- Enabled LLMNR to allow link-local name resolution.
- Enabled MulticastDNS to support service discovery and hostname resolution within local networks.
- Enabled LLMNR to allow link-local name resolution.
- Enabled MulticastDNS to support service discovery and hostname resolution within local networks.
- Enable systemd-resolved and configure DNSSEC with downgrade option.
- Add extra configuration to allow resolving unicast single-label names.
This improves DNS handling and ensures compatibility for SGX setup.
Previously, the `insecureSkipHostcheck` option was incorrectly placed under `settings.options`. This update moves it to the correct path under `settings.gui` to ensure proper configuration behavior.
Adjusts the `insecureSkipHostcheck` setting to align with the proper configuration structure. This resolves a misconfiguration issue in the SGX fileserver Nix file.
Added `insecureSkipHostcheck` option to Syncthing configuration to bypass host verification for the GUI. This can simplify local testing but may introduce security risks if used improperly.
Replaced `proxyWebsockets` with `recommendedProxySettings` for enhanced configurability and alignment with best practices. This improves maintainability and future compatibility of the nginx configuration.
Added Syncthing support with proxy and SSL in nginx and updated ACME certs configuration. Adjusted Syncthing GUI to bind to localhost for improved security.
Enabled `proxyWebsockets` for the nginx reverse proxy configuration to support websocket connections. This ensures compatibility with services requiring websocket communication.
Updated the base URL to align with the current local network setup. This ensures proper connectivity and functionality within the specified environment.
Changed the API base URL from "m4.fritz.box" to "m4.local" for consistency and compatibility within the local network. This ensures better alignment with standard local domain naming practices.
- Added `libvirt`, `dnsmasq`, `virt-manager`, and `qemu` to the `pkgs` list.
- These tools enhance virtualization capabilities on aarch64-darwin systems.
Introduced hardware and system configurations for the aarch64 NixOS system. Includes hardware setup, base system packages, and enabling key services such as Docker and Podman. This establishes the foundation for managing ARM-based systems.
Updated ACME and nginx configurations to replace "internal.hoyer.world" with "openwebui.hoyer.world". This ensures correct routing and certificate management for the updated domain.
This commit adds Alacritty and iTerm2 to the system configuration for aarch64-darwin. These changes enhance terminal options, improving flexibility and usability for developers.
Reformatted code blocks for better readability and consistency in Nextcloud and Darwin home configurations. No functional changes were made, ensuring existing behavior remains intact.
Add the `piper` package to the build and enable the `ratbagd` service for managing gaming mice. This enhances device compatibility and configuration options.
Include `config` in function parameters for better configurability. Removed unnecessary Nextcloud apps such as `files_texteditor`, `files_markdown`, `twofactor_backupcodes`, and `twofactor_totp` to streamline service setup.
Enhance Nextcloud setup by enabling additional applications such as calendar, contacts, and notes. This change improves the service's functionality and usability by integrating essential productivity tools directly into the Nextcloud environment.
Adjusted the parameter formatting in `acme.nix` and `nginx.nix` for better readability and consistency. The changes include standardizing the indentation and spacing for multiline declarations.
Add ports 80 and 443 to the list of allowed TCP ports in the firewall configuration. This change ensures that HTTP and HTTPS traffic can pass through, which is essential for web services to operate correctly.
Change the sopsFile path in acme.nix to point to the sgx directory instead of hetzner to ensure the correct configuration file is referenced. Added a new encrypted secrets file specific to the sgx directory to maintain security and confidentiality.
Convert the port value to a string in nginx configuration to ensure correct proxyPass functionality. This change prevents potential runtime errors when using numeric port values directly in the proxyPass directive.
Introduce the `config` argument to the SGX NGINX module to enhance configurability and integration. This change allows for more flexible usage of configurations that may rely on system-level settings. It prepares the NGINX module for more complex future modifications or integrations.
Update the OLLAMA_API_BASE_URL to ensure proper resolution with the full domain name `m4.fritz.box`. This change ensures that the API endpoint is correctly accessible within the network.
Added the `openFirewall` option set to true in the SGX OpenWebUI configuration. This change ensures that firewall rules are adjusted to allow access to the configured port. This enhances accessibility and simplifies setup for users.
Corrected the spelling of "environment" from "enviroment" in the OpenWebUI configuration file. This change ensures the configuration is correctly interpreted, avoiding potential issues with environment variable settings.
Introduce a new NixOS configuration for the OpenWebUI service, enabling it by default on port 8080. The setup includes environment settings to disable telemetry and authentication, and it adds the openwebui.nix to the system modules.
Change the working directory from `/root` to `/root/nixcfg` in the `nixos-upgrade` systemd service to ensure the correct configuration repository is used. This update prevents potential errors due to fetching and resetting in the wrong directory.
Include git in the `PATH` for the `nixos-upgrade` systemd service. This change ensures that the service can execute git commands during its operations. The path addition resolves issues related to unavailable git commands.
Harald Hoyer