- Set `security.sudo.wheelNeedsPassword` to `false` in `default.nix`.
- Simplifies sudo access for users in the wheel group and aligns with system usage patterns.
- Set `networking.dhcpcd.IPv6rs` to `true` in `default.nix` to support IPv6 router solicitation.
- Ensures better compatibility with networks requiring IPv6 RA for configuration.
- Remove the ESP partition configuration in `disko.nix` as it’s unnecessary for legacy BIOS setups.
- Enable GRUB bootloader and disable EFI settings in `default.nix` for compatibility with Hetzner cloud instances.
- Switch disk device from `/dev/vda` to `/dev/sda` for compatibility.
- Add S3 storage configuration with bucket, region, and endpoint.
- Update system state version from `24.05` to `25.11`.
- Remove unused imports and clean up redundant attributes.
Runs on sgx so alerts (via Gmail) still work even if mx is down.
Available at https://status.hoyer.world behind nginx with ACME cert.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add configurable ntfy options (tokenFile, url, topic) to the shared
emailOnFailure module. When tokenFile is set, a ntfy-failure@ template
service is added alongside the existing email notifications. Systems
without ntfy configured are unaffected.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Disk check scripts now send ntfy alerts in addition to email
- New ntfy-failure@ template service notifies on any systemd service failure
- Uses sops-managed token for ntfy authentication
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Self-hosted at ntfy.hoyer.xyz with deny-all default access.
After deploying, create a user with: ntfy user add --role=admin harald
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Temporary upgrade script following the official NixOS procedure.
Run `upgrade-pg-cluster --jobs 4 --link` on the server, then switch
the package to postgresql_16 and remove the script.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The check_root service incorrectly used '/boot Disk Space Alert' as
the email subject instead of '/ Disk Space Alert'. Also merged the
duplicate systemd.services and systemd.timers attribute sets.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Enable ManageSieve in Dovecot (port 4190) and add the managesieve
plugin to Roundcube for managing Sieve filter rules via webmail.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Added a module to configure WezTerm with an enable option and system package inclusion.
- Enabled WezTerm for aarch64-darwin systems and updated base system packages.
- Improves terminal experience by integrating WezTerm into the Darwin configurations.
- Included `opencode` in the `packages` list for both HALO and AMD system configurations.
- Improves development environment by providing additional tooling.
- Allowed inbound TCP traffic on port 1234 by updating firewall rules.
- Enhances connectivity for the HALO system without altering existing configurations.
- Set `pkiBundle` in `secureboot` to use `mkDefault` for better configurability.
- Added kernel parameters for HALO, improving performance and boot customization.
- Configured ROCm symlink and switched HALO to `linuxPackages_latest`.
- Added system configuration for the HALO machine, including hardware, sound, and remapping settings.
- Configured user-specific settings like session paths, favorite apps, and terminal customization.
- Introduced zram swap, SSD TRIM, and PipeWire priority tuning for performance optimization.
- Introduced `sound.nix` to manage audio device priorities using PipeWire's WirePlumber configuration.
- Linked `sound.nix` to `default.nix` for streamlined system audio customization.
- Ensures defined priority levels for HDMI, USB microphones, and SPDIF outputs.
- Added `html`, `json`, and `rss` to the `search.formats` list in `searx.nix`.
- Enhances flexibility by allowing multiple output formats for search results.
- Moved Searx-related settings from `default.nix` and `nginx.nix` to a dedicated `searx.nix` module for improved modularity and maintainability.
- Updated references and ACME certificate configuration to align with the new structure.
- Simplifies management of Searx service and its associated secrets.
- Added a new Sops secret for `searx/secret_key` with a corresponding configuration path.
- Updated Searx settings to include the `secret_key` reference.
- Ensures secure integration of secret management with Searx service.
