- Added `goose-cli` package definition and metadata in `unstable` overlay.
- Updated `default.nix` under `aarch64-darwin` to include `goose-cli` in system packages.
- Removed commented out packages and cleaned up unused lines for better clarity and maintainability.
Introduced `claude-desktop-with-fhs` package by adding the `claude` flake to the inputs. Updated the system configuration and overlays to integrate the new package for usage.
- Created a `limits` module to centralize system limit configurations.
- Replaced inlined user and systemd limits with the new module on aarch64 and x86_64 platforms.
- Simplifies maintenance and ensures consistency across configurations.
- Enable Ollama API by setting `ENABLE_OLLAMA_API` to true.
- Disable OpenAI API by setting `ENABLE_OPENAI_API` to false.
This improves control over API usage and ensures proper configuration.
- Change OpenWebUI host binding from 0.0.0.0 to 127.0.0.1 for security.
- Consolidate ACME certificates under internal.hoyer.world with extra domain names.
- Update Nginx virtual hosts to use the unified ACME host internal.hoyer.world.
Added Logseq to the system packages for productivity tools. Permitted the insecure Electron 27.3.11 package to bypass restrictions for compatibility needs.
Reformatted configuration files for better readability and consistency. Updated lock file dependencies to the latest revisions, ensuring compatibility and performance improvements.
Renamed folders in the fileserver configuration for improved clarity and alignment with naming conventions. Adjustments ensure better organization and functionality in the SGX environment.
Commented out DNSSEC configuration and single-label resolution in systemd-resolved. This change disables custom DNS behavior to potentially align with default system behavior or compatibility requirements.
Added configuration for Syncthing devices and shared folders, enabling synchronization between specific devices. Adjusted the structure for better clarity and maintainability.
Updated the relay host for RustDesk server from "mx.surfsite.org" to "rustdesk.hoyer.world". This ensures the service uses the new designated host for signal relay.
Enabled `forceSSL` for the RustDesk nginx configuration to ensure secure connections. Replaced `proxyPass` with detailed `extraConfig` to include necessary headers and support for WebSocket connections.
Moved rustdesk-server settings from `default.nix` to a dedicated module `rustdesk.nix`. This improves configuration structure and ensures better modularity for maintainability.
Added `relayHosts` configuration to rustdesk-server to specify the relay host `mx.surfsite.org`. This ensures proper routing and connectivity for the RustDesk service.
- Enabled LLMNR to allow link-local name resolution.
- Enabled MulticastDNS to support service discovery and hostname resolution within local networks.
- Enabled LLMNR to allow link-local name resolution.
- Enabled MulticastDNS to support service discovery and hostname resolution within local networks.
- Enable systemd-resolved and configure DNSSEC with downgrade option.
- Add extra configuration to allow resolving unicast single-label names.
This improves DNS handling and ensures compatibility for SGX setup.
Previously, the `insecureSkipHostcheck` option was incorrectly placed under `settings.options`. This update moves it to the correct path under `settings.gui` to ensure proper configuration behavior.
Adjusts the `insecureSkipHostcheck` setting to align with the proper configuration structure. This resolves a misconfiguration issue in the SGX fileserver Nix file.
Added `insecureSkipHostcheck` option to Syncthing configuration to bypass host verification for the GUI. This can simplify local testing but may introduce security risks if used improperly.
Replaced `proxyWebsockets` with `recommendedProxySettings` for enhanced configurability and alignment with best practices. This improves maintainability and future compatibility of the nginx configuration.
Added Syncthing support with proxy and SSL in nginx and updated ACME certs configuration. Adjusted Syncthing GUI to bind to localhost for improved security.
Enabled `proxyWebsockets` for the nginx reverse proxy configuration to support websocket connections. This ensures compatibility with services requiring websocket communication.
Updated the base URL to align with the current local network setup. This ensures proper connectivity and functionality within the specified environment.
Changed the API base URL from "m4.fritz.box" to "m4.local" for consistency and compatibility within the local network. This ensures better alignment with standard local domain naming practices.
- Added `libvirt`, `dnsmasq`, `virt-manager`, and `qemu` to the `pkgs` list.
- These tools enhance virtualization capabilities on aarch64-darwin systems.
Harald Hoyer