- Renamed `setting.main` to `settings.main` in the Postfix module for consistency with configuration standards.
- Ensured proper functionality of service by aligning with expected key structure.
- Renamed and reorganized configuration keys for consistency (`settings` usage).
- Updated Postfix, systemd, and Syncthing configurations to adhere to the standardized format.
- Improved maintainability and readability of NixOS configurations.
- Enabled `services.gnome.gnome-remote-desktop` in the `x1` configuration.
- Removed an unused `lib` parameter in the `forgejo.nix` module.
- Updated the `home-manager` source in the `flake.lock` file with the latest revision and hash.
Switched from `forgejo-actions-runner` to `forgejo-runner` package for the gitea actions runner instance. This aligns with the updated package naming convention in the system configuration. The change ensures proper integration with the forgejo ecosystem and maintains consistency with the project's package structure.
- Introduced a new `wyoming.nix` file with service definitions for `faster-whisper` and `piper`.
- Enabled TCP ports `10200` and `10300` in the firewall for service communication.
- Updated SGX configuration to include `wyoming.nix` in system imports.
- Enabled `libvirtd` in virtualization settings to allow libvirt usage.
- Added `libvirtd` to `user.extraGroups` for better permissions and management.
- Reformatted `netatalk` service dependencies for readability.
- Updated `hosts allow` setting to include `100.64.0.` for enhanced network access control.
- Uncommented `rustdesk.nix` in MX system and added `rustdesk-flutter` to GUI services.
- Disabled `services.rustdesk-server.signal` on X1 system to align with updated settings.
- Added extra HTTP headers and security configurations in the Nginx proxy for Headscale.
- Improves websocket handling, security headers, and HTTPS redirection.
- Introduced OIDC settings in Headscale, including allowed domains, client ID, client secret path, and issuer.
- Enables support for OpenID Connect authentication.
- Included `headscale.nix` in the MX system configuration for VPN management.
- Added Nginx and ACME configuration to route traffic securely to Headscale.
- Ensures Headscale is enabled with required settings and packaged in the system.
- Added `services.tailscale.enable = true` to the configurations of SGX, MX, and X1 systems for VPN support.
- Improves secure connectivity and simplifies network management across these systems.
- Added OIDC app to Nextcloud with specific URL, SHA256, and license configuration for authentication support.
- Configured Nginx to redirect `.well-known/webfinger` to Nextcloud for improved compatibility.
- Updated Nextcloud settings to include `overwrite.cli.url` for proper URL handling.
- Changed `powerManagement.cpuFreqGovernor` from `ondemand` to `performance` for enhanced CPU performance.
- Aligns system configuration with performance optimization goals.
- Disabled `security.tpm2.enable` and `security.tpm2.abrmd.enable` options.
- Ensures TPM2-related services are not active on the system for this configuration.
- Added `emailOnFailure.enable` option to metacfg with a default of `false`.
- Enabled email notifications on failure for SGX and MX systems.
- Enhanced `systemd-email-notify` module to support the new configuration.
- Removed SGX-specific settings including `aesmd_dcap`, `sgx_default_qcnl.conf`, and `security.tpm2` configurations.
- Updated `system.stateVersion` and switched kernel modules to `kvm-amd`.
- Adjusted disk UUIDs and removed unused `/boot` filesystem definition.
- Introduced `supportedFeatures` to each builder for better control over build capabilities (`nixos-test`, `benchmark`, `big-parallel`, and `kvm` for SGX).
- Enabled `builders-use-substitutes` setting to optimize build efficiency.
- Replaced `programs.fish.loginShellInit` with `programs.fish.shellInit` for aligning key usage.
- Ensures proper Nix path initialization across fish shell sessions.
- Deleted `environment.shellInit` previously used for Nix path initialization in SSH sessions.
- Path initialization is now fully handled by `programs.fish.loginShellInit` for consistency across environments.
- Added `sshKey` field for all builder configurations in `nixbuild.nix` to standardize access keys.
- Replaced `programs.fish.shellInit` with `environment.shellInit` and introduced `programs.fish.loginShellInit` for improved Nix path initialization.
- Updated multiple Flake lockfile entries to the latest revisions for improved consistency with upstream changes.
- Removed redundant `sshKey` fields from builder configurations in `nixbuild.nix`.
- Added `Nix` path initialization for fish shell SSH sessions and refactored mouse bindings in `default.nix`.
- Moved shared distributed build settings to `nixbuild.nix` for reuse.
- Updated `m4` and `rialo` systems to import the centralized configuration.
- Simplifies maintenance and ensures consistency across systems.
- Set `boot.tmp.useTmpfs` to `false` in `x86_64-linux/sgx/default.nix`.
- Applied `lib.mkDefault` to `boot.tmp.useTmpfs` in `services/base/default.nix` for consistency.
