Updated ACME and nginx configurations to replace "internal.hoyer.world" with "openwebui.hoyer.world". This ensures correct routing and certificate management for the updated domain.
Adjusted the parameter formatting in `acme.nix` and `nginx.nix` for better readability and consistency. The changes include standardizing the indentation and spacing for multiline declarations.
Add ports 80 and 443 to the list of allowed TCP ports in the firewall configuration. This change ensures that HTTP and HTTPS traffic can pass through, which is essential for web services to operate correctly.
Change the sopsFile path in acme.nix to point to the sgx directory instead of hetzner to ensure the correct configuration file is referenced. Added a new encrypted secrets file specific to the sgx directory to maintain security and confidentiality.
Convert the port value to a string in nginx configuration to ensure correct proxyPass functionality. This change prevents potential runtime errors when using numeric port values directly in the proxyPass directive.
Introduce the `config` argument to the SGX NGINX module to enhance configurability and integration. This change allows for more flexible usage of configurations that may rely on system-level settings. It prepares the NGINX module for more complex future modifications or integrations.
Update the OLLAMA_API_BASE_URL to ensure proper resolution with the full domain name `m4.fritz.box`. This change ensures that the API endpoint is correctly accessible within the network.
Added the `openFirewall` option set to true in the SGX OpenWebUI configuration. This change ensures that firewall rules are adjusted to allow access to the configured port. This enhances accessibility and simplifies setup for users.
Corrected the spelling of "environment" from "enviroment" in the OpenWebUI configuration file. This change ensures the configuration is correctly interpreted, avoiding potential issues with environment variable settings.
Introduce a new NixOS configuration for the OpenWebUI service, enabling it by default on port 8080. The setup includes environment settings to disable telemetry and authentication, and it adds the openwebui.nix to the system modules.
Refactor various NixOS and home-manager configurations to improve consistency and readability. Correct naming inconsistencies, ensure proper indentation, and restructure Samba settings for better clarity and maintainability.
Updated Avahi service configuration to support both IPv4 and IPv6 addressing. This change includes enabling nssmdns4 and nssmdns6, along with setting ipv4 and ipv6 to true.
Enabled the Syncthing service in the fileserver configuration. Set the user to 'harald' and specified directories for data and configuration.
Signed-off-by: Harald Hoyer <harald@hoyer.xyz>
This commit updates the allowed TCP port for networking in the SGX configuration file. Instead of hardcoding the port number, it now uses the port specified in the netatalk configuration. This change enables more flexibility in port assignment and reduces potential conflicts.
This commit includes a new lid switch configuration for the logind service within the SGX default configuration file. The lid switch has been set to "ignore", enhancing control over system behaviors upon lid actions.
This commit updates the hardware configuration for SGX systems. We have configured the available kernel modules list to include TPM-related modules. Also, unnecessary TPM2 security settings have been removed to clean up the configuration file.
The commit turns on the TPM2 security feature and its associated Access Broker and Resource Manager daemon (abrmd) in the hardware configuration for the x86_64-linux SGX system. This action, represented by changing the respective entries from false to true, enhances the security of this system configuration.
Harald Hoyer