpais/Handy/releases/tag/v${version}"
          pr_body=$(cat <<EOF
          automated update of handy appimage version and hash
@@ -60,6 +63,8 @@ jobs:
          from \`${previous_version}\` to \`${version}\`
          upstream release: ${release_url}
          ${CHANGELOG}
          EOF
          )
@@ -25,7 +25,9 @@ jobs:
          FILE: modules/pkgs/helium.nix
          LATEST_RELEASE_URL: https://github.com/imputnet/helium-linux/releases/latest
          DOWNLOAD_URL_TEMPLATE: https://github.com/imputnet/helium-linux/releases/download/{version}/helium-{version}-x86_64.AppImage
          RELEASE_API_REPO: imputnet/helium-linux
          RELEASE_TAG_TEMPLATE: '{version}'
          GITHUB_TOKEN: ${{ secrets.github_token || secrets.GITHUB_TOKEN }}
        shell: bash
        run: bash .gitea/scripts/update-appimage-nix.sh
@@ -45,13 +47,14 @@ jobs:
        if: steps.update.outputs.updated == 'true'
        env:
          GITEA_TOKEN: ${{ secrets.tea_token || secrets.TEA_TOKEN }}
          CHANGELOG: ${{ steps.update.outputs.changelog }}
        shell: bash
        run: |
          set -euo pipefail
          version="${{ steps.update.outputs.version }}"
          previous_version="${{ steps.update.outputs.previous_version }}"
-          release_url="${{ steps.update.outputs.release_url }}"
+          release_url="https://github.com/imputnet/helium-linux/releases/tag/${version}"
          pr_body=$(cat <<EOF
          automated update of helium appimage version and hash
@@ -60,6 +63,8 @@ jobs:
          from \`${previous_version}\` to \`${version}\`
          upstream release: ${release_url}
          ${CHANGELOG}
          EOF
          )
@@ -1,70 +0,0 @@
 name: t3code update
 on:
  schedule:
    - cron: "50 6 * * *"
  workflow_dispatch:
 jobs:
  update-t3code:
    runs-on: ubuntu-latest
    steps:
      - name: checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: install nix
        uses: cachix/install-nix-action@v27
        with:
          nix_path: nixpkgs=channel:nixos-unstable
      - name: check latest t3code release and update file
        id: update
        env:
          FILE: modules/pkgs/t3code.nix
          LATEST_RELEASE_URL: https://github.com/pingdotgg/t3code/releases/latest
          DOWNLOAD_URL_TEMPLATE: https://github.com/pingdotgg/t3code/releases/download/v{version}/T3-Code-{version}-x86_64.AppImage
          RELEASE_TAG_TEMPLATE: v{version}
        shell: bash
        run: bash .gitea/scripts/update-appimage-nix.sh
      - name: create branch and commit
        if: steps.update.outputs.updated == 'true'
        shell: bash
        run: |
          set -euo pipefail
          version="${{ steps.update.outputs.version }}"
          BRANCH="bot/t3code-${version}" \
          FILE="modules/pkgs/t3code.nix" \
          COMMIT_MESSAGE="update t3code to ${version}" \
          bash .gitea/scripts/commit-update.sh
      - name: open pull request
        if: steps.update.outputs.updated == 'true'
        env:
          GITEA_TOKEN: ${{ secrets.tea_token || secrets.TEA_TOKEN }}
        shell: bash
        run: |
          set -euo pipefail
          version="${{ steps.update.outputs.version }}"
          previous_version="${{ steps.update.outputs.previous_version }}"
          release_url="${{ steps.update.outputs.release_url }}"
          pr_body=$(cat <<EOF
          automated update of t3code appimage version and hash
          ## changelog
          from \`${previous_version}\` to \`${version}\`
          upstream release: ${release_url}
          EOF
          )
          GITEA_API="https://gitea.unrail.xyz/api/v1/repos/thomas/nixos-config" \
          BRANCH="bot/t3code-${version}" \
          TITLE="update t3code to ${version}" \
          BODY="$pr_body" \
          bash .gitea/scripts/create-gitea-pr.sh
@@ -25,7 +25,9 @@ jobs:
          FILE: modules/pkgs/zen-browser.nix
          LATEST_RELEASE_URL: https://github.com/zen-browser/desktop/releases/latest
          DOWNLOAD_URL_TEMPLATE: https://github.com/zen-browser/desktop/releases/download/{version}/zen-x86_64.AppImage
          RELEASE_API_REPO: zen-browser/desktop
          RELEASE_TAG_TEMPLATE: '{version}'
          GITHUB_TOKEN: ${{ secrets.github_token || secrets.GITHUB_TOKEN }}
        shell: bash
        run: bash .gitea/scripts/update-appimage-nix.sh
@@ -45,13 +47,14 @@ jobs:
        if: steps.update.outputs.updated == 'true'
        env:
          GITEA_TOKEN: ${{ secrets.tea_token || secrets.TEA_TOKEN }}
          CHANGELOG: ${{ steps.update.outputs.changelog }}
        shell: bash
        run: |
          set -euo pipefail
          version="${{ steps.update.outputs.version }}"
          previous_version="${{ steps.update.outputs.previous_version }}"
-          release_url="${{ steps.update.outputs.release_url }}"
+          release_url="https://github.com/zen-browser/desktop/releases/tag/${version}"
          pr_body=$(cat <<EOF
          automated update of zen browser appimage version and hash
@@ -60,6 +63,8 @@ jobs:
          from \`${previous_version}\` to \`${version}\`
          upstream release: ${release_url}
          ${CHANGELOG}
          EOF
          )
@@ -20,36 +20,3 @@ NixOS configuration using a dendritic structure — `flake.nix` at the root, wit
 ```bash
 sudo nixos-rebuild switch --flake .#nixos
 ```
 ## SMB share secrets (agenix)
 SMB automount is configured in `modules/hosts/nixos.nix` and activates once
 `secrets/smb-credentials.age` exists.
 1. Edit recipients in `secrets/secrets.nix` if needed.
 2. Create the encrypted secret (using the host SSH private key via sudo):
 ```bash
 sudo env RULES=secrets/secrets.nix nix run github:ryantm/agenix -- -e secrets/smb-credentials.age -i /etc/ssh/ssh_host_ed25519_key
 ```
 Use this content:
 ```text
 username=YOUR_SMB_USER
 password=YOUR_SMB_PASSWORD
 # optional
 # domain=WORKGROUP
 ```
 Configured shares mirror your Endeavour setup:
 - `//192.168.1.102/data` → `/mnt/unraid-data`
 - `//192.168.1.102/appdata` → `/mnt/unraid-appdata`
 Then apply:
 ```bash
 sudo nixos-rebuild switch --flake .#nixos
 ```
@@ -1,48 +1,5 @@
 {
  "nodes": {
    "agenix": {
      "inputs": {
        "darwin": "darwin",
        "home-manager": "home-manager",
        "nixpkgs": "nixpkgs",
        "systems": "systems"
      },
      "locked": {
        "lastModified": 1770165109,
        "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=",
        "owner": "ryantm",
        "repo": "agenix",
        "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb",
        "type": "github"
      },
      "original": {
        "owner": "ryantm",
        "repo": "agenix",
        "type": "github"
      }
    },
    "darwin": {
      "inputs": {
        "nixpkgs": [
          "agenix",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1744478979,
        "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
        "owner": "lnl7",
        "repo": "nix-darwin",
        "rev": "43975d782b418ebf4969e9ccba82466728c2851b",
        "type": "github"
      },
      "original": {
        "owner": "lnl7",
        "ref": "master",
        "repo": "nix-darwin",
        "type": "github"
      }
    },
    "flake-parts": {
      "inputs": {
        "nixpkgs-lib": [
@@ -50,11 +7,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1775087534,
+        "lastModified": 1772408722,
-        "narHash": "sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA=",
+        "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "3107b77cd68437b9a76194f0f7f9c55f2329ca5b",
+        "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3",
        "type": "github"
      },
      "original": {
@@ -63,71 +20,13 @@
        "type": "github"
      }
    },
    "flake-utils": {
      "inputs": {
        "systems": "systems_2"
      },
      "locked": {
        "lastModified": 1731533236,
        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "gsf": {
      "inputs": {
        "flake-utils": "flake-utils",
        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
        "lastModified": 1774464988,
        "narHash": "sha256-F0pVG3ou+yN+jqQlFXMf27BCeShDuZcpoeHFSord8xk=",
        "ref": "refs/heads/main",
        "rev": "3bccad3870d1f7220c423f06d21ed9b91d1b90d1",
        "revCount": 10,
        "type": "git",
        "url": "https://gitea.unrail.xyz/thomas/gotta-scroll-fast"
      },
      "original": {
        "type": "git",
        "url": "https://gitea.unrail.xyz/thomas/gotta-scroll-fast"
      }
    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
          "agenix",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1745494811,
        "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
        "owner": "nix-community",
        "repo": "home-manager",
        "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "home-manager",
        "type": "github"
      }
    },
    "import-tree": {
      "locked": {
-        "lastModified": 1773693634,
+        "lastModified": 1772999353,
-        "narHash": "sha256-BtZ2dtkBdSUnFPPFc+n0kcMbgaTxzFNPv2iaO326Ffg=",
+        "narHash": "sha256-dPb0WxUhFaz6wuR3B6ysqFJpsu8txKDPZvS47AT2XLI=",
        "owner": "vic",
        "repo": "import-tree",
-        "rev": "c41e7d58045f9057880b0d85e1152d6a4430dbf1",
+        "rev": "545a4df146fce44d155573e47f5a777985acf912",
        "type": "github"
      },
      "original": {
@@ -136,60 +35,13 @@
        "type": "github"
      }
    },
    "maccel": {
      "locked": {
        "lastModified": 1771614512,
        "narHash": "sha256-KzvNWDGVpoNcR9wcIOlwxr6Nwtgt9Hicck/0fswhi7U=",
        "owner": "Gnarus-G",
        "repo": "maccel",
        "rev": "c7c1369d4bd4f240b38365cd43bd696d06635e4d",
        "type": "github"
      },
      "original": {
        "owner": "Gnarus-G",
        "repo": "maccel",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1754028485,
+        "lastModified": 1772773019,
-        "narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=",
+        "narHash": "sha256-E1bxHxNKfDoQUuvriG71+f+s/NT0qWkImXsYZNFFfCs=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "59e69648d345d6e8fef86158c555730fa12af9de",
+        "rev": "aca4d95fce4914b3892661bcb80b8087293536c6",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-25.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1774106199,
        "narHash": "sha256-US5Tda2sKmjrg2lNHQL3jRQ6p96cgfWh3J1QBliQ8Ws=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "6c9a78c09ff4d6c21d0319114873508a6ec01655",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_3": {
      "locked": {
        "lastModified": 1775423009,
        "narHash": "sha256-vPKLpjhIVWdDrfiUM8atW6YkIggCEKdSAlJPzzhkQlw=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "68d8aa3d661f0e6bd5862291b5bb263b2a6595c9",
        "type": "github"
      },
      "original": {
@@ -201,42 +53,9 @@
    },
    "root": {
      "inputs": {
        "agenix": "agenix",
        "flake-parts": "flake-parts",
        "gsf": "gsf",
        "import-tree": "import-tree",
-        "maccel": "maccel",
+        "nixpkgs": "nixpkgs"
        "nixpkgs": "nixpkgs_3"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "systems_2": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    }
  },
@@ -9,9 +9,6 @@
    };
    import-tree.url = "github:vic/import-tree";
    agenix.url = "github:ryantm/agenix";
    maccel.url = "github:Gnarus-G/maccel";
    gsf.url = "git+https://gitea.unrail.xyz/thomas/gotta-scroll-fast";
  };
  outputs =
@@ -1,11 +1,5 @@
-{config, ...}: let
+{inputs, ...}: {
  flakeConfig = config;
 in {
  flake.nixosModules.development = {pkgs, ...}: {
    virtualisation.docker.enable = true;
    users.users.${flakeConfig.username}.extraGroups = ["docker"];
    environment.systemPackages = with pkgs; [
      nodejs_24
      go
@@ -18,8 +12,6 @@ in {
      lazygit
      pnpm
      ni
      code-cursor-fhs
      codex
      # LSPs and formatters (previously via Mason)
      stylua
@@ -1,11 +1,10 @@
-{...}: {
+{ inputs, ... }: {
-  flake.nixosModules.fonts = {pkgs, ...}: {
+	flake.nixosModules.fonts = {pkgs, ...}: {
-    fonts.packages = with pkgs; [
+		fonts.packages = with pkgs; [
-      nerd-fonts.iosevka-term-slab
+			nerd-fonts.iosevka-term-slab
-      nerd-fonts.iosevka
+			nerd-fonts.iosevka
-      nerd-fonts.fira-mono
+			nerd-fonts.fira-mono
-      nerd-fonts.fira-code
+			nerd-fonts.fira-code
-      nerd-fonts.proggy-clean-tt
+		];
-    ];
+	};
  };
 }
@@ -3,24 +3,9 @@
  self,
  config,
  ...
-}: let
+}: {
-  flakeConfig = config;
+  flake.nixosModules.nixos-host = {pkgs, ...}: {
 in {
  flake.nixosModules.nixos-host = {
    pkgs,
    lib,
    config,
    ...
  }: let
    smbSecretFile = ../../secrets/smb-credentials.age;
    hasSmbSecret = builtins.pathExists smbSecretFile;
    gsfDevice = "/dev/input/by-id/usb-Ploopy_Corporation_Ploopy_Adept_Trackball_E6626067D39C532A0000000000000000-if02-event-mouse";
  in {
    imports = [
      inputs.agenix.nixosModules.default
      inputs.maccel.nixosModules.default
      inputs.gsf.nixosModules.default
      ../../hardware-configuration.nix
    ];
@@ -32,20 +17,9 @@ in {
    boot.kernelPackages = pkgs.linuxPackages_latest;
    # Custom EDID override for Samsung 240Hz on DP-1
-    # Extreme mt7921e fallback: disable PCIe ASPM globally
+    boot.kernelParams = ["drm.edid_firmware=DP-1:edid/g80.bin"];
    boot.kernelParams = [
      "drm.edid_firmware=DP-1:edid/g80.bin"
      "pcie_aspm=off"
    ];
    # mt7921e stability tweaks
    boot.extraModprobeConfig = ''
      options mt7921e disable_aspm=Y
      options mt7921e disable_clc=Y
    '';
    hardware.firmware = [
-      (pkgs.runCommand "g80-edid-firmware" {} ''
+      (pkgs.runCommandNoCC "g80-edid-firmware" {} ''
        install -Dm444 ${../assets/edid/g80.bin} $out/lib/firmware/edid/g80.bin
      '')
    ];
@@ -54,39 +28,7 @@ in {
    networking.hostName = "nixos";
    # Networking
-    networking.networkmanager = {
+    networking.networkmanager.enable = true;
      enable = true;
      wifi.powersave = false;
      settings.device."wifi.scan-rand-mac-address" = "no";
    };
    # Work around mt7921e getting stuck after suspend/resume
    environment.etc."systemd/system-sleep/99-mt7921e-reset" = {
      text = ''
        #!/bin/sh
        case "$1" in
          post)
            ${pkgs.kmod}/bin/modprobe -r mt7921e || true
            ${pkgs.kmod}/bin/modprobe mt7921e
            ;;
        esac
      '';
      mode = "0755";
    };
    # LocalSend
    networking.firewall = {
      allowedTCPPorts = [53317];
      allowedUDPPorts = [53317];
    };
    # WebHID/VIA access on Linux (VIA needs hidraw access)
    services.udev.extraRules = ''
      # General VIA rule (matches vial docs/reddit workaround)
      KERNEL=="hidraw*", SUBSYSTEM=="hidraw", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl"
      # Explicit Ploopy Adept (VID:PID 5043:5c47)
      KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="5043", ATTRS{idProduct}=="5c47", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl"
    '';
    # Time zone
    time.timeZone = "Europe/Lisbon";
@@ -127,48 +69,19 @@ in {
    };
    # User account
-    users.users.${flakeConfig.username} = {
+    users.users.${config.username} = {
      isNormalUser = true;
      description = "Thomas Gouveia Lopes";
      extraGroups = ["networkmanager" "wheel"];
    };
    users.groups.maccel.members = [flakeConfig.username];
    hardware.maccel = {
      enable = true;
      enableCli = true;
      parameters = {
        mode = "linear";
        sensMultiplier = 1.0;
        yxRatio = 1.0;
        inputDpi = 1000.0;
        angleRotation = 0.0;
        acceleration = 0.3;
        offset = 2.0;
        outputCap = 2.0;
      };
    };
    hardware.gsf = {
      enable = true;
      device = gsfDevice;
      inputGroupUsers = [flakeConfig.username];
    };
    # Programs
    # Allow unfree
    nixpkgs.config.allowUnfree = true;
-    # Use Lix as the system Nix implementation
+    # Enable flakes
-    nix.package = pkgs.lixPackageSets.stable.lix;
+    nix.settings.experimental-features = ["nix-command" "flakes"];
    # Enable flakes + restrict who can submit builds to the daemon
    nix.settings = {
      experimental-features = ["nix-command" "flakes"];
      allowed-users = ["root" flakeConfig.username];
    };
    # Auto-unlock gnome-keyring on login
    security.pam.services.login.enableGnomeKeyring = true;
@@ -178,59 +91,6 @@ in {
    # State version
    system.stateVersion = "25.11";
    boot.supportedFilesystems = ["cifs"];
    warnings = lib.optional (!hasSmbSecret) ''
      SMB automount is disabled: missing ${toString smbSecretFile}.
      Create it with agenix:
      sudo env RULES=secrets/secrets.nix nix run github:ryantm/agenix -- -e secrets/smb-credentials.age -i /etc/ssh/ssh_host_ed25519_key
      and set:
      username=...
      password=...
      # optional
      # domain=WORKGROUP
    '';
    age.identityPaths = ["/etc/ssh/ssh_host_ed25519_key"];
    age.secrets."smb-credentials" = lib.mkIf hasSmbSecret {
      file = smbSecretFile;
      mode = "0400";
      owner = "root";
      group = "root";
    };
    fileSystems."/mnt/unraid-data" = lib.mkIf hasSmbSecret {
      device = "//192.168.1.102/data";
      fsType = "cifs";
      options = [
        "credentials=${config.age.secrets."smb-credentials".path}"
        "uid=1000"
        "gid=1000"
        "iocharset=utf8"
        "nofail"
        "x-systemd.automount"
        "_netdev"
        "noserverino"
        "vers=3.0"
      ];
    };
    fileSystems."/mnt/unraid-appdata" = lib.mkIf hasSmbSecret {
      device = "//192.168.1.102/appdata";
      fsType = "cifs";
      options = [
        "credentials=${config.age.secrets."smb-credentials".path}"
        "uid=1000"
        "gid=1000"
        "iocharset=utf8"
        "nofail"
        "x-systemd.automount"
        "_netdev"
        "noserverino"
        "vers=3.0"
      ];
    };
    fileSystems."/mnt/endeavour" = {
      device = "/dev/disk/by-uuid/a32ca052-12a5-4355-bd3b-b4515d9ea4a5";
      fsType = "ext4";
@@ -6,7 +6,6 @@
      nerdfetch
      libnotify
      alacritty
      foot
      fzf
      autojump
      yazi
@@ -20,31 +19,11 @@
      slack
      feishin
      obsidian
      nextcloud-client
      self.packages.${pkgs.stdenv.hostPlatform.system}.handy
      self.packages.${pkgs.stdenv.hostPlatform.system}.t3code
      mpv
      ffmpeg
      tmux
      obs-studio
      jjui
      bat
      localsend
      # postman
      bruno
      bruno-cli
    ];
    systemd.user.services.handy = {
      description = "Handy";
      wantedBy = ["graphical-session.target"];
      partOf = ["graphical-session.target"];
      after = ["graphical-session.target"];
      serviceConfig = {
        ExecStart = "${self.packages.${pkgs.stdenv.hostPlatform.system}.handy}/bin/handy";
        Restart = "on-failure";
        RestartSec = 5;
      };
    };
  };
 }
@@ -2,11 +2,11 @@
  perSystem = {pkgs, ...}: {
    packages.handy = pkgs.appimageTools.wrapType2 rec {
      pname = "handy";
-      version = "0.8.0";
+      version = "0.7.10";
      src = pkgs.fetchurl {
        url = "https://github.com/cjpais/Handy/releases/download/v${version}/Handy_${version}_amd64.AppImage";
-        hash = "sha256-PLcssfd6iMx51mglAJ7D4+67HFazwfhJMImgU9WiNDk=";
+        hash = "sha256-vBOcXCCJr9D0u0h27nN4XLPPngx4m+toAfi6O6Fuojk=";
      };
      extraInstallCommands = let
@@ -17,7 +17,6 @@
          install -m 444 -D "$desktop_file" "$out/share/applications/${pname}.desktop"
          substituteInPlace "$out/share/applications/${pname}.desktop" \
            --replace 'Exec=AppRun' 'Exec=${pname}' || true
          sed -i -E 's|^Exec=.*$|Exec=${pname}|g' "$out/share/applications/${pname}.desktop" || true
        fi
        if [ -d ${contents}/usr/share/icons ]; then
@@ -2,11 +2,11 @@
  perSystem = { pkgs, ... }: {
    packages.helium = pkgs.appimageTools.wrapType2 rec {
      pname = "helium";
-      version = "0.10.9.1";
+      version = "0.10.2.1";
      src = pkgs.fetchurl {
        url = "https://github.com/imputnet/helium-linux/releases/download/${version}/${pname}-${version}-x86_64.AppImage";
-        hash = "sha256-FMO4gB2zOjhgmjfE/T0XdDb0NMDKsQFuzy/Org1iD48=";
+        hash = "sha256-Kh6UgdleK+L+G4LNiQL2DkQIwS43cyzX+Jo6K0/fX1M=";
      };
      extraInstallCommands = let
@@ -1,37 +0,0 @@
 {lib, ...}: {
  perSystem = {pkgs, ...}: {
    packages.t3code = pkgs.appimageTools.wrapType2 rec {
      pname = "t3code";
      version = "0.0.13";
      src = pkgs.fetchurl {
        url = "https://github.com/pingdotgg/t3code/releases/download/v${version}/T3-Code-${version}-x86_64.AppImage";
        hash = "sha256-oHKIh+aHsbGVHEoLLjItl6AbVRwvWVlZaIWyHKiekVc=";
      };
      extraInstallCommands = let
        contents = pkgs.appimageTools.extract {inherit pname version src;};
      in ''
        desktop_file=$(find ${contents} -name "*.desktop" | head -n1)
        if [ -n "$desktop_file" ]; then
          install -m 444 -D "$desktop_file" "$out/share/applications/${pname}.desktop"
          substituteInPlace "$out/share/applications/${pname}.desktop" \
            --replace 'Exec=AppRun' 'Exec=${pname}' \
            --replace 'Exec=T3-Code' 'Exec=${pname}' \
            --replace 'Exec=t3-code' 'Exec=${pname}' || true
        fi
        if [ -d ${contents}/usr/share/icons ]; then
          cp -r ${contents}/usr/share/icons $out/share
        fi
      '';
      meta = {
        description = "T3 Chat Desktop";
        homepage = "https://t3.codes";
        license = lib.licenses.mit;
        platforms = ["x86_64-linux"];
      };
    };
  };
 }
@@ -1,11 +1,11 @@
 {lib, ...}: {
  perSystem = {pkgs, ...}: let
    pname = "zen-browser";
-    version = "1.19.3b";
+    version = "1.19.2b";
    src = pkgs.fetchurl {
      url = "https://github.com/zen-browser/desktop/releases/download/${version}/zen-x86_64.AppImage";
-      hash = "sha256-p00Irv2z6brDXMx3cr0234lOZZ2a7FmJMDzN494nzMw=";
+      hash = "sha256-lDn7rIYDgmyUnc3PdIASXfpXBXASL6TEdzyZfT716cI=";
    };
    appimageContents = pkgs.appimageTools.extract {inherit pname version src;};
@@ -2,7 +2,6 @@
 	flake.nixosModules.ui = { pkgs, lib, ... }: {
 		# Desktop environment
 		services.xserver.enable = true;
 		services.xserver.xkb.options = "compose:ralt,cedilla:cacute";
 		services.displayManager.gdm.enable = true;
 		services.displayManager.gdm.wayland = true;
 		services.desktopManager.gnome.enable = true;
@@ -1,7 +0,0 @@
 let
  nixos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIg62Co6P+CYcvINrW9IYM1D8W7A3LNlEphAqP6vCzrv root@nixos";
 in {
  "secrets/smb-credentials.age".publicKeys = [
    nixos
  ];
 }
@@ -1,5 +0,0 @@
 age-encryption.org/v1
 -> ssh-ed25519 eoxNoQ +//j26EmOrSLqTMUaKWy4X/GZZ3XoJmKlT+ArQejODU
 olSV7FU5URhIcB4JczmPhGZsaQjQCs7kTm/IISCePsk
 --- r7Gpe55fXHr9lghoFvwAZZVvDVckENBxTDXW3sXEjUI
 ã{„Â&ffÇj?ÛSŠÈy´|Ô™tÀÜ¾_3äûOÇÒåjp»	‹tS!Î,†!5iÿó©¡�ÙGoê‹_?tFKË†%üÊ´ØÔh%up„ÁX;'•.ÿXÙðóœo=