Set higher limits for `fs.inotify.max_user_instances` and `fs.inotify.max_user_watches` in the kernel sysctl configuration. This improves system monitoring capabilities, particularly for applications relying on inotify.
Include 'uv' in the x1 system default packages to extend functionality. This change ensures 'uv' is readily available for use without additional setup.
Reformatted the hardware configuration file for improved clarity and organization. Consolidated nested attributes and adjusted formatting to align with best practices.
Removed comment clutter and streamlined the configuration for better readability and maintenance. Ensured the sops secrets and ACME certificate handling remain functional.
Removed unused arguments (pkgs, lib, config) from the fileserver.nix file to streamline the function signature. This enhances code readability and eliminates redundant parameters.
Added devices "m4" and "x1" along with updating folder configurations to include "x1" in the devices list. Included commented-out Syncthing settings for future use in the x1 default configuration.
Ensure proper service execution by adding mount dependencies to systemd services. This guarantees that required file systems are available before the services start.
Updated the Nextcloud package from version 30 to 31. This ensures access to the latest features and improvements while maintaining compatibility with the system configuration.
Re-enabled the default vscode package and commented out the custom vscode-with-extensions override. This simplifies the configuration by relying on the standard vscode setup.
Introduce VSCode configuration and integrate roo-cline extension. This includes adding roo-cline to vscode extensions and setting up metadata for its marketplace details.
Introduce encrypted secrets and SOPS configuration for the x1 system. Update SSH and related services to utilize these secrets and modify flake.lock to align with the latest dependencies.
- Added `goose-cli` package definition and metadata in `unstable` overlay.
- Updated `default.nix` under `aarch64-darwin` to include `goose-cli` in system packages.
- Removed commented out packages and cleaned up unused lines for better clarity and maintainability.
Introduced `claude-desktop-with-fhs` package by adding the `claude` flake to the inputs. Updated the system configuration and overlays to integrate the new package for usage.
- Created a `limits` module to centralize system limit configurations.
- Replaced inlined user and systemd limits with the new module on aarch64 and x86_64 platforms.
- Simplifies maintenance and ensures consistency across configurations.
- Enable Ollama API by setting `ENABLE_OLLAMA_API` to true.
- Disable OpenAI API by setting `ENABLE_OPENAI_API` to false.
This improves control over API usage and ensures proper configuration.
- Change OpenWebUI host binding from 0.0.0.0 to 127.0.0.1 for security.
- Consolidate ACME certificates under internal.hoyer.world with extra domain names.
- Update Nginx virtual hosts to use the unified ACME host internal.hoyer.world.
Added Logseq to the system packages for productivity tools. Permitted the insecure Electron 27.3.11 package to bypass restrictions for compatibility needs.
Reformatted configuration files for better readability and consistency. Updated lock file dependencies to the latest revisions, ensuring compatibility and performance improvements.
Renamed folders in the fileserver configuration for improved clarity and alignment with naming conventions. Adjustments ensure better organization and functionality in the SGX environment.
Commented out DNSSEC configuration and single-label resolution in systemd-resolved. This change disables custom DNS behavior to potentially align with default system behavior or compatibility requirements.
Added configuration for Syncthing devices and shared folders, enabling synchronization between specific devices. Adjusted the structure for better clarity and maintainability.
Updated the relay host for RustDesk server from "mx.surfsite.org" to "rustdesk.hoyer.world". This ensures the service uses the new designated host for signal relay.
Enabled `forceSSL` for the RustDesk nginx configuration to ensure secure connections. Replaced `proxyPass` with detailed `extraConfig` to include necessary headers and support for WebSocket connections.
Moved rustdesk-server settings from `default.nix` to a dedicated module `rustdesk.nix`. This improves configuration structure and ensures better modularity for maintainability.
Added `relayHosts` configuration to rustdesk-server to specify the relay host `mx.surfsite.org`. This ensures proper routing and connectivity for the RustDesk service.
- Enabled LLMNR to allow link-local name resolution.
- Enabled MulticastDNS to support service discovery and hostname resolution within local networks.
- Enabled LLMNR to allow link-local name resolution.
- Enabled MulticastDNS to support service discovery and hostname resolution within local networks.
- Enable systemd-resolved and configure DNSSEC with downgrade option.
- Add extra configuration to allow resolving unicast single-label names.
This improves DNS handling and ensures compatibility for SGX setup.
Previously, the `insecureSkipHostcheck` option was incorrectly placed under `settings.options`. This update moves it to the correct path under `settings.gui` to ensure proper configuration behavior.
Adjusts the `insecureSkipHostcheck` setting to align with the proper configuration structure. This resolves a misconfiguration issue in the SGX fileserver Nix file.
Added `insecureSkipHostcheck` option to Syncthing configuration to bypass host verification for the GUI. This can simplify local testing but may introduce security risks if used improperly.
Replaced `proxyWebsockets` with `recommendedProxySettings` for enhanced configurability and alignment with best practices. This improves maintainability and future compatibility of the nginx configuration.
Added Syncthing support with proxy and SSL in nginx and updated ACME certs configuration. Adjusted Syncthing GUI to bind to localhost for improved security.
Enabled `proxyWebsockets` for the nginx reverse proxy configuration to support websocket connections. This ensures compatibility with services requiring websocket communication.
Updated the base URL to align with the current local network setup. This ensures proper connectivity and functionality within the specified environment.
Changed the API base URL from "m4.fritz.box" to "m4.local" for consistency and compatibility within the local network. This ensures better alignment with standard local domain naming practices.
Harald Hoyer