update zen browser to 1.19.2b

2026-03-13 12:38:46 +00:00
14 changed files with 64 additions and 229 deletions
@@ -4,6 +4,7 @@ set -euo pipefail
 : "${FILE:?FILE is required}"
 : "${LATEST_RELEASE_URL:?LATEST_RELEASE_URL is required}"
 : "${DOWNLOAD_URL_TEMPLATE:?DOWNLOAD_URL_TEMPLATE is required}"
+: "${RELEASE_API_REPO:?RELEASE_API_REPO is required}"

 if command -v python >/dev/null 2>&1; then
  PYTHON_BIN=python
@@ -16,12 +17,11 @@ fi

 version_strip_prefix="${LATEST_VERSION_STRIP_PREFIX:-v}"
 release_tag_template="${RELEASE_TAG_TEMPLATE:-{version}}"
-release_tag_template="${release_tag_template//$'\r'/}"

 current_version=$($PYTHON_BIN - <<'PY'
 import re
 import os
-p=os.environ["FILE"]
+p=os.environ['FILE']
 s=open(p).read()
 m=re.search(r'version\s*=\s*"([^"]+)";', s)
 print(m.group(1) if m else "")
@@ -52,21 +52,46 @@ export NEW_HASH="$new_hash"
 "$PYTHON_BIN" - <<'PY'
 import os
 import re
-p=os.environ["FILE"]
+p=os.environ['FILE']
 s=open(p).read()
 s=re.sub(r'version\s*=\s*"[^"]+"', f'version = "{os.environ["LATEST_VERSION"]}"', s, count=1)
 s=re.sub(r'hash\s*=\s*"[^"]+"', f'hash = "{os.environ["NEW_HASH"]}"', s, count=1)
-open(p,"w").write(s)
+open(p,'w').write(s)
 PY

-release_tag="${release_tag_template//\{version\}/$latest_version}"
-release_tag="${release_tag#\{}"
-release_tag="${release_tag%\}}"
-release_tag="${release_tag#\'}"
-release_tag="${release_tag%\'}"
-release_url="${LATEST_RELEASE_URL%/latest}/tag/${release_tag}"
-
 echo "updated=true" >> "$GITHUB_OUTPUT"
 echo "version=$latest_version" >> "$GITHUB_OUTPUT"
 echo "previous_version=$current_version" >> "$GITHUB_OUTPUT"
-echo "release_url=$release_url" >> "$GITHUB_OUTPUT"
+
+release_tag="${release_tag_template//\{version\}/$latest_version}"
+api_url="https://api.github.com/repos/${RELEASE_API_REPO}/releases/tags/${release_tag}"
+
+curl_headers=(
+  -H "Accept: application/vnd.github+json"
+  -H "X-GitHub-Api-Version: 2022-11-28"
+)
+if [ -n "${GITHUB_TOKEN:-}" ]; then
+  curl_headers+=( -H "Authorization: Bearer ${GITHUB_TOKEN}" )
+fi
+
+api_response=$(curl -sS -w '\n%{http_code}' "${curl_headers[@]}" "$api_url" || true)
+api_body=$(printf '%s\n' "$api_response" | sed '$d')
+api_code=$(printf '%s\n' "$api_response" | tail -n1)
+
+release_notes=""
+if [ "$api_code" = "200" ]; then
+  release_notes=$(printf '%s' "$api_body" | "$PYTHON_BIN" -c 'import json,sys; d=json.load(sys.stdin); print((d.get("body") or "").strip())' || true)
+else
+  echo "warning: failed to fetch release notes from GitHub API (status=$api_code, url=$api_url)"
+fi
+
+if [ -z "$release_notes" ]; then
+  release_notes="_No changelog found in upstream release notes. Check ${LATEST_RELEASE_URL%/latest}/tag/${release_tag}._"
+fi
+
+delimiter="CHANGELOG_$(date +%s%N)"
+{
+  echo "changelog<<${delimiter}"
+  printf '%s\n' "$release_notes"
+  echo "${delimiter}"
+} >> "$GITHUB_OUTPUT"
@@ -25,7 +25,9 @@ jobs:
          FILE: modules/pkgs/handy.nix
          LATEST_RELEASE_URL: https://github.com/cjpais/Handy/releases/latest
          DOWNLOAD_URL_TEMPLATE: https://github.com/cjpais/Handy/releases/download/v{version}/Handy_{version}_amd64.AppImage
+          RELEASE_API_REPO: cjpais/Handy
          RELEASE_TAG_TEMPLATE: v{version}
+          GITHUB_TOKEN: ${{ secrets.github_token || secrets.GITHUB_TOKEN }}
        shell: bash
        run: bash .gitea/scripts/update-appimage-nix.sh

@@ -45,13 +47,14 @@ jobs:
        if: steps.update.outputs.updated == 'true'
        env:
          GITEA_TOKEN: ${{ secrets.tea_token || secrets.TEA_TOKEN }}
+          CHANGELOG: ${{ steps.update.outputs.changelog }}
        shell: bash
        run: |
          set -euo pipefail

          version="${{ steps.update.outputs.version }}"
          previous_version="${{ steps.update.outputs.previous_version }}"
-          release_url="${{ steps.update.outputs.release_url }}"
+          release_url="https://github.com/cjpais/Handy/releases/tag/v${version}"

          pr_body=$(cat <<EOF
          automated update of handy appimage version and hash
@@ -60,6 +63,8 @@ jobs:
          from \`${previous_version}\` to \`${version}\`

          upstream release: ${release_url}
+
+          ${CHANGELOG}
          EOF
          )

@@ -25,7 +25,9 @@ jobs:
          FILE: modules/pkgs/helium.nix
          LATEST_RELEASE_URL: https://github.com/imputnet/helium-linux/releases/latest
          DOWNLOAD_URL_TEMPLATE: https://github.com/imputnet/helium-linux/releases/download/{version}/helium-{version}-x86_64.AppImage
+          RELEASE_API_REPO: imputnet/helium-linux
          RELEASE_TAG_TEMPLATE: '{version}'
+          GITHUB_TOKEN: ${{ secrets.github_token || secrets.GITHUB_TOKEN }}
        shell: bash
        run: bash .gitea/scripts/update-appimage-nix.sh

@@ -45,13 +47,14 @@ jobs:
        if: steps.update.outputs.updated == 'true'
        env:
          GITEA_TOKEN: ${{ secrets.tea_token || secrets.TEA_TOKEN }}
+          CHANGELOG: ${{ steps.update.outputs.changelog }}
        shell: bash
        run: |
          set -euo pipefail

          version="${{ steps.update.outputs.version }}"
          previous_version="${{ steps.update.outputs.previous_version }}"
-          release_url="${{ steps.update.outputs.release_url }}"
+          release_url="https://github.com/imputnet/helium-linux/releases/tag/${version}"

          pr_body=$(cat <<EOF
          automated update of helium appimage version and hash
@@ -60,6 +63,8 @@ jobs:
          from \`${previous_version}\` to \`${version}\`

          upstream release: ${release_url}
+
+          ${CHANGELOG}
          EOF
          )

@@ -25,7 +25,9 @@ jobs:
          FILE: modules/pkgs/zen-browser.nix
          LATEST_RELEASE_URL: https://github.com/zen-browser/desktop/releases/latest
          DOWNLOAD_URL_TEMPLATE: https://github.com/zen-browser/desktop/releases/download/{version}/zen-x86_64.AppImage
+          RELEASE_API_REPO: zen-browser/desktop
          RELEASE_TAG_TEMPLATE: '{version}'
+          GITHUB_TOKEN: ${{ secrets.github_token || secrets.GITHUB_TOKEN }}
        shell: bash
        run: bash .gitea/scripts/update-appimage-nix.sh

@@ -45,13 +47,14 @@ jobs:
        if: steps.update.outputs.updated == 'true'
        env:
          GITEA_TOKEN: ${{ secrets.tea_token || secrets.TEA_TOKEN }}
+          CHANGELOG: ${{ steps.update.outputs.changelog }}
        shell: bash
        run: |
          set -euo pipefail

          version="${{ steps.update.outputs.version }}"
          previous_version="${{ steps.update.outputs.previous_version }}"
-          release_url="${{ steps.update.outputs.release_url }}"
+          release_url="https://github.com/zen-browser/desktop/releases/tag/${version}"

          pr_body=$(cat <<EOF
          automated update of zen browser appimage version and hash
@@ -60,6 +63,8 @@ jobs:
          from \`${previous_version}\` to \`${version}\`

          upstream release: ${release_url}
+
+          ${CHANGELOG}
          EOF
          )

@@ -20,36 +20,3 @@ NixOS configuration using a dendritic structure — `flake.nix` at the root, wit
 ```bash
 sudo nixos-rebuild switch --flake .#nixos
 ```
-
-## SMB share secrets (agenix)
-
-SMB automount is configured in `modules/hosts/nixos.nix` and activates once
-`secrets/smb-credentials.age` exists.
-
-1. Edit recipients in `secrets/secrets.nix` if needed.
-2. Create the encrypted secret (using the host SSH private key via sudo):
-
-```bash
-sudo env RULES=secrets/secrets.nix nix run github:ryantm/agenix -- -e secrets/smb-credentials.age -i /etc/ssh/ssh_host_ed25519_key
-```
-
-Use this content:
-
-```text
-username=YOUR_SMB_USER
-password=YOUR_SMB_PASSWORD
-# optional
-# domain=WORKGROUP
-```
-
-Configured shares mirror your Endeavour setup:
-
- `//192.168.1.102/data` → `/mnt/unraid-data`
- `//192.168.1.102/appdata` → `/mnt/unraid-appdata`
-
-Then apply:
-
-```bash
-sudo nixos-rebuild switch --flake .#nixos
-```
-
@@ -1,48 +1,5 @@
 {
  "nodes": {
-    "agenix": {
-      "inputs": {
-        "darwin": "darwin",
-        "home-manager": "home-manager",
-        "nixpkgs": "nixpkgs",
-        "systems": "systems"
-      },
-      "locked": {
-        "lastModified": 1770165109,
-        "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=",
-        "owner": "ryantm",
-        "repo": "agenix",
-        "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb",
-        "type": "github"
-      },
-      "original": {
-        "owner": "ryantm",
-        "repo": "agenix",
-        "type": "github"
-      }
-    },
-    "darwin": {
-      "inputs": {
-        "nixpkgs": [
-          "agenix",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1744478979,
-        "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
-        "owner": "lnl7",
-        "repo": "nix-darwin",
-        "rev": "43975d782b418ebf4969e9ccba82466728c2851b",
-        "type": "github"
-      },
-      "original": {
-        "owner": "lnl7",
-        "ref": "master",
-        "repo": "nix-darwin",
-        "type": "github"
-      }
-    },
    "flake-parts": {
      "inputs": {
        "nixpkgs-lib": [
@@ -63,27 +20,6 @@
        "type": "github"
      }
    },
-    "home-manager": {
-      "inputs": {
-        "nixpkgs": [
-          "agenix",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1745494811,
-        "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
-        "owner": "nix-community",
-        "repo": "home-manager",
-        "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "home-manager",
-        "type": "github"
-      }
-    },
    "import-tree": {
      "locked": {
        "lastModified": 1772999353,
@@ -100,22 +36,6 @@
      }
    },
    "nixpkgs": {
-      "locked": {
-        "lastModified": 1754028485,
-        "narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "59e69648d345d6e8fef86158c555730fa12af9de",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-25.05",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_2": {
      "locked": {
        "lastModified": 1772773019,
        "narHash": "sha256-E1bxHxNKfDoQUuvriG71+f+s/NT0qWkImXsYZNFFfCs=",
@@ -133,25 +53,9 @@
    },
    "root": {
      "inputs": {
-        "agenix": "agenix",
        "flake-parts": "flake-parts",
        "import-tree": "import-tree",
-        "nixpkgs": "nixpkgs_2"
-      }
-    },
-    "systems": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
+        "nixpkgs": "nixpkgs"
      }
    }
  },
@@ -9,7 +9,6 @@
    };

    import-tree.url = "github:vic/import-tree";
-    agenix.url = "github:ryantm/agenix";
  };

  outputs =
@@ -3,20 +3,9 @@
  self,
  config,
  ...
-}: let
-  flakeConfig = config;
-in {
-  flake.nixosModules.nixos-host = {
-    pkgs,
-    lib,
-    config,
-    ...
-  }: let
-    smbSecretFile = ../../secrets/smb-credentials.age;
-    hasSmbSecret = builtins.pathExists smbSecretFile;
-  in {
+}: {
+  flake.nixosModules.nixos-host = {pkgs, ...}: {
    imports = [
-      inputs.agenix.nixosModules.default
      ../../hardware-configuration.nix
    ];

@@ -30,7 +19,7 @@ in {
    # Custom EDID override for Samsung 240Hz on DP-1
    boot.kernelParams = ["drm.edid_firmware=DP-1:edid/g80.bin"];
    hardware.firmware = [
-      (pkgs.runCommand "g80-edid-firmware" {} ''
+      (pkgs.runCommandNoCC "g80-edid-firmware" {} ''
        install -Dm444 ${../assets/edid/g80.bin} $out/lib/firmware/edid/g80.bin
      '')
    ];
@@ -80,7 +69,7 @@ in {
    };

    # User account
-    users.users.${flakeConfig.username} = {
+    users.users.${config.username} = {
      isNormalUser = true;
      description = "Thomas Gouveia Lopes";
      extraGroups = ["networkmanager" "wheel"];
@@ -102,55 +91,6 @@ in {
    # State version
    system.stateVersion = "25.11";

-    boot.supportedFilesystems = ["cifs"];
-
-    warnings = lib.optional (!hasSmbSecret) ''
-      SMB automount is disabled: missing ${toString smbSecretFile}.
-      Create it with agenix:
-      sudo env RULES=secrets/secrets.nix nix run github:ryantm/agenix -- -e secrets/smb-credentials.age -i /etc/ssh/ssh_host_ed25519_key
-      and set:
-      username=...
-      password=...
-      # optional
-      # domain=WORKGROUP
-    '';
-
-    age.identityPaths = ["/etc/ssh/ssh_host_ed25519_key"];
-    age.secrets."smb-credentials" = lib.mkIf hasSmbSecret {
-      file = smbSecretFile;
-      mode = "0400";
-      owner = "root";
-      group = "root";
-    };
-
-    fileSystems."/mnt/unraid-data" = lib.mkIf hasSmbSecret {
-      device = "//192.168.1.102/data";
-      fsType = "cifs";
-      options = [
-        "credentials=${config.age.secrets."smb-credentials".path}"
-        "uid=1000"
-        "gid=1000"
-        "iocharset=utf8"
-        "nofail"
-        "_netdev"
-        "vers=3.0"
-      ];
-    };
-
-    fileSystems."/mnt/unraid-appdata" = lib.mkIf hasSmbSecret {
-      device = "//192.168.1.102/appdata";
-      fsType = "cifs";
-      options = [
-        "credentials=${config.age.secrets."smb-credentials".path}"
-        "uid=1000"
-        "gid=1000"
-        "iocharset=utf8"
-        "nofail"
-        "_netdev"
-        "vers=3.0"
-      ];
-    };
-
    fileSystems."/mnt/endeavour" = {
      device = "/dev/disk/by-uuid/a32ca052-12a5-4355-bd3b-b4515d9ea4a5";
      fsType = "ext4";
@@ -24,8 +24,6 @@
      ffmpeg
      tmux
      obs-studio
-      jjui
-      bat
    ];
  };
 }
@@ -2,11 +2,11 @@
  perSystem = {pkgs, ...}: {
    packages.handy = pkgs.appimageTools.wrapType2 rec {
      pname = "handy";
-      version = "0.7.12";
+      version = "0.7.10";

      src = pkgs.fetchurl {
        url = "https://github.com/cjpais/Handy/releases/download/v${version}/Handy_${version}_amd64.AppImage";
-        hash = "sha256-Qh82PvZErWWhARs7ZzoGFllQXKsF63GUGqG5taT+kV8=";
+        hash = "sha256-vBOcXCCJr9D0u0h27nN4XLPPngx4m+toAfi6O6Fuojk=";
      };

      extraInstallCommands = let
@@ -2,11 +2,11 @@
  perSystem = { pkgs, ... }: {
    packages.helium = pkgs.appimageTools.wrapType2 rec {
      pname = "helium";
-      version = "0.10.5.1";
+      version = "0.9.4.1";

      src = pkgs.fetchurl {
        url = "https://github.com/imputnet/helium-linux/releases/download/${version}/${pname}-${version}-x86_64.AppImage";
-        hash = "sha256-c/ea8C1XjTkBo0/ujGHEbKWyCmRMxyuiuOzAO9AMf1o=";
+        hash = "sha256-N5gdWuxOrIudJx/4nYo4/SKSxakpTFvL4zzByv6Cnug=";
      };

      extraInstallCommands = let
@@ -2,7 +2,6 @@
 	flake.nixosModules.ui = { pkgs, lib, ... }: {
 		# Desktop environment
 		services.xserver.enable = true;
-		services.xserver.xkb.options = "compose:ralt,cedilla:cacute";
 		services.displayManager.gdm.enable = true;
 		services.displayManager.gdm.wayland = true;
 		services.desktopManager.gnome.enable = true;
@@ -1,7 +0,0 @@
-let
-  nixos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIg62Co6P+CYcvINrW9IYM1D8W7A3LNlEphAqP6vCzrv root@nixos";
-in {
-  "secrets/smb-credentials.age".publicKeys = [
-    nixos
-  ];
-}
@@ -1,5 +0,0 @@
-age-encryption.org/v1
-> ssh-ed25519 eoxNoQ +//j26EmOrSLqTMUaKWy4X/GZZ3XoJmKlT+ArQejODU
-olSV7FU5URhIcB4JczmPhGZsaQjQCs7kTm/IISCePsk
--- r7Gpe55fXHr9lghoFvwAZZVvDVckENBxTDXW3sXEjUI
-ã{„Â&ffÇj?ÛSŠÈy´|Ô™tÀÜ¾_3äûOÇÒåjp»	‹tS!Î,†!5iÿó©¡�ÙGoê‹_?tFKË†%üÊ´ØÔh%up„ÁX;'•.ÿXÙðóœo=