Fix NixOS hash update to use local tarball

Use local tarball hash instead of downloading to avoid race condition where download happens before upload completes

.gitea/workflows/release.yml

@@ -93,19 +93,14 @@ jobs:
         run: |
           VERSION="${{ steps.version.outputs.VERSION }}"
 
+          # Get hash from the local tarball (already built)
+          NEW_HASH=$(sha256sum release/cm-player-linux-x86_64.tar.gz | cut -d' ' -f1)
+          NIX_HASH="sha256-$(python3 -c "import base64, binascii; print(base64.b64encode(binascii.unhexlify('$NEW_HASH')).decode())")"
+
           # Clone nixosbox repository
           git clone https://$GITEA_TOKEN@gitea.cmtec.se/cm/nixosbox.git nixosbox-update
           cd nixosbox-update
 
-          # Get hash for the new release tarball
-          TARBALL_URL="https://gitea.cmtec.se/cm/cm-player/releases/download/$VERSION/cm-player-linux-x86_64.tar.gz"
-
-          # Download tarball to get correct hash
-          curl -L -o cm-player.tar.gz "$TARBALL_URL"
-          # Convert sha256 hex to base64 for Nix hash format using Python
-          NEW_HASH=$(sha256sum cm-player.tar.gz | cut -d' ' -f1)
-          NIX_HASH="sha256-$(python3 -c "import base64, binascii; print(base64.b64encode(binascii.unhexlify('$NEW_HASH')).decode())")"
-
           # Update the NixOS configuration
           sed -i "s|version = \"v[^\"]*\"|version = \"$VERSION\"|" hosts/common/cm-player.nix
           sed -i "s|sha256 = \"sha256-[^\"]*\"|sha256 = \"$NIX_HASH\"|" hosts/common/cm-player.nix