This commit enhances the Nextcloud configuration by enabling previews for WEBP image files. It adds "OC\\Preview\\WEBP" to the list of supported preview formats.
Update coturn service configuration with new port ranges and enhanced security options. Also, add ACME support for certificate management and configure firewall to allow necessary ports.
Ensure the coturn static-auth-secret has the correct owner and specifies restart units. This enhances security by assigning ownership and improves reliability by ensuring relevant units restart when secrets change.
Add coturn service definition for x86_64-linux systems with static-auth-secret and additional settings for Nextcloud integration. Includes secrets management via `sops` and secure TLS configurations.
Removed unnecessary blank lines to improve readability and maintain consistency with the formatting guidelines. This change does not impact functionality but cleans up the code.
The indentation in the mailserver.nix file was fixed to follow proper syntax guidelines. This was a minor change, but it improves code readability and adherence to stylistic standards.
This commit adds a new email alias to the mailserver configuration. This new addition will allow emails sent to this address to be properly routed and received.
This commit updates the list of email aliases for various users in the mailserver configuration. It reorders existing aliases and introduces new ones, extending their visibility in different domains. This offers aliases under the hoyer.social and hoyer.world domains, enhancing flexibility for users.
This commit updates the certificate scheme configuration on the mailserver. The `certificateScheme` and `acmeCertificateName` have been added, and an unnecessary certificate reference in the `acme.nix` file has been deleted.
This commit removes the dnsProvider attribute ("internetbs") from four entries in the acme.nix file. These changes aim to reduce redundancy and maintain simplicity in the script.
This commit removes the dnsProvider property from the "varlink.org" configuration within the acme.nix file. This step contributes to system simplification and potential adaptability improvements.
Added "herward-hoyer.de" as a new domain in the acme.nix file. Set "internetbs" as the DNS provider and added "*.herward-hoyer.de" to the extra domain names.
The DNS provider has been changed from "internetbs" to "cloudflare". Moreover, configurations for multiple domains have been updated and expanded, including "mx.surfsite.org", "surfsite.org", "hartwin-hoyer.de", "varlink.org", "hoyer.xyz", and others.
A new DNS provider, Cloudflare, has been added to the configuration for domain "harald-hoyer.de" in the acme.nix file. This change will affect the handling of DNS requests for this domain.
The commit includes the addition of the "meike-hoyer.de" domain to the acme.nix file, using "cloudflare" as the DNS provider. This update enhances the system's domain coverage.
This update removes the myprivacy.tools domain from the configuration of the mailserver. As a result, no incoming or outgoing messages will be processed for this domain. Also, all email addresses related to myprivacy.tools were also removed.
The goaccess.nix import has been commented out in the mx/default.nix file. This change signifies that the goaccess feature is currently not being utilized or is under maintenance.
This commit updates the docker image URL for the nix runner in the forgejo.nix configuration. The new URL points to the image hosted at git.hoyer.xyz/harald/nix-runner:latest. This change is
This change updates the nginx configuration in the x86_64-linux system. It adds a new parameter, clientMaxBodySize, which is set to allow larger payloads of up to 100M, improving our capacity to handle bigger client requests.
This commit enables the host network mode setting for the forgejo-runner in the x86_64-linux/mx system. This change facilitates better network performance and easy communication with the host.
The Docker image reference for the "nix" key in the `systems/x86_64-linux/mx/forgejo.nix` file was updated. This change points to a more recent version of the image, "nix-runner:latest", to ensure our deployments are based on the latest state.
This commit adds a new runner image for the Nix environment. The "nix:docker://backslashhh/nix:latest" line has been included in the Forgejo configuration, allowing Gitea to use the latest Nix image in the runner.
This commit updates the runner labels in the forgejo.nix file. It changes the URL links for the runner images and specifies the version of Ubuntu to be used. The new labels reference the runner images from the gitea repository rather than Node.js images.
This commit introduces the configuration for the gitea-actions-runner service in the forgejo.nix file. It also includes adding a new encrypted yaml file for the runner token. The configurations set up instances and labels for different versions of Ubuntu.
Adjust default garbage collection intervals and retention periods. Set default GC to run weekly and retain 14 days on nixos module and to run daily and retain 7 days on the 64-linux module.
Signed-off-by: Harald Hoyer <harald@hoyer.xyz>
This update introduces a more efficient way for managing whitelisted domains in rspamd.nix. Instead of repeating the list of domains across multiple configurations, the domains are now defined only once in a dedicated variable. This improves the maintainability and readability of the code.
This commit simplifies the configuration of rspamd settings in x86_64-linux systems. It primarily involves restructuring of settings for 'settings.conf', 'spf_whitelist', 'spf_dkim_whitelist', 'dmarc_whitelist', and 'greylist-whitelist-domains'.
This commit introduces new whitelisted domains for SPFs, DKIMs, DMARCs and Greylists in the Rspamd configurations. It also adds new rules for incoming emails from bogensport-jugend@gmx.de, including disabling greylisting and specifying actions to apply.
This commit introduces new whitelisted domains for SPFs, DKIMs, DMARCs and Greylists in the Rspamd configurations. It also adds new rules for incoming emails from bogensport-jugend@gmx.de, including disabling greylisting and specifying actions to apply.
This commit introduces new whitelisted domains for SPFs, DKIMs, DMARCs and Greylists in the Rspamd configurations. It also adds new rules for incoming emails from bogensport-jugend@gmx.de, including disabling greylisting and specifying actions to apply.
This commit corrects the code's formatting in two parts:
1) It normalizes the indentation in the BindPaths block under aesmd_dcap/default.nix.
2) It also removes the extra space before "DE" in the default_phone_region setting in nextcloud.nix.
The primary change in this commit enables the Git program in the base/default service module. This marks a configuration alteration at the systems level, transferring the 'programs.git.enable' declaration from 'systems/x86_64-linux/mx/default.nix' to 'modules/nixos/services/base/default.nix'. We've undertaken this change for better structuring of our service configuration.
Move 'default_phone_region' setting to the proper place. The previous erroneous location of the following setting `default_phone_region` was fixed and moved under `settings` where the rest of the options reside. The configuration now aligns with the expected structure.
This commit adds a git safe directory to the system config. This is to ensure that the git configurations are securely stored in "/var/lib/gitea/repositories/harald/nixcfg.git".
This commit removes specific email addresses related to "meike-knutz.de" and "gerlinde-hoyer.de" in the mailserver configuration. It affects aliases, postmaster, and abuse sections of the configuration.
This commit removes the defaultPhoneRegion from the config section and sets it in the settings section in nextcloud.nix file. This reorganization improves the structure and readability of the configuration.
The Nextcloud package in the x86_64-linux system has been upgraded from version 28 to version 29. This update introduces the latest features, improvements, and security fixes from the Nextcloud project.
A new systemd service, `check_root`, has been added which checks disk usage of the root directory. If usage exceeds 85%, an email alert is sent. In addition to this service, a corresponding systemd timer is added to trigger this check daily.
This commit introduces a new systemd service that runs daily to check the disk usage of the /boot partition. If utilization exceeds a set threshold, it triggers a warning email. This will ensure prompt alerts on critically low boot disk space, helping in maintaining a stable system.
Harald Hoyer