moby: tweak default apps (sxmo, jellyfin qt6)

i don't use it frequently enough to justify building/shipping it on the
regular.

TODO.md

@@ -20,6 +20,9 @@
 - fix lightdm-mobile-greeter for newer libhandy
 - port zecwallet-lite to a from-source build
 - fix or abandon Whalebird
+- FIX failed CI on bonsai PR: <https://github.com/NixOS/nixpkgs/pull/233892>
+- REVIEW/integrate jellyfin dataDir config: <https://github.com/NixOS/nixpkgs/pull/233617>
+- remove `libsForQt5.callPackage` broadly: <https://github.com/NixOS/nixpkgs/issues/180841>
 
 
 ## IMPROVEMENTS:
@@ -53,6 +56,7 @@
     - see: <repo:mil/sxmo-utils:scripts/core/sxmo_autorotate.sh>
     - all orientations *except* upside down are supported
 - sxmo: launch with auto-rotation enabled
+- sane-bt-search: show details like 5.1 vs stereo, h264 vs h265
 
 ### perf
 - why does nixos-rebuild switch take 5 minutes when net is flakey?

flake.lock

@@ -66,11 +66,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1684632198,
-        "narHash": "sha256-SdxMPd0WmU9MnDBuuy7ouR++GftrThmSGL7PCQj/uVI=",
+        "lastModified": 1685758009,
+        "narHash": "sha256-IT4Z5WGhafrq+xbDTyuKrRPRQ1f+kVOtE+4JU1CHFeo=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "d0dade110dc7072d67ce27826cfe9ab2ab0cf247",
+        "rev": "eaf03591711b46d21abc7082a8ebee4681f9dbeb",
         "type": "github"
       },
       "original": {
@@ -82,11 +82,11 @@
     },
     "nixpkgs-unpatched": {
       "locked": {
-        "lastModified": 1684935479,
-        "narHash": "sha256-6QMMsXMr2nhmOPHdti2j3KRHt+bai2zw+LJfdCl97Mk=",
+        "lastModified": 1686135559,
+        "narHash": "sha256-pY8waAV8K/sbHBdLn5diPFnQKpNg0YS9w03MrD2lUGE=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "f91ee3065de91a3531329a674a45ddcb3467a650",
+        "rev": "381e92a35e2d196fdd6077680dca0cd0197e75cb",
         "type": "github"
       },
       "original": {
@@ -113,11 +113,11 @@
         "nixpkgs-stable": "nixpkgs-stable"
       },
       "locked": {
-        "lastModified": 1684637723,
-        "narHash": "sha256-0vAxL7MVMhGbTkAyvzLvleELHjVsaS43p+PR1h9gzNQ=",
+        "lastModified": 1685848844,
+        "narHash": "sha256-Iury+/SVbAwLES76QJSiKFiQDzmf/8Hsq8j54WF2qyw=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "4ccdfb573f323a108a44c13bb7730e42baf962a9",
+        "rev": "a522e12ee35e50fa7d902a164a9796e420e6e75b",
         "type": "github"
       },
       "original": {

hosts/by-name/desko/default.nix

@@ -19,6 +19,7 @@
   sane.programs.iphoneUtils.enableFor.user.colin = true;
 
   sane.programs.guiApps.suggestedPrograms = [ "desktopGuiApps" ];
+  sane.programs.consoleUtils.suggestedPrograms = [ "consoleMediaUtils" ];
 
   boot.loader.efi.canTouchEfiVariables = false;
   sane.image.extraBootFiles = [ pkgs.bootpart-uefi-x86_64 ];

hosts/by-name/lappy/default.nix

@@ -19,6 +19,7 @@
     "desktopGuiApps"
     "stepmania"
   ];
+  sane.programs.consoleUtils.suggestedPrograms = [ "consoleMediaUtils" ];
 
   sops.secrets.colin-passwd.neededForUsers = true;
 

hosts/by-name/moby/default.nix

@@ -33,11 +33,15 @@
     ".config/pulse"  # persist pulseaudio volume
   ];
 
-  sane.gui.phosh.enable = true;
+  sane.gui.sxmo.enable = true;
   # sane.programs.consoleUtils.enableFor.user.colin = false;
   # sane.programs.guiApps.enableFor.user.colin = false;
   sane.programs.sequoia.enableFor.user.colin = false;
   sane.programs.tuiApps.enableFor.user.colin = false;  # visidata, others, don't compile well
+  # disabled for faster deploys (gthumb depends on webkitgtk, particularly)
+  sane.programs.soundconverter.enableFor.user.colin = false;
+  sane.programs."gnome.nautilus".enableFor.user.colin = false;
+  sane.programs.gthumb.enableFor.user.colin = false;
 
   boot.loader.efi.canTouchEfiVariables = false;
   # /boot space is at a premium. default was 20.

hosts/by-name/servo/services/calibre.nix

@@ -30,5 +30,5 @@ lib.mkIf false
       proxyPass = "http://${ip}:${builtins.toString port}";
     };
   };
-  sane.services.trust-dns.zones."uninsane.org".inet.CNAME."calibre" = "native";
+  sane.dns.zones."uninsane.org".inet.CNAME."calibre" = "native";
 }

hosts/by-name/servo/services/ejabberd.nix

@@ -115,7 +115,7 @@
     useACMEHost = "uninsane.org";
   };
 
-  sane.services.trust-dns.zones."uninsane.org".inet = {
+  sane.dns.zones."uninsane.org".inet = {
     # XXX: SRV records have to point to something with a A/AAAA record; no CNAMEs
     A."xmpp" =                "%ANATIVE%";
     CNAME."muc.xmpp" =        "xmpp";

hosts/by-name/servo/services/email/dovecot.nix

@@ -24,7 +24,7 @@
     enableACME = true;
   };
 
-  sane.services.trust-dns.zones."uninsane.org".inet = {
+  sane.dns.zones."uninsane.org".inet = {
     CNAME."imap" = "native";
   };
 

hosts/by-name/servo/services/email/postfix.nix

@@ -50,7 +50,7 @@ in
   };
 
 
-  sane.services.trust-dns.zones."uninsane.org".inet = {
+  sane.dns.zones."uninsane.org".inet = {
     MX."@" = "10 mx.uninsane.org.";
     # XXX: RFC's specify that the MX record CANNOT BE A CNAME
     A."mx" = "185.157.162.178";

hosts/by-name/servo/services/freshrss.nix

@@ -59,5 +59,5 @@
     # the routing is handled by services.freshrss.virtualHost
   };
 
-  sane.services.trust-dns.zones."uninsane.org".inet.CNAME."rss" = "native";
+  sane.dns.zones."uninsane.org".inet.CNAME."rss" = "native";
 }

hosts/by-name/servo/services/gitea.nix

@@ -98,7 +98,7 @@
     };
   };
 
-  sane.services.trust-dns.zones."uninsane.org".inet.CNAME."git" = "native";
+  sane.dns.zones."uninsane.org".inet.CNAME."git" = "native";
 
   sane.ports.ports."22" = {
     protocol = [ "tcp" ];

hosts/by-name/servo/services/goaccess.nix

@@ -64,5 +64,5 @@
     };
   };
 
-  sane.services.trust-dns.zones."uninsane.org".inet.CNAME."sink" = "native";
+  sane.dns.zones."uninsane.org".inet.CNAME."sink" = "native";
 }

hosts/by-name/servo/services/ipfs.nix

@@ -34,7 +34,7 @@ lib.mkIf false # i don't actively use ipfs anymore
     };
   };
 
-  sane.services.trust-dns.zones."uninsane.org".inet.CNAME."ipfs" = "native";
+  sane.dns.zones."uninsane.org".inet.CNAME."ipfs" = "native";
 
   # services.ipfs.enable = true;
   services.kubo.localDiscovery = true;

hosts/by-name/servo/services/jackett.nix

@@ -27,6 +27,6 @@
     };
   };
 
-  sane.services.trust-dns.zones."uninsane.org".inet.CNAME."jackett" = "native";
+  sane.dns.zones."uninsane.org".inet.CNAME."jackett" = "native";
 }
 

hosts/by-name/servo/services/jellyfin.nix

@@ -121,7 +121,7 @@
     };
   };
 
-  sane.services.trust-dns.zones."uninsane.org".inet.CNAME."jelly" = "native";
+  sane.dns.zones."uninsane.org".inet.CNAME."jelly" = "native";
 
   services.jellyfin.enable = true;
 }

hosts/by-name/servo/services/kiwix-serve.nix

@@ -13,5 +13,5 @@
     locations."/".proxyPass = "http://127.0.0.1:8013";
   };
 
-  sane.services.trust-dns.zones."uninsane.org".inet.CNAME."w" = "native";
+  sane.dns.zones."uninsane.org".inet.CNAME."w" = "native";
 }

hosts/by-name/servo/services/komga.nix

@@ -18,5 +18,5 @@ in
       proxyPass = "http://127.0.0.1:${builtins.toString port}";
     };
   };
-  sane.services.trust-dns.zones."uninsane.org".inet.CNAME."komga" = "native";
+  sane.dns.zones."uninsane.org".inet.CNAME."komga" = "native";
 }

hosts/by-name/servo/services/lemmy.nix

@@ -54,5 +54,5 @@ in {
     enableACME = true;
   };
 
-  sane.services.trust-dns.zones."uninsane.org".inet.CNAME."lemmy" = "native";
+  sane.dns.zones."uninsane.org".inet.CNAME."lemmy" = "native";
 }

hosts/by-name/servo/services/matrix/default.nix

@@ -132,7 +132,7 @@
     };
   };
 
-  sane.services.trust-dns.zones."uninsane.org".inet = {
+  sane.dns.zones."uninsane.org".inet = {
     CNAME."matrix" = "native";
     CNAME."web.matrix" = "native";
   };

hosts/by-name/servo/services/navidrome.nix

@@ -36,5 +36,5 @@
     locations."/".proxyPass = "http://127.0.0.1:4533";
   };
 
-  sane.services.trust-dns.zones."uninsane.org".inet.CNAME."music" = "native";
+  sane.dns.zones."uninsane.org".inet.CNAME."music" = "native";
 }

hosts/by-name/servo/services/nixserve.nix

@@ -14,7 +14,7 @@
     '';
   };
 
-  sane.services.trust-dns.zones."uninsane.org".inet.CNAME."nixcache" = "native";
+  sane.dns.zones."uninsane.org".inet.CNAME."nixcache" = "native";
 
   sane.services.nixserve.enable = true;
   sane.services.nixserve.secretKeyFile = config.sops.secrets.nix_serve_privkey.path;

hosts/by-name/servo/services/pleroma.nix

@@ -182,7 +182,7 @@
     };
   };
 
-  sane.services.trust-dns.zones."uninsane.org".inet.CNAME."fed" = "native";
+  sane.dns.zones."uninsane.org".inet.CNAME."fed" = "native";
 
   sops.secrets."pleroma_secrets" = {
     owner = config.users.users.pleroma.name;

hosts/by-name/servo/services/transmission.nix

@@ -75,6 +75,6 @@
     };
   };
 
-  sane.services.trust-dns.zones."uninsane.org".inet.CNAME."bt" = "native";
+  sane.dns.zones."uninsane.org".inet.CNAME."bt" = "native";
 }
 

hosts/by-name/servo/services/trust-dns.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 
 {
   sane.services.trust-dns.enable = true;
@@ -11,7 +11,7 @@
   ];
   sane.services.trust-dns.quiet = true;
 
-  sane.services.trust-dns.zones."uninsane.org".TTL = 900;
+  sane.dns.zones."uninsane.org".TTL = 900;
 
   # SOA record structure: <https://en.wikipedia.org/wiki/SOA_record#Structure>
   # SOA MNAME RNAME (... rest)
@@ -21,7 +21,7 @@
   # Refresh = how frequently secondary NS should query master
   # Retry = how long secondary NS should wait until re-querying master after a failure (must be < Refresh)
   # Expire = how long secondary NS should continue to reply to queries after master fails (> Refresh + Retry)
-  sane.services.trust-dns.zones."uninsane.org".inet = {
+  sane.dns.zones."uninsane.org".inet = {
     SOA."@" = ''
       ns1.uninsane.org. admin-dns.uninsane.org. (
                                       2022122101 ; Serial
@@ -51,7 +51,9 @@
     ];
   };
 
-  sane.services.trust-dns.zones."uninsane.org".file = "uninsane.org.zone";
+  # we need trust-dns to load our zone by relative path instead of /nix/store path
+  # because we generate it at runtime.
+  sane.services.trust-dns.zones."uninsane.org".file = lib.mkForce "uninsane.org.zone";
   sane.services.trust-dns.zonedir = null;
 
   sane.services.trust-dns.package =
@@ -60,7 +62,7 @@
       zone-dir = "/var/lib/trust-dns";
       zone-wan = "${zone-dir}/wan/uninsane.org.zone";
       zone-lan = "${zone-dir}/lan/uninsane.org.zone";
-      zone-template = pkgs.writeText "uninsane.org.zone.in" config.sane.services.trust-dns.generatedZones."uninsane.org";
+      zone-template = pkgs.writeText "uninsane.org.zone.in" config.sane.services.trust-dns.zones."uninsane.org".text;
     in pkgs.writeShellScriptBin "named" ''
       # compute wan/lan values
       mkdir -p ${zone-dir}/{ovpn,wan,lan}

hosts/common/programs/assorted.nix

@@ -0,0 +1,381 @@
+{ lib, pkgs, ... }:
+
+let
+  inherit (builtins) attrNames;
+
+  flattenedPkgs = pkgs // (with pkgs; {
+    # XXX can't `inherit` a nested attr, so we move them to the toplevel
+    "cacert.unbundled" = pkgs.cacert.unbundled;
+    "gnome.cheese" = gnome.cheese;
+    "gnome.dconf-editor" = gnome.dconf-editor;
+    "gnome.file-roller" = gnome.file-roller;
+    "gnome.gnome-disk-utility" = gnome.gnome-disk-utility;
+    "gnome.gnome-maps" = gnome.gnome-maps;
+    "gnome.nautilus" = gnome.nautilus;
+    "gnome.gnome-system-monitor" = gnome.gnome-system-monitor;
+    "gnome.gnome-terminal" = gnome.gnome-terminal;
+    "gnome.gnome-weather" = gnome.gnome-weather;
+    "gnome.totem" = gnome.totem;
+    "libsForQt5.plasmatube" = libsForQt5.plasmatube;
+  });
+
+  sysadminPkgs = {
+    inherit (flattenedPkgs)
+      btrfs-progs
+      "cacert.unbundled"  # some services require unbundled /etc/ssl/certs
+      cryptsetup
+      dig
+      efibootmgr
+      fatresize
+      fd
+      file
+      gawk
+      git
+      gptfdisk
+      hdparm
+      htop
+      iftop
+      inetutils  # for telnet
+      iotop
+      iptables
+      jq
+      killall
+      lsof
+      miniupnpc
+      nano
+      netcat
+      nethogs
+      nmap
+      openssl
+      parted
+      pciutils
+      powertop
+      pstree
+      ripgrep
+      screen
+      smartmontools
+      socat
+      strace
+      subversion
+      tcpdump
+      tree
+      usbutils
+      wget
+      wirelesstools  # iwlist
+    ;
+  };
+  sysadminExtraPkgs = {
+    # application-specific packages
+    inherit (pkgs)
+      backblaze-b2
+      duplicity
+      sqlite  # to debug sqlite3 databases
+    ;
+  };
+
+  iphonePkgs = {
+    inherit (pkgs)
+      ifuse
+      ipfs
+      libimobiledevice
+    ;
+  };
+
+  tuiPkgs = {
+    inherit (pkgs)
+      aerc  # email client
+      offlineimap  # email mailox sync
+      visidata  # TUI spreadsheet viewer/editor
+      w3m
+    ;
+  };
+
+  consoleMediaPkgs = {
+    inherit (pkgs)
+      ffmpeg
+      imagemagick
+      sox
+      yt-dlp
+    ;
+  };
+  # TODO: split these into smaller groups.
+  # - moby doesn't want a lot of these.
+  # - categories like
+  #   - dev?
+  #   - debugging?
+  consolePkgs = {
+    inherit (pkgs)
+      alsaUtils  # for aplay, speaker-test
+      cdrtools
+      clinfo
+      dmidecode
+      efivar
+      flashrom
+      fwupd
+      gh  # MS GitHub cli
+      git  # needed as a user package, for config.
+      gnupg
+      gocryptfs
+      gopass  # TODO: shouldn't be needed here
+      gopass-jsonapi
+      kitty  # TODO: move to GUI, but `ssh servo` from kitty sets `TERM=xterm-kitty` in the remove and breaks things
+      libsecret  # for managing user keyrings
+      lm_sensors  # for sensors-detect
+      lshw
+      # memtester
+      neovim
+      # nettools
+      # networkmanager
+      nixpkgs-review
+      # nixos-generators
+      nmon
+      # node2nix
+      # oathToolkit  # for oathtool
+      # ponymix
+      pulsemixer
+      python3
+      ripgrep  # needed as a user package so that its user-level config file can be installed
+      rsync
+      # python3Packages.eyeD3  # music tagging
+      sane-scripts
+      sequoia
+      snapper
+      sops
+      speedtest-cli
+      # ssh-to-age
+      sudo
+      # tageditor  # music tagging
+      unar
+      wireguard-tools
+      xdg-utils  # for xdg-open
+      # yarn
+      zsh
+    ;
+  };
+
+  guiPkgs = {
+    inherit (flattenedPkgs)
+      # celluloid  # mpv frontend
+      # emote
+      evince  # works on phosh
+
+      # { pkg = fluffychat-moby; persist.plaintext = [ ".local/share/chat.fluffy.fluffychat" ]; }  # TODO: ship normal fluffychat on non-moby?
+
+      # foliate  # e-book reader
+
+      # XXX by default fractal stores its state in ~/.local/share/<UUID>.
+      # after logging in, manually change ~/.local/share/keyrings/... to point it to some predictable subdir.
+      # then reboot (so that libsecret daemon re-loads the keyring...?)
+      # { pkg = fractal-latest; persist.private = [ ".local/share/fractal" ]; }
+      # { pkg = fractal-next; persist.private = [ ".local/share/fractal" ]; }
+
+      # "gnome.cheese"
+      # gnome-feeds  # RSS reader (with claimed mobile support)
+      "gnome.file-roller"
+      # "gnome.gnome-maps"  # works on phosh
+      "gnome.nautilus"
+      # gnome-podcasts
+      # "gnome.gnome-system-monitor"
+      # "gnome.gnome-terminal"  # works on phosh
+      # "gnome.gnome-weather"
+      gpodder
+      gthumb
+      jellyfin-media-player
+      # lollypop
+      # mpv
+      # networkmanagerapplet
+      # newsflash
+      nheko
+      pavucontrol
+      # picard  # music tagging
+      # "libsForQt5.plasmatube"  # Youtube player
+      soundconverter
+      # sublime-music
+      # tdesktop  # broken on phosh
+      # tokodon
+      vlc
+      # pleroma client (Electron). input is broken on phosh. TODO(2023/02/02): fix electron19 input (insecure)
+      # whalebird
+      xterm  # broken on phosh
+    ;
+  };
+  desktopGuiPkgs = {
+    inherit (flattenedPkgs)
+      audacity
+      brave  # for the integrated wallet -- as a backup
+      chromium
+      dino
+      electrum
+      element-desktop
+      font-manager
+      gajim  # XMPP client
+      gimp  # broken on phosh
+      "gnome.dconf-editor"
+      "gnome.gnome-disk-utility"
+      # "gnome.totem"  # video player, supposedly supports UPnP
+      handbrake
+      hase
+      inkscape
+      kdenlive
+      kid3  # audio tagging
+      krita
+      libreoffice-fresh
+      mumble
+      obsidian
+      slic3r
+      steam
+      wireshark  # could maybe ship the cli as sysadmin pkg
+    ;
+  };
+  x86GuiPkgs = {
+    inherit (pkgs)
+      discord
+
+      # kaiteki  # Pleroma client
+      # gnome.zenity # for kaiteki (it will use qarma, kdialog, or zenity)
+      # gpt2tc  # XXX: unreliable mirror
+
+      # logseq  # Personal Knowledge Management
+      losslesscut-bin
+      makemkv
+      monero-gui
+      signal-desktop
+      spotify
+      tor-browser-bundle-bin
+      zecwallet-lite
+    ;
+  };
+
+  # packages not part of any package set; not enabled by default
+  otherPkgs = {
+    inherit (pkgs)
+      lemmy-server
+      mx-sanebot
+      stepmania
+    ;
+  };
+
+  # define -- but don't enable -- the packages in some attrset.
+  declarePkgs = pkgsAsAttrs: lib.mapAttrs (_n: p: {
+    # no need to actually define the package here: it's defaulted
+    # package = mkDefault p;
+  }) pkgsAsAttrs;
+in
+{
+  sane.programs = lib.mkMerge [
+    (declarePkgs consoleMediaPkgs)
+    (declarePkgs consolePkgs)
+    (declarePkgs desktopGuiPkgs)
+    (declarePkgs guiPkgs)
+    (declarePkgs iphonePkgs)
+    (declarePkgs sysadminPkgs)
+    (declarePkgs sysadminExtraPkgs)
+    (declarePkgs tuiPkgs)
+    (declarePkgs x86GuiPkgs)
+    (declarePkgs otherPkgs)
+    {
+      # link the various package sets into their own meta packages
+      consoleMediaUtils = {
+        package = null;
+        suggestedPrograms = attrNames consoleMediaPkgs;
+      };
+      consoleUtils = {
+        package = null;
+        suggestedPrograms = attrNames consolePkgs;
+      };
+      desktopGuiApps = {
+        package = null;
+        suggestedPrograms = attrNames desktopGuiPkgs;
+      };
+      guiApps = {
+        package = null;
+        suggestedPrograms = (attrNames guiPkgs)
+          ++ [ "web-browser" ]
+          ++ [ "tuiApps" ]
+          ++ lib.optional (pkgs.system == "x86_64-linux") "x86GuiApps";
+      };
+      iphoneUtils = {
+        package = null;
+        suggestedPrograms = attrNames iphonePkgs;
+      };
+      sysadminUtils = {
+        package = null;
+        suggestedPrograms = attrNames sysadminPkgs;
+      };
+      sysadminExtraUtils = {
+        package = null;
+        suggestedPrograms = attrNames sysadminExtraPkgs;
+      };
+      tuiApps = {
+        package = null;
+        suggestedPrograms = attrNames tuiPkgs;
+      };
+      x86GuiApps = {
+        package = null;
+        suggestedPrograms = attrNames x86GuiPkgs;
+      };
+    }
+    {
+      # nontrivial package definitions
+
+      dino.persist.private = [ ".local/share/dino" ];
+
+      # creds, but also 200 MB of node modules, etc
+      discord.persist.private = [ ".config/discord" ];
+
+      # creds/session keys, etc
+      element-desktop.persist.private = [ ".config/Element" ];
+
+      # `emote` will show a first-run dialog based on what's in this directory.
+      # mostly, it just keeps a LRU of previously-used emotes to optimize display order.
+      # TODO: package [smile](https://github.com/mijorus/smile) for probably a better mobile experience.
+      emote.persist.plaintext = [ ".local/share/Emote" ];
+
+      # MS GitHub stores auth token in .config
+      # TODO: we can populate gh's stuff statically; it even lets us use the same oauth across machines
+      gh.persist.private = [ ".config/gh" ];
+
+      # actual monero blockchain (not wallet/etc; safe to delete, just slow to regenerate)
+      # XXX: is it really safe to persist this? it doesn't have info that could de-anonymize if captured?
+      monero-gui.persist.plaintext = [ ".bitmonero" ];
+
+      mumble.persist.private = [ ".local/share/Mumble" ];
+
+      # not strictly necessary, but allows caching articles; offline use, etc.
+      nheko.persist.private = [
+        ".config/nheko"  # config file (including client token)
+        ".cache/nheko"  # media cache
+        ".local/share/nheko"  # per-account state database
+      ];
+
+      # settings (electron app)
+      obsidian.persist.plaintext = [ ".config/obsidian" ];
+
+      # creds, media
+      signal-desktop.persist.private = [ ".config/Signal" ];
+
+      # printer/filament settings
+      slic3r.persist.plaintext = [ ".Slic3r" ];
+
+      # creds, widevine .so download. TODO: could easily manage these statically.
+      spotify.persist.plaintext = [ ".config/spotify" ];
+
+      tdesktop.persist.private = [ ".local/share/TelegramDesktop" ];
+
+      tokodon.persist.private = [ ".cache/KDE/tokodon" ];
+
+      # hardenedMalloc solves a crash at startup
+      # TODO 2023/02/02: is this safe to remove yet?
+      tor-browser-bundle-bin.package = pkgs.tor-browser-bundle-bin.override {
+        useHardenedMalloc = false;
+      };
+
+      whalebird.persist.private = [ ".config/Whalebird" ];
+
+      yarn.persist.plaintext = [ ".cache/yarn" ];
+
+      # zcash coins. safe to delete, just slow to regenerate (10-60 minutes)
+      zecwallet-lite.persist.private = [ ".zcash" ];
+    }
+  ];
+}

hosts/common/programs/default.nix

@@ -1,269 +1,13 @@
-{ config, lib, pkgs, ... }:
+{ pkgs, ... }:
 
-let
-  inherit (builtins) attrNames concatLists;
-  inherit (lib) mapAttrs mapAttrsToList mkDefault mkIf mkMerge optional;
-
-  flattenedPkgs = pkgs // (with pkgs; {
-    # XXX can't `inherit` a nested attr, so we move them to the toplevel
-    "cacert.unbundled" = pkgs.cacert.unbundled;
-    "gnome.cheese" = gnome.cheese;
-    "gnome.dconf-editor" = gnome.dconf-editor;
-    "gnome.file-roller" = gnome.file-roller;
-    "gnome.gnome-disk-utility" = gnome.gnome-disk-utility;
-    "gnome.gnome-maps" = gnome.gnome-maps;
-    "gnome.nautilus" = gnome.nautilus;
-    "gnome.gnome-system-monitor" = gnome.gnome-system-monitor;
-    "gnome.gnome-terminal" = gnome.gnome-terminal;
-    "gnome.gnome-weather" = gnome.gnome-weather;
-    "gnome.totem" = gnome.totem;
-    "libsForQt5.plasmatube" = libsForQt5.plasmatube;
-  });
-
-  sysadminPkgs = {
-    inherit (flattenedPkgs)
-      btrfs-progs
-      "cacert.unbundled"  # some services require unbundled /etc/ssl/certs
-      cryptsetup
-      dig
-      efibootmgr
-      fatresize
-      fd
-      file
-      gawk
-      git
-      gptfdisk
-      hdparm
-      htop
-      iftop
-      inetutils  # for telnet
-      iotop
-      iptables
-      jq
-      killall
-      lsof
-      miniupnpc
-      nano
-      netcat
-      nethogs
-      nmap
-      openssl
-      parted
-      pciutils
-      powertop
-      pstree
-      ripgrep
-      screen
-      smartmontools
-      socat
-      strace
-      subversion
-      tcpdump
-      tree
-      usbutils
-      wget
-      wirelesstools  # iwlist
-    ;
-  };
-  sysadminExtraPkgs = {
-    # application-specific packages
-    inherit (pkgs)
-      backblaze-b2
-      duplicity
-      sqlite  # to debug sqlite3 databases
-    ;
-  };
-
-  iphonePkgs = {
-    inherit (pkgs)
-      ifuse
-      ipfs
-      libimobiledevice
-    ;
-  };
-
-  tuiPkgs = {
-    inherit (pkgs)
-      aerc  # email client
-      offlineimap  # email mailox sync
-      visidata  # TUI spreadsheet viewer/editor
-      w3m
-    ;
-  };
-
-  # TODO: split these into smaller groups.
-  # - transcoders (ffmpeg, imagemagick) only wanted on desko/lappy ("powerutils"?)
-  consolePkgs = {
-    inherit (pkgs)
-      alsaUtils  # for aplay, speaker-test
-      cdrtools
-      dmidecode
-      efivar
-      flashrom
-      fwupd
-      gh  # MS GitHub cli
-      git  # needed as a user package, for config.
-      gnupg
-      gocryptfs
-      gopass  # TODO: shouldn't be needed here
-      gopass-jsonapi
-      imagemagick
-      kitty  # TODO: move to GUI, but `ssh servo` from kitty sets `TERM=xterm-kitty` in the remove and breaks things
-      libsecret  # for managing user keyrings
-      lm_sensors  # for sensors-detect
-      lshw
-      ffmpeg
-      # memtester
-      neovim
-      # nettools
-      # networkmanager
-      nixpkgs-review
-      # nixos-generators
-      nmon
-      # node2nix
-      # oathToolkit  # for oathtool
-      # ponymix
-      pulsemixer
-      python3
-      ripgrep  # needed as a user package, for config.
-      rsync
-      # python3Packages.eyeD3  # music tagging
-      sane-scripts
-      sequoia
-      snapper
-      sops
-      sox
-      speedtest-cli
-      # ssh-to-age
-      sudo
-      # tageditor  # music tagging
-      unar
-      wireguard-tools
-      xdg-utils  # for xdg-open
-      # yarn
-      # youtube-dl
-      yt-dlp
-      zsh
-    ;
-  };
-
-  guiPkgs = {
-    inherit (flattenedPkgs)
-      # celluloid  # mpv frontend
-      clinfo
-      emote
-      evince  # works on phosh
-
-      # { pkg = fluffychat-moby; persist.plaintext = [ ".local/share/chat.fluffy.fluffychat" ]; }  # TODO: ship normal fluffychat on non-moby?
-
-      # foliate  # e-book reader
-
-      # XXX by default fractal stores its state in ~/.local/share/<UUID>.
-      # after logging in, manually change ~/.local/share/keyrings/... to point it to some predictable subdir.
-      # then reboot (so that libsecret daemon re-loads the keyring...?)
-      # { pkg = fractal-latest; persist.private = [ ".local/share/fractal" ]; }
-      # { pkg = fractal-next; persist.private = [ ".local/share/fractal" ]; }
-
-      # "gnome.cheese"
-      "gnome.dconf-editor"
-      # gnome-feeds  # RSS reader (with claimed mobile support)
-      "gnome.file-roller"
-      # "gnome.gnome-maps"  # works on phosh
-      "gnome.nautilus"
-      # gnome-podcasts
-      "gnome.gnome-system-monitor"
-      # "gnome.gnome-terminal"  # works on phosh
-      # "gnome.gnome-weather"
-      gpodder
-      gthumb
-      jellyfin-media-player
-      # lollypop
-      # mpv
-      networkmanagerapplet
-      # newsflash
-      nheko
-      pavucontrol
-      # picard  # music tagging
-      playerctl
-      # "libsForQt5.plasmatube"  # Youtube player
-      soundconverter
-      sublime-music
-      # tdesktop  # broken on phosh
-      # tokodon
-      vlc
-      # pleroma client (Electron). input is broken on phosh. TODO(2023/02/02): fix electron19 input (insecure)
-      # whalebird
-      xterm  # broken on phosh
-    ;
-  };
-  desktopGuiPkgs = {
-    inherit (flattenedPkgs)
-      audacity
-      brave  # for the integrated wallet -- as a backup
-      chromium
-      dino
-      electrum
-      element-desktop
-      font-manager
-      gajim  # XMPP client
-      gimp  # broken on phosh
-      "gnome.gnome-disk-utility"
-      # "gnome.totem"  # video player, supposedly supports UPnP
-      handbrake
-      hase
-      inkscape
-      kdenlive
-      kid3  # audio tagging
-      krita
-      libreoffice-fresh
-      mumble
-      obsidian
-      slic3r
-      steam
-      wireshark  # could maybe ship the cli as sysadmin pkg
-    ;
-  };
-  x86GuiPkgs = {
-    inherit (pkgs)
-      discord
-
-      # kaiteki  # Pleroma client
-      # gnome.zenity # for kaiteki (it will use qarma, kdialog, or zenity)
-      # gpt2tc  # XXX: unreliable mirror
-
-      # logseq  # Personal Knowledge Management
-      losslesscut-bin
-      makemkv
-      monero-gui
-      signal-desktop
-      spotify
-      tor-browser-bundle-bin
-      zecwallet-lite
-    ;
-  };
-
-  # packages not part of any package set; not enabled by default
-  otherPkgs = {
-    inherit (pkgs)
-      lemmy-server
-      mx-sanebot
-      stepmania
-    ;
-  };
-
-  # define -- but don't enable -- the packages in some attrset.
-  declarePkgs = pkgsAsAttrs: mapAttrs (_n: p: {
-    # no need to actually define the package here: it's defaulted
-    # package = mkDefault p;
-  }) pkgsAsAttrs;
-in
 {
-
   imports = [
     ./aerc.nix
+    ./assorted.nix
     ./git.nix
     ./gnome-feeds.nix
     ./gpodder.nix
+    ./imagemagick.nix
     ./jellyfin-media-player.nix
     ./kitty
     ./libreoffice.nix
@@ -273,6 +17,7 @@ in
     ./offlineimap.nix
     ./ripgrep.nix
     ./splatmoji.nix
+    ./steam.nix
     ./sublime-music.nix
     ./vlc.nix
     ./web-browser.nix
@@ -282,141 +27,8 @@ in
   ];
 
   config = {
-    sane.programs = mkMerge [
-      (declarePkgs consolePkgs)
-      (declarePkgs desktopGuiPkgs)
-      (declarePkgs guiPkgs)
-      (declarePkgs iphonePkgs)
-      (declarePkgs sysadminPkgs)
-      (declarePkgs sysadminExtraPkgs)
-      (declarePkgs tuiPkgs)
-      (declarePkgs x86GuiPkgs)
-      (declarePkgs otherPkgs)
-      {
-        # link the various package sets into their own meta packages
-        consoleUtils = {
-          package = null;
-          suggestedPrograms = attrNames consolePkgs;
-        };
-        desktopGuiApps = {
-          package = null;
-          suggestedPrograms = attrNames desktopGuiPkgs;
-        };
-        guiApps = {
-          package = null;
-          suggestedPrograms = (attrNames guiPkgs)
-            ++ [ "web-browser" ]
-            ++ [ "tuiApps" ]
-            ++ optional (pkgs.system == "x86_64-linux") "x86GuiApps";
-        };
-        iphoneUtils = {
-          package = null;
-          suggestedPrograms = attrNames iphonePkgs;
-        };
-        sysadminUtils = {
-          package = null;
-          suggestedPrograms = attrNames sysadminPkgs;
-        };
-        sysadminExtraUtils = {
-          package = null;
-          suggestedPrograms = attrNames sysadminExtraPkgs;
-        };
-        tuiApps = {
-          package = null;
-          suggestedPrograms = attrNames tuiPkgs;
-        };
-        x86GuiApps = {
-          package = null;
-          suggestedPrograms = attrNames x86GuiPkgs;
-        };
-      }
-      {
-        # nontrivial package definitions
-
-        dino.persist.private = [ ".local/share/dino" ];
-
-        # creds, but also 200 MB of node modules, etc
-        discord.persist.private = [ ".config/discord" ];
-
-        # creds/session keys, etc
-        element-desktop.persist.private = [ ".config/Element" ];
-
-        # `emote` will show a first-run dialog based on what's in this directory.
-        # mostly, it just keeps a LRU of previously-used emotes to optimize display order.
-        # TODO: package [smile](https://github.com/mijorus/smile) for probably a better mobile experience.
-        emote.persist.plaintext = [ ".local/share/Emote" ];
-
-        # MS GitHub stores auth token in .config
-        # TODO: we can populate gh's stuff statically; it even lets us use the same oauth across machines
-        gh.persist.private = [ ".config/gh" ];
-
-        ghostscript = {};  # used by imagemagick
-
-        imagemagick = {
-          package = pkgs.imagemagick.override {
-            ghostscriptSupport = true;
-          };
-          suggestedPrograms = [ "ghostscript" ];
-        };
-
-        # actual monero blockchain (not wallet/etc; safe to delete, just slow to regenerate)
-        # XXX: is it really safe to persist this? it doesn't have info that could de-anonymize if captured?
-        monero-gui.persist.plaintext = [ ".bitmonero" ];
-
-        mumble.persist.private = [ ".local/share/Mumble" ];
-
-        # not strictly necessary, but allows caching articles; offline use, etc.
-        nheko.persist.private = [
-          ".config/nheko"  # config file (including client token)
-          ".cache/nheko"  # media cache
-          ".local/share/nheko"  # per-account state database
-        ];
-
-        # settings (electron app)
-        obsidian.persist.plaintext = [ ".config/obsidian" ];
-
-        # creds, media
-        signal-desktop.persist.private = [ ".config/Signal" ];
-
-        # printer/filament settings
-        slic3r.persist.plaintext = [ ".Slic3r" ];
-
-        # creds, widevine .so download. TODO: could easily manage these statically.
-        spotify.persist.plaintext = [ ".config/spotify" ];
-
-        steam.persist.plaintext = [
-          ".steam"
-          ".local/share/Steam"
-        ];
-
-        tdesktop.persist.private = [ ".local/share/TelegramDesktop" ];
-
-        tokodon.persist.private = [ ".cache/KDE/tokodon" ];
-
-        # hardenedMalloc solves a crash at startup
-        # TODO 2023/02/02: is this safe to remove yet?
-        tor-browser-bundle-bin.package = pkgs.tor-browser-bundle-bin.override {
-          useHardenedMalloc = false;
-        };
-
-        whalebird.persist.private = [ ".config/Whalebird" ];
-
-        yarn.persist.plaintext = [ ".cache/yarn" ];
-
-        # zcash coins. safe to delete, just slow to regenerate (10-60 minutes)
-        zecwallet-lite.persist.private = [ ".zcash" ];
-      }
-    ];
-
     # XXX: this might not be necessary. try removing this and cacert.unbundled (servo)?
     environment.etc."ssl/certs".source = "${pkgs.cacert.unbundled}/etc/ssl/certs/*";
 
-    # steam requires system-level config for e.g. firewall or controller support
-    programs.steam = mkIf config.sane.programs.steam.enabled {
-      enable = true;
-      # not sure if needed: stole this whole snippet from the wiki
-      remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
-      dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
-    };
   };
 }

hosts/common/programs/imagemagick.nix

@@ -0,0 +1,10 @@
+{ pkgs, ... }:
+{
+  sane.programs.imagemagick = {
+    package = pkgs.imagemagick.override {
+      ghostscriptSupport = true;
+    };
+    suggestedPrograms = [ "ghostscript" ];
+  };
+  sane.programs.ghostscript = {};
+}

hosts/common/programs/jellyfin-media-player.nix

@@ -2,8 +2,8 @@
 
 {
   sane.programs.jellyfin-media-player = {
-    package = pkgs.jellyfin-media-player;
-    # package = pkgs.jellyfin-media-player-qt6;
+    # package = pkgs.jellyfin-media-player;
+    package = pkgs.jellyfin-media-player-qt6;
 
     # jellyfin stores things in a bunch of directories: this one persists auth info.
     # it *might* be possible to populate this externally (it's Qt stuff), but likely to

hosts/common/programs/steam.nix

@@ -0,0 +1,16 @@
+{ config, lib, ...}:
+{
+  sane.programs.steam = {
+    persist.plaintext = [
+      ".steam"
+      ".local/share/Steam"
+    ];
+  };
+  # steam requires system-level config for e.g. firewall or controller support
+  programs.steam = lib.mkIf config.sane.programs.steam.enabled {
+    enable = true;
+    # not sure if needed: stole this whole snippet from the wiki
+    remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
+    dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
+  };
+}

modules/default.nix

@@ -2,6 +2,7 @@
 
 {
   imports = [
+    ./dns.nix
     ./feeds.nix
     ./fs
     ./ids.nix

modules/dns.nix

@@ -0,0 +1,146 @@
+{ config, lib, pkgs, ... }:
+
+with builtins;
+let
+  cfg = config.sane.dns;
+  toml = pkgs.formats.toml { };
+  recordFormatters = {
+    # quote rules for zone files:
+    # - any character may be encoded by `\DDD`, where `DDD` represents its ascii value in base 8.
+    # - any non-digit `X` may be encoded by `\X`.
+    # - stated in: <https://www.ietf.org/rfc/rfc1035.txt>: 5.1 Format
+    # - visible in <trust-dns:crates/proto/src/serialize/txt/zone_lex.rs:escape_seq>
+    # for us, we can just replace `\` => `\\ and `"` -> `\"`
+    TXT = value: "\"" + (lib.escape [ "\\" "\"" ] value) + "\"";
+  };
+  # proto: "INET", etc
+  # rrtype: "TXT", "A", "CNAME", etc
+  fmtRecord = proto: rrtype: name: value:
+    let
+      formatter = recordFormatters."${rrtype}" or lib.id;
+    in
+      "${name}\t${proto}\t${rrtype}\t${formatter value}";
+  fmtRecordList = proto: rrtype: name: values: concatStringsSep
+    "\n"
+    (map (fmtRecord proto rrtype name) values)
+  ;
+  fmtRecordAttrs = proto: rrtype: rrAttrs:
+    concatStringsSep
+      "\n"
+      (
+        attrValues (
+          mapAttrs
+            (name: fmtRecordList proto rrtype name)
+            rrAttrs
+        )
+      );
+  # format other .zone files to include into this one
+  fmtIncludes = paths: concatStringsSep
+    "\n"
+    (map (path: "$INCLUDE ${path}") paths);
+
+  genZone = zcfg: ''
+    $TTL ${toString zcfg.TTL}
+    ${fmtRecordAttrs "IN" "SOA" zcfg.inet.SOA}
+    ${fmtRecordAttrs "IN" "A" zcfg.inet.A}
+    ${fmtRecordAttrs "IN" "CNAME" zcfg.inet.CNAME}
+    ${fmtRecordAttrs "IN" "MX" zcfg.inet.MX}
+    ${fmtRecordAttrs "IN" "NS" zcfg.inet.NS}
+    ${fmtRecordAttrs "IN" "SRV" zcfg.inet.SRV}
+    ${fmtRecordAttrs "IN" "TXT" zcfg.inet.TXT}
+    ${fmtIncludes zcfg.include}
+    ${zcfg.extraConfig}
+  '';
+
+  # (listOf ty) type which also accepts single-assignment of `ty`.
+  # it's used to allow the user to write:
+  #   CNAME."foo" = "bar";
+  # as shorthand for
+  #   CNAME."foo" = [ "bar" ];
+  listOrUnit = with lib; ty: types.coercedTo ty (elem: [ elem ]) (types.listOf ty);
+in
+{
+  options = {
+    sane.dns = with lib; {
+      zones = mkOption {
+        type = types.attrsOf (types.submodule {
+          options = {
+            name = mkOption {
+              type = types.nullOr types.str;
+              description = "zone name. defaults to the attribute name in zones";
+              default = null;
+            };
+            TTL = mkOption {
+              type = types.int;
+              description = "default TTL";
+              default = 3600;
+            };
+            include = mkOption {
+              type = types.listOf types.str;
+              description = "paths of other zone files to $INCLUDE into this one";
+              default = [];
+            };
+            extraConfig = mkOption {
+              type = types.lines;
+              description = "extra lines to append to the zone file";
+              default = "";
+            };
+            inet = {
+              SOA = mkOption {
+                type = types.attrsOf (listOrUnit types.str);
+                description = "Start of Authority record(s)";
+                default = {};
+              };
+              A = mkOption {
+                type = types.attrsOf (listOrUnit types.str);
+                description = "IPv4 address record(s)";
+                default = {};
+              };
+              CNAME = mkOption {
+                type = types.attrsOf (listOrUnit types.str);
+                description = "canonical name record(s)";
+                default = {};
+              };
+              MX = mkOption {
+                type = types.attrsOf (listOrUnit types.str);
+                description = "mail exchanger record(s)";
+                default = {};
+              };
+              NS = mkOption {
+                type = types.attrsOf (listOrUnit types.str);
+                description = "name server record(s)";
+                default = {};
+              };
+              SRV = mkOption {
+                type = types.attrsOf (listOrUnit types.str);
+                description = "service record(s)";
+                default = {};
+              };
+              TXT = mkOption {
+                type = types.attrsOf (listOrUnit types.str);
+                description = "text record(s)";
+                default = {};
+              };
+            };
+
+            file = mkOption {
+              type = types.nullOr types.str;
+              default = null;
+              description = ''
+                instead of using the generated zone file, use the specified path (user should populate the file specified here).
+              '';
+            };
+          };
+        });
+        default = {};
+        description = "Declarative zone config";
+      };
+    };
+  };
+
+  config = {
+    sane.services.trust-dns.zones = mapAttrs (_name: zcfg: {
+      text = genZone zcfg;
+    }) cfg.zones;
+  };
+}

modules/services/trust-dns.nix

@@ -7,50 +7,6 @@ with lib;
 let
   cfg = config.sane.services.trust-dns;
   toml = pkgs.formats.toml { };
-  recordFormatters = {
-    # quote rules for zone files:
-    # - any character may be encoded by `\DDD`, where `DDD` represents its ascii value in base 8.
-    # - any non-digit `X` may be encoded by `\X`.
-    # - stated in: <https://www.ietf.org/rfc/rfc1035.txt>: 5.1 Format
-    # - visible in <trust-dns:crates/proto/src/serialize/txt/zone_lex.rs:escape_seq>
-    # for us, we can just replace `\` => `\\ and `"` -> `\"`
-    TXT = value: "\"" + (lib.escape [ "\\" "\"" ] value) + "\"";
-  };
-  fmtRecord = proto: rrtype: name: value:
-    let
-      formatter = recordFormatters."${rrtype}" or lib.id;
-    in
-      "${name}\t${proto}\t${rrtype}\t${formatter value}";
-  fmtRecordList = proto: rrtype: name: values: concatStringsSep
-    "\n"
-    (map (fmtRecord proto rrtype name) values)
-  ;
-  fmtRecordAttrs = proto: rrtype: rrAttrs:
-    concatStringsSep
-      "\n"
-      (
-        attrValues (
-          mapAttrs
-            (name: fmtRecordList proto rrtype name)
-            rrAttrs
-        )
-      );
-  fmtIncludes = paths: concatStringsSep
-    "\n"
-    (map (path: "$INCLUDE ${path}") paths);
-
-  genZone = zcfg: ''
-    $TTL ${toString zcfg.TTL}
-    ${fmtRecordAttrs "IN" "SOA" zcfg.inet.SOA}
-    ${fmtRecordAttrs "IN" "A" zcfg.inet.A}
-    ${fmtRecordAttrs "IN" "CNAME" zcfg.inet.CNAME}
-    ${fmtRecordAttrs "IN" "MX" zcfg.inet.MX}
-    ${fmtRecordAttrs "IN" "NS" zcfg.inet.NS}
-    ${fmtRecordAttrs "IN" "SRV" zcfg.inet.SRV}
-    ${fmtRecordAttrs "IN" "TXT" zcfg.inet.TXT}
-    ${fmtIncludes zcfg.include}
-    ${zcfg.extraConfig}
-  '';
 
   configFile = toml.generate "trust-dns.toml" {
     listen_addrs_ipv4 = cfg.listenAddrsIPv4;
@@ -58,20 +14,10 @@ let
       mapAttrs (zname: zcfg: rec {
         zone = if zcfg.name == null then zname else zcfg.name;
         zone_type = "Primary";
-        file = if zcfg.file == null then
-          pkgs.writeText "${zone}.zone" (genZone zcfg)
-        else
-          zcfg.file;
+        file = zcfg.file;
       }) cfg.zones
     );
   };
-
-  # (listOf ty) type which also accepts single-assignment of `ty`.
-  # it's used to allow the user to write:
-  #   CNAME."foo" = "bar";
-  # as shorthand for
-  #   CNAME."foo" = [ "bar" ];
-  listOrUnit = ty: types.coercedTo ty (elem: [ elem ]) (types.listOf ty);
 in
 {
   options = {
@@ -106,89 +52,37 @@ in
       };
       # reference <nixpkgs:nixos/modules/services/web-servers/nginx/vhost-options.nix>
       zones = mkOption {
-        type = types.attrsOf (types.submodule {
+        type = types.attrsOf (types.submodule ({ config, name, ... }: {
           options = {
             name = mkOption {
               type = types.nullOr types.str;
               description = "zone name. defaults to the attribute name in zones";
+              default = name;
+            };
+            text = mkOption {
+              type = types.nullOr types.lines;
               default = null;
             };
-            TTL = mkOption {
-              type = types.int;
-              description = "default TTL";
-              default = 3600;
-            };
-            include = mkOption {
-              type = types.listOf types.str;
-              description = "paths of other zone files to $INCLUDE into this one";
-              default = [];
-            };
-            extraConfig = mkOption {
-              type = types.lines;
-              description = "extra lines to append to the zone file";
-              default = "";
-            };
-            inet = {
-              SOA = mkOption {
-                type = types.attrsOf (listOrUnit types.str);
-                description = "Start of Authority record(s)";
-                default = {};
-              };
-              A = mkOption {
-                type = types.attrsOf (listOrUnit types.str);
-                description = "IPv4 address record(s)";
-                default = {};
-              };
-              CNAME = mkOption {
-                type = types.attrsOf (listOrUnit types.str);
-                description = "canonical name record(s)";
-                default = {};
-              };
-              MX = mkOption {
-                type = types.attrsOf (listOrUnit types.str);
-                description = "mail exchanger record(s)";
-                default = {};
-              };
-              NS = mkOption {
-                type = types.attrsOf (listOrUnit types.str);
-                description = "name server record(s)";
-                default = {};
-              };
-              SRV = mkOption {
-                type = types.attrsOf (listOrUnit types.str);
-                description = "service record(s)";
-                default = {};
-              };
-              TXT = mkOption {
-                type = types.attrsOf (listOrUnit types.str);
-                description = "text record(s)";
-                default = {};
-              };
-            };
-
             file = mkOption {
-              type = types.nullOr types.str;
-              default = null;
+              type = types.nullOr (types.either types.path types.str);
               description = ''
-                instead of using the generated zone file, use the specified path (user should populate the file specified here).
+                path to a .zone file.
+                if omitted, will be generated from the `text` option.
               '';
             };
           };
-        });
+
+          config = {
+            file = lib.mkIf (config.text != null) (pkgs.writeText "${config.name}.zone" config.text);
+          };
+        }));
         default = {};
         description = "Declarative zone config";
       };
-
-      generatedZones = mkOption {
-        type = types.attrsOf types.str;
-        description = "generated zone text for each zone";
-      };
     };
   };
 
   config = mkIf cfg.enable {
-    sane.services.trust-dns.generatedZones = mapAttrs (zone: zcfg: genZone zcfg) cfg.zones;
-
     sane.ports.ports."53" = {
       protocol = [ "udp" "tcp" ];
       visibleTo.lan = true;

nixpatches/2023-06-02-qt6-qtwebengine-cross.patch

@@ -0,0 +1,31 @@
+diff --git a/pkgs/development/libraries/qt-6/modules/qtwebengine.nix b/pkgs/development/libraries/qt-6/modules/qtwebengine.nix
+index fadbc5d2bfa..e4f2aec5a32 100644
+--- a/pkgs/development/libraries/qt-6/modules/qtwebengine.nix
++++ b/pkgs/development/libraries/qt-6/modules/qtwebengine.nix
+@@ -97,6 +97,9 @@
+ , xnu
+ }:
+ 
++let
++  buildPython = buildPackages.python3.withPackages (ps: with ps; [ html5lib ]);
++in
+ qtModule {
+   pname = "qtwebengine";
+   qtInputs = [ qtdeclarative qtwebchannel qtwebsockets qtpositioning ];
+@@ -108,7 +111,7 @@ qtModule {
+     gperf
+     ninja
+     pkg-config
+-    (python3.withPackages (ps: with ps; [ html5lib ]))
++    buildPython
+     which
+     gn
+     nodejs
+@@ -304,6 +307,7 @@ qtModule {
+ 
+   preConfigure = ''
+     export NINJAFLAGS="-j$NIX_BUILD_CORES"
++    export CMAKE_PREFIX_PATH="${buildPython}/bin:$CMAKE_PREFIX_PATH"
+   '';
+ 
+   meta = with lib; {

nixpatches/2023-06-06-jellyfin-no-libsForQt5-callPackage.patch

@@ -0,0 +1,60 @@
+diff --git a/pkgs/applications/video/jellyfin-media-player/default.nix b/pkgs/applications/video/jellyfin-media-player/default.nix
+index e781f80e455..d1990294141 100644
+--- a/pkgs/applications/video/jellyfin-media-player/default.nix
++++ b/pkgs/applications/video/jellyfin-media-player/default.nix
+@@ -1,7 +1,6 @@
+ { lib
+ , fetchFromGitHub
+ , fetchzip
+-, mkDerivation
+ , stdenv
+ , Cocoa
+ , CoreAudio
+@@ -12,21 +11,20 @@
+ , libGL
+ , libX11
+ , libXrandr
++, libsForQt5
+ , libvdpau
+ , mpv
+ , ninja
+ , pkg-config
+ , python3
+-, qtbase
+-, qtwayland
+-, qtwebchannel
+-, qtwebengine
+-, qtx11extras
+ , jellyfin-web
+ , withDbus ? stdenv.isLinux, dbus
+ }:
+ 
+-mkDerivation rec {
++let
++  inherit (libsForQt5) qtbase qtwayland qtwebchannel qtwebengine qtx11extras wrapQtAppsHook;
++in
++stdenv.mkDerivation rec {
+   pname = "jellyfin-media-player";
+   version = "1.9.1";
+ 
+@@ -69,6 +67,7 @@ mkDerivation rec {
+     ninja
+     pkg-config
+     python3
++    wrapQtAppsHook
+   ];
+ 
+   cmakeFlags = [
+diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
+index eb309c9b283..d8a718db698 100644
+--- a/pkgs/top-level/all-packages.nix
++++ b/pkgs/top-level/all-packages.nix
+@@ -5289,7 +5289,7 @@ with pkgs;
+ 
+   jellyfin-ffmpeg = callPackage ../development/libraries/jellyfin-ffmpeg { };
+ 
+-  jellyfin-media-player = libsForQt5.callPackage ../applications/video/jellyfin-media-player {
++  jellyfin-media-player = callPackage ../applications/video/jellyfin-media-player {
+     inherit (darwin.apple_sdk.frameworks) CoreFoundation Cocoa CoreAudio MediaPlayer;
+     # Disable pipewire to avoid segfault, see https://github.com/jellyfin/jellyfin-media-player/issues/341
+     mpv = wrapMpv (mpv-unwrapped.override { pipewireSupport = false; }) { };

nixpatches/list.nix

@@ -52,10 +52,10 @@ in [
   # TODO: why doesn't this apply?
   # ./2023-03-04-ccache-cross-fix.patch
 
-  # 2023-04-11: bambu-studio: init at unstable-2023-01-11
+  # 2023-04-11: bambu-studio: init at 01.06.02.04
   (fetchpatch' {
     prUrl = "https://github.com/NixOS/nixpkgs/pull/206495";
-    hash = "sha256-RbQzAtFTr7Nrk2YBcHpKQMYoPlFMVSXNl96B/lkKluQ=";
+    hash = "sha256-jl6SZwSDhQTlpM5FyGaFU/svwTb1ySdKtvWMgsneq3A=";
   })
 
   # update to newer lemmy-server.
@@ -153,6 +153,12 @@ in [
   # make alsa-project members overridable
   ./2023-05-31-toplevel-alsa.patch
 
+  # qt6 qtwebengine: specify `python` as buildPackages
+  ./2023-06-02-qt6-qtwebengine-cross.patch
+
+  # Jellyfin: don't build via `libsForQt5.callPackage`
+  ./2023-06-06-jellyfin-no-libsForQt5-callPackage.patch
+
   # for raspberry pi: allow building u-boot for rpi 4{,00}
   # TODO: remove after upstreamed: https://github.com/NixOS/nixpkgs/pull/176018
   #   (it's a dupe of https://github.com/NixOS/nixpkgs/pull/112677 )

overlays/cross.nix

@@ -82,11 +82,11 @@ in {
     ibus  # "error: cannot run test program while cross compiling"
     jellyfin-web  # in node-dependencies-jellyfin-web: "node: command not found"  (nodePackages don't cross compile)
     # libgccjit  # "../../gcc-9.5.0/gcc/jit/jit-result.c:52:3: error: 'dlclose' was not declared in this scope"  (needed by emacs!)
-    # libsForQt5  # qtbase  # make: g++: No such file or directory
+    # libsForQt5  # if we emulate qt5, we're better off emulating libsForQt5 else qt complains about multiple versions of qtbase
     perlInterpreters  # perl5.36.0-Module-Build perl5.36.0-Test-utf8 (see tracking issues ^)
     # qgnomeplatform
     # qtbase
-    qt5  # qt5.qtx11extras fails, but we can't selectively emulate it
+    # qt5  # qt5.qtbase, qt5.qtx11extras fails, but we can't selectively emulate them.
     # qt6  # "You need to set QT_HOST_PATH to cross compile Qt."
     # sequoia  # "/nix/store/q8hg17w47f9xr014g36rdc2gi8fv02qc-clang-aarch64-unknown-linux-gnu-12.0.1-lib/lib/libclang.so.12: cannot open shared object file: No such file or directory"', /build/sequoia-0.27.0-vendor.tar.gz/bindgen/src/lib.rs:1975:31"
     # splatmoji
@@ -647,13 +647,18 @@ in {
     };
   };
 
-  jellyfin-media-player = prev.jellyfin-media-player.overrideAttrs (upstream: {
-    meta = upstream.meta // {
-      platforms = upstream.meta.platforms ++ [
-        "aarch64-linux"
-      ];
-    };
-  });
+  jellyfin-media-player = mvToBuildInputs
+    [ final.libsForQt5.wrapQtAppsHook ]  # this shouldn't be: but otherwise we get mixed qtbase deps
+    (prev.jellyfin-media-player.overrideAttrs (upstream: {
+      meta = upstream.meta // {
+        platforms = upstream.meta.platforms ++ [
+          "aarch64-linux"
+        ];
+      };
+    }));
+  jellyfin-media-player-qt6 = mvToBuildInputs
+    [ final.qt6.wrapQtAppsHook ]  # otherwise the result targets x86.  TODO: fix the hook in qt6 itself?
+    prev.jellyfin-media-player-qt6;
   # jellyfin-web = prev.jellyfin-web.override {
   #   # in node-dependencies-jellyfin-web: "node: command not found"
   #   inherit (emulated) stdenv;
@@ -689,18 +694,24 @@ in {
   #   buildInputs = upstream.buildInputs ++ [ final.vala ];
   # });
 
-  libsForQt5 = prev.libsForQt5.overrideScope' (self: super: {
-    qgpgme = super.qgpgme.overrideAttrs (orig: {
-      # fix so it can find the MOC compiler
-      # it looks like it might not *need* to propagate qtbase, but so far unclear
-      nativeBuildInputs = orig.nativeBuildInputs ++ [ self.qtbase ];
-      propagatedBuildInputs = lib.remove self.qtbase orig.propagatedBuildInputs;
-    });
-    phonon = super.phonon.overrideAttrs (orig: {
-      # fixes "ECM (required version >= 5.60), Extra CMake Modules"
-      buildInputs = orig.buildInputs ++ [ final.extra-cmake-modules ];
-    });
-  });
+  # libsForQt5 = prev.libsForQt5.overrideScope' (self: super: {
+  #   qgpgme = super.qgpgme.overrideAttrs (orig: {
+  #     # fix so it can find the MOC compiler
+  #     # it looks like it might not *need* to propagate qtbase, but so far unclear
+  #     nativeBuildInputs = orig.nativeBuildInputs ++ [ self.qtbase ];
+  #     propagatedBuildInputs = lib.remove self.qtbase orig.propagatedBuildInputs;
+  #   });
+  #   phonon = super.phonon.overrideAttrs (orig: {
+  #     # fixes "ECM (required version >= 5.60), Extra CMake Modules"
+  #     buildInputs = orig.buildInputs ++ [ final.extra-cmake-modules ];
+  #   });
+  # });
+  # libsForQt5 = prev.libsForQt5.overrideScope' (self: super: {
+  #   # emulate all the qt5 packages, but rework `libsForQt5.callPackage` and `mkDerivation`
+  #   # to use non-emulated stdenv by default.
+  #   mkDerivation = self.mkDerivationWith final.stdenv.mkDerivation;
+  #   callPackage = self.newScope { inherit (self) qtCompatVersion qtModule srcs; inherit (final) stdenv; };
+  # });
 
   # fixes: "ar: command not found"
   # `ar` is provided by bintools
@@ -971,34 +982,106 @@ in {
   #     inherit (emulated.qt5) qtModule;
   #   };
   # });
-  # qt6 = prev.qt6.overrideScope' (self: super: {
-  #   # inherit (emulated.qt6) qtModule;
-  #   qtbase = super.qtbase.overrideAttrs (upstream: {
-  #     # cmakeFlags = upstream.cmakeFlags ++ lib.optionals (final.stdenv.buildPlatform != final.stdenv.hostPlatform) [
-  #     cmakeFlags = upstream.cmakeFlags ++ lib.optionals (final.stdenv.buildPlatform != final.stdenv.hostPlatform) [
-  #       # "-DCMAKE_CROSSCOMPILING=True" # fails to solve QT_HOST_PATH error
-  #       "-DQT_HOST_PATH=${final.buildPackages.qt6.full}"
-  #     ];
-  #   });
-  #   qtModule = args: (super.qtModule args).overrideAttrs (upstream: {
-  #     # the nixpkgs comment about libexec seems to be outdated:
-  #     # it's just that cross-compiled syncqt.pl doesn't get its #!/usr/bin/env shebang replaced.
-  #     preConfigure = lib.replaceStrings
-  #       ["${lib.getDev self.qtbase}/libexec/syncqt.pl"]
-  #       ["perl ${lib.getDev self.qtbase}/libexec/syncqt.pl"]
-  #       upstream.preConfigure;
-  #   });
-  #   # qtwayland = super.qtwayland.overrideAttrs (upstream: {
-  #   #   preConfigure = "fixQtBuiltinPaths . '*.pr?'";
-  #   # });
-  #   # qtwayland = super.qtwayland.override {
-  #   #   inherit (self) qtbase;
-  #   # };
-  #   # qtbase = super.qtbase.override {
-  #   #   # fixes: "You need to set QT_HOST_PATH to cross compile Qt."
-  #   #   inherit (emulated) stdenv;
-  #   # };
-  # });
+  qt5 = emulated.qt5.overrideScope' (self: super: {
+    # emulate all the qt5 packages, but rework `libsForQt5.callPackage` and `mkDerivation`
+    # to use non-emulated stdenv by default.
+    mkDerivation = self.mkDerivationWith final.stdenv.mkDerivation;
+    callPackage = self.newScope { inherit (self) qtCompatVersion qtModule srcs; inherit (final) stdenv; };
+  });
+  qt6 = prev.qt6.overrideScope' (self: super: {
+    # # inherit (emulated.qt6) qtModule;
+    # qtbase = super.qtbase.overrideAttrs (upstream: {
+    #   # cmakeFlags = upstream.cmakeFlags ++ lib.optionals (final.stdenv.buildPlatform != final.stdenv.hostPlatform) [
+    #   cmakeFlags = upstream.cmakeFlags ++ lib.optionals (final.stdenv.buildPlatform != final.stdenv.hostPlatform) [
+    #     # "-DCMAKE_CROSSCOMPILING=True" # fails to solve QT_HOST_PATH error
+    #     "-DQT_HOST_PATH=${final.buildPackages.qt6.full}"
+    #   ];
+    # });
+    # qtModule = args: (super.qtModule args).overrideAttrs (upstream: {
+    #   # the nixpkgs comment about libexec seems to be outdated:
+    #   # it's just that cross-compiled syncqt.pl doesn't get its #!/usr/bin/env shebang replaced.
+    #   preConfigure = lib.replaceStrings
+    #     ["${lib.getDev self.qtbase}/libexec/syncqt.pl"]
+    #     ["perl ${lib.getDev self.qtbase}/libexec/syncqt.pl"]
+    #     upstream.preConfigure;
+    # });
+    # # qtwayland = super.qtwayland.overrideAttrs (upstream: {
+    # #   preConfigure = "fixQtBuiltinPaths . '*.pr?'";
+    # # });
+    # # qtwayland = super.qtwayland.override {
+    # #   inherit (self) qtbase;
+    # # };
+    # # qtbase = super.qtbase.override {
+    # #   # fixes: "You need to set QT_HOST_PATH to cross compile Qt."
+    # #   inherit (emulated) stdenv;
+    # # };
+
+    qtwebengine = super.qtwebengine.overrideAttrs (upstream: {
+      # depsBuildBuild = upstream.depsBuildBuild or [] ++ [ final.pkg-config ];
+      # XXX: qt seems to use its own terminology for "host" and "target":
+      # - <https://www.qt.io/blog/qt6-development-hosts-and-targets>
+      # - "host" = machine invoking the compiler
+      # - "target" = machine on which the resulting qtwebengine.so binaries will run
+      # XXX: NIX_CFLAGS_COMPILE_<machine> is how we get the `-isystem <dir>` flags.
+      #      probably we shouldn't blindly copy these from host machine to build machine,
+      #      as the headers could reasonably make different assumptions.
+      preConfigure = upstream.preConfigure + ''
+        # export PKG_CONFIG_HOST="$PKG_CONFIG"
+        export PKG_CONFIG_HOST="$PKG_CONFIG_FOR_BUILD"
+        # expose -isystem <zlib> to x86 builds
+        export NIX_CFLAGS_COMPILE_x86_64_unknown_linux_gnu="$NIX_CFLAGS_COMPILE"
+        export NIX_LDFLAGS_x86_64_unknown_linux_gnu="-L${final.buildPackages.zlib}/lib"
+      '';
+      patches = upstream.patches or [] ++ [
+        # ./qtwebengine-host-pkg-config.patch
+        # alternatively, look at dlopenBuildInputs
+        ./qtwebengine-host-cc.patch
+      ];
+      # patch the qt pkg-config script to show us more debug info
+      postPatch = upstream.postPatch or "" + ''
+        sed -i s/options.debug/True/g src/3rdparty/chromium/build/config/linux/pkg-config.py
+      '';
+      nativeBuildInputs = upstream.nativeBuildInputs ++ [
+        final.bintools-unwrapped  # for readelf
+        final.buildPackages.cups  # for cups-config
+        final.buildPackages.fontconfig
+        final.buildPackages.glib
+        final.buildPackages.harfbuzz
+        final.buildPackages.icu
+        final.buildPackages.libjpeg
+        final.buildPackages.libpng
+        final.buildPackages.libwebp
+        final.buildPackages.nss
+        # final.gcc-unwrapped.libgcc  # for libgcc_s.so
+        final.buildPackages.zlib
+      ];
+      depsBuildBuild = upstream.depsBuildBuild or [] ++ [ final.pkg-config ];
+      # buildInputs = upstream.buildInputs ++ [
+      #   final.gcc-unwrapped.libgcc  # for libgcc_s.so. this gets loaded during build, suggesting i surely messed something up
+      # ];
+      # buildInputs = upstream.buildInputs ++ [
+      #   final.gcc-unwrapped.libgcc
+      # ];
+      # nativeBuildInputs = upstream.nativeBuildInputs ++ [
+      #   final.icu
+      # ];
+      # buildInputs = upstream.buildInputs ++ [
+      #   final.icu
+      # ];
+      # env.NIX_DEBUG="1";
+      # env.NIX_DEBUG="7";
+      # cmakeFlags = lib.remove "-DQT_FEATURE_webengine_system_icu=ON" upstream.cmakeFlags;
+      cmakeFlags = upstream.cmakeFlags ++ lib.optionals (final.stdenv.hostPlatform != final.stdenv.buildPlatform) [
+        # "--host-cc=${final.buildPackages.stdenv.cc}/bin/cc"
+        # "--host-cxx=${final.buildPackages.stdenv.cc}/bin/c++"
+        # these are my own vars, used by my own patch
+        "-DCMAKE_HOST_C_COMPILER=${final.buildPackages.stdenv.cc}/bin/gcc"
+        "-DCMAKE_HOST_CXX_COMPILER=${final.buildPackages.stdenv.cc}/bin/g++"
+        "-DCMAKE_HOST_AR=${final.buildPackages.stdenv.cc}/bin/ar"
+        "-DCMAKE_HOST_NM=${final.buildPackages.stdenv.cc}/bin/nm"
+      ];
+    });
+  });
 
   rmlint = prev.rmlint.override {
     # fixes "Checking whether the C compiler works... no"

overlays/qtwebengine-host-cc.patch

@@ -0,0 +1,35 @@
+diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
+index 771446ece..c20da0d56 100644
+--- a/src/CMakeLists.txt
++++ b/src/CMakeLists.txt
+@@ -172,7 +172,11 @@ if(CMAKE_CROSSCOMPILING AND NOT IOS AND NOT MACOS)
+         CMAKE_ARGS -DCMAKE_TOOLCHAIN_FILE=${QT_HOST_PATH}/lib/cmake/Qt6/qt.toolchain.cmake
+                    -DWEBENGINE_ROOT_BUILD_DIR=${PROJECT_BINARY_DIR}
+                    -DWEBENGINE_ROOT_SOURCE_DIR=${WEBENGINE_ROOT_SOURCE_DIR}
+-                   -DGN_TARGET_CPU=${TEST_architecture_arch}
++                   -DGN_TARGET_CPU=${CMAKE_HOST_SYSTEM_PROCESSOR}
++                   -DCMAKE_C_COMPILER=${CMAKE_HOST_C_COMPILER}
++                   -DCMAKE_CXX_COMPILER=${CMAKE_HOST_CXX_COMPILER}
++                   -DCMAKE_AR=${CMAKE_HOST_AR}
++                   -DCMAKE_NM=${CMAKE_HOST_NM}
+                    -DCMAKE_C_FLAGS=
+                    -DCMAKE_CXX_FLAGS=
+                    -DQT_FEATURE_qtwebengine_build=${QT_FEATURE_qtwebengine_build}
+diff --git a/src/host/CMakeLists.txt b/src/host/CMakeLists.txt
+index 2b92ebe85..e2ff58b35 100644
+--- a/src/host/CMakeLists.txt
++++ b/src/host/CMakeLists.txt
+@@ -22,11 +22,11 @@ project(QtWebEngineConfigure
+ find_package(Qt6 ${PROJECT_VERSION} CONFIG REQUIRED COMPONENTS BuildInternals Core)
+ 
+ set(buildDir ${CMAKE_CURRENT_BINARY_DIR})
+-configure_gn_toolchain(host ${TEST_architecture_arch} ${TEST_architecture_arch}
++configure_gn_toolchain(host ${CMAKE_HOST_SYSTEM_PROCESSOR} ${CMAKE_HOST_SYSTEM_PROCESSOR}
+     ${WEBENGINE_ROOT_SOURCE_DIR}/src/host/BUILD.toolchain.gn.in
+     ${buildDir}/host_toolchain
+ )
+-get_v8_arch(GN_V8_HOST_CPU ${GN_TARGET_CPU} ${TEST_architecture_arch})
++get_v8_arch(GN_V8_HOST_CPU ${GN_TARGET_CPU} ${CMAKE_HOST_SYSTEM_PROCESSOR})
+ configure_gn_toolchain(v8 ${GN_V8_HOST_CPU} ${GN_TARGET_CPU}
+     ${WEBENGINE_ROOT_SOURCE_DIR}/src/host/BUILD.toolchain.gn.in
+     ${buildDir}/v8_toolchain)

overlays/qtwebengine-host-pkg-config.patch

@@ -0,0 +1,14 @@
+diff --git a/cmake/Functions.cmake b/cmake/Functions.cmake
+index 03d19992f..5ce54ca9d 100644
+--- a/cmake/Functions.cmake
++++ b/cmake/Functions.cmake
+@@ -720,9 +720,6 @@ endfunction()
+ function(create_pkg_config_wrapper wrapperName wrapperCmd)
+     file(WRITE ${wrapperName}
+         "#!/bin/sh\n"
+-        "unset PKG_CONFIG_LIBDIR\n"
+-        "unset PKG_CONFIG_PATH\n"
+-        "unset PKG_CONFIG_SYSROOT_DIR\n"
+         "exec ${wrapperCmd} \"$@\""
+     )
+     file(CHMOD ${wrapperName} PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE)

pkgs/additional/jellyfin-media-player-qt6/0003-qt6-components-webengine.patch

@@ -0,0 +1,14 @@
+diff --git a/CMakeModules/QtConfiguration.cmake b/CMakeModules/QtConfiguration.cmake
+index d74a484..fb678ad 100644
+--- a/CMakeModules/QtConfiguration.cmake
++++ b/CMakeModules/QtConfiguration.cmake
+@@ -53,8 +53,7 @@ foreach(COMP ${components})
+   find_package(Qt6 REQUIRED COMPONENTS Gui)
+   find_package(Qt6 REQUIRED COMPONENTS Quick)
+   find_package(Qt6 REQUIRED COMPONENTS Widgets)
+-  find_package(Qt6 REQUIRED COMPONENTS WebEngineQuick)
+-  find_package(Qt6 REQUIRED COMPONENTS WebEngineCore)
++  find_package(Qt6 REQUIRED COMPONENTS WebEngine)
+   find_package(Qt6 REQUIRED COMPONENTS OpenGL)
+   find_package(Qt6 REQUIRED COMPONENTS DBus)
+ 

pkgs/additional/jellyfin-media-player-qt6/default.nix

@@ -1,4 +1,5 @@
 { lib
+, buildPackages
 , cmake
 , fetchFromGitHub
 , jellyfin-media-player
@@ -27,6 +28,7 @@
   patches = (builtins.tail upstream.patches) ++ [
     ./0001-fix-web-path.patch
     ./0002-qt6-build-fixes.patch
+    # ./0003-qt6-components-webengine.patch
   ];
   buildInputs = [
     SDL2
@@ -39,6 +41,7 @@
     qt6.qtwebchannel
     qt6.qtwebengine
     # qtx11extras
+    qt6.qt5compat  #< new
   ] ++ lib.optionals stdenv.isLinux [
     qt6.qtwayland
   ];
@@ -49,15 +52,15 @@
     pkg-config
     python3
 
-    # new packages which weren't needed before
-    qt6.wrapQtAppsHook  # replaces the implicit qt5 version
-    qt6.qt5compat
+    qt6.wrapQtAppsHook  #< new: libsForQt5.callPackage implicitly adds the qt5 wrapQtAppsHook
   ];
 
   cmakeFlags = [
     "-DCMAKE_BUILD_TYPE=Release"
     "-DQTROOT=${qt6.qtbase}"
     "-GNinja"
+    # "-DQT_DEBUG_FIND_PACKAGE=ON"
+    # "--debug-find-pkg=Qt6WebEngineQuick"
   ];
 
   meta = upstream.meta // {

pkgs/additional/sane-scripts/src/sane-bt-search

@@ -10,6 +10,7 @@ returns select results and magnet links
 
 from dataclasses import dataclass
 from datetime import datetime
+import logging
 import json
 import natsort
 import requests
@@ -23,6 +24,8 @@ ENDPOINTS = dict(
 
 epoch = datetime(1970, 1, 1)
 
+logger = logging.getLogger(__name__)
+
 def try_parse_time(t: str):
     try:
         return datetime.fromisoformat(t)
@@ -44,10 +47,15 @@ class Torrent:
     size: int
     tracker: str
     title: str
-    magnet: str
+    magnet: "Optional[str]"
+    http_dl_uri: "Optional[str]"  # probably a .torrent file but it COULD be a referral to a magnet:// URI
 
     def __str__(self) -> str:
-        return f"{self.seeders}[S]\t{self.pub_date}\t{self.mib}M\t{self.tracker}\t{self.title}\t{self.magnet}"
+        return f"{self.seeders}[S]\t{self.pub_date}\t{self.mib}M\t{self.tracker}\t{self.title}\n\t{self.dl_uri}"
+
+    @property
+    def dl_uri(self) -> str:
+        return self.magnet or self.http_dl_uri
 
     @property
     def mib(self) -> int:
@@ -55,15 +63,32 @@ class Torrent:
 
     @staticmethod
     def from_dict(d: dict) -> 'Torrent':
+        logger.debug(f"Torrent.from_dict: fields: { ' '.join(d.keys()) }")
+        for k, v in d.items():
+            if k not in ("Seeders", "PublishDate", "Size", "Tracker", "Title", "MagnetUri", "Guid", "Link") and \
+                    v != None and v != "" and v != [] and v != {}:
+                logger.debug(f"  {k} = {v}")
+
         seeders = d.get("Seeders")
         pub_date = d.get("PublishDate")
         size = d.get("Size")
         tracker = d.get("Tracker")
         title = d.get("Title")
-        magnet = d.get("MagnetUri")
-        if seeders is not None and pub_date is not None and title is not None and magnet is not None:
+        magnet = d.get("MagnetUri") or d.get("Guid")
+        http_dl_uri = d.get("Link")
+
+        if magnet and not magnet.startswith("magnet:"):
+            logger.info(f"invalid magnet: {magnet}")
+            magnet = None
+
+        # jackett returns bad DL URIs because it doesn't know its public URI
+        firewalled_host = "http://10.0.1.6:9117/"
+        if http_dl_uri and http_dl_uri.startswith(firewalled_host):
+            http_dl_uri = SERVICE + "/" + http_dl_uri[len(firewalled_host):]
+
+        if seeders is not None and pub_date is not None and title is not None and (magnet is not None or http_dl_uri is not None):
             pub_date = parse_time(pub_date)
-            return Torrent(seeders, pub_date, size, tracker, title, magnet)
+            return Torrent(seeders, pub_date, size, tracker, title, magnet, http_dl_uri)
 
     def to_dict(self) -> dict:
         return dict(
@@ -99,9 +124,11 @@ class Client:
 
 def parse_args(args: list) -> dict:
     options = dict(
+        top="5",
         full=False,
         query="",
         json=False,
+        verbose=False,
     )
     while args:
         arg = args[0]
@@ -119,9 +146,14 @@ def parse_args(args: list) -> dict:
     return options
 
 def main(args: list):
+    logging.basicConfig()
     options = parse_args(args)
+
+    if options["verbose"]:
+        logging.getLogger().setLevel(logging.DEBUG)
+
     query = options["query"]
-    num_listings = 100 if options["full"] else 5
+    num_listings = 1000 if options["full"] else int(options["top"])
     client = Client()
     res = client.query(query)
     if options["json"]:

pkgs/additional/sxmo-utils/customization/configs/default_hooks/sxmo_hook_start.sh

@@ -52,3 +52,6 @@ superctl start sxmo_notificationmonitor
 
 # monitor for headphone for statusbar
 superctl start sxmo_soundmonitor
+
+# rotate UI based on physical display angle by default
+sxmo_daemons.sh start autorotate sxmo_autorotate.sh