- Added global DNS nameservers configuration for headscale
- Included Cloudflare DNS servers (1.1.1.1, 1.0.0.1) and IPv6 addresses
- Added local DNS server (192.168.178.254) for internal resolution
- Added systemd service dependencies for gitea-runner-default
- Ensured nginx.service is required and started before gitea-runner-default
- Maintains proper service startup order for forgejo deployment
- Enabled `services.gnome.gnome-remote-desktop` in the `x1` configuration.
- Removed an unused `lib` parameter in the `forgejo.nix` module.
- Updated the `home-manager` source in the `flake.lock` file with the latest revision and hash.
Switched from `forgejo-actions-runner` to `forgejo-runner` package for the gitea actions runner instance. This aligns with the updated package naming convention in the system configuration. The change ensures proper integration with the forgejo ecosystem and maintains consistency with the project's package structure.
- Uncommented `rustdesk.nix` in MX system and added `rustdesk-flutter` to GUI services.
- Disabled `services.rustdesk-server.signal` on X1 system to align with updated settings.
- Added extra HTTP headers and security configurations in the Nginx proxy for Headscale.
- Improves websocket handling, security headers, and HTTPS redirection.
- Introduced OIDC settings in Headscale, including allowed domains, client ID, client secret path, and issuer.
- Enables support for OpenID Connect authentication.
- Included `headscale.nix` in the MX system configuration for VPN management.
- Added Nginx and ACME configuration to route traffic securely to Headscale.
- Ensures Headscale is enabled with required settings and packaged in the system.
- Added `services.tailscale.enable = true` to the configurations of SGX, MX, and X1 systems for VPN support.
- Improves secure connectivity and simplifies network management across these systems.
- Added OIDC app to Nextcloud with specific URL, SHA256, and license configuration for authentication support.
- Configured Nginx to redirect `.well-known/webfinger` to Nextcloud for improved compatibility.
- Updated Nextcloud settings to include `overwrite.cli.url` for proper URL handling.
- Added `emailOnFailure.enable` option to metacfg with a default of `false`.
- Enabled email notifications on failure for SGX and MX systems.
- Enhanced `systemd-email-notify` module to support the new configuration.
Removed comment clutter and streamlined the configuration for better readability and maintenance. Ensured the sops secrets and ACME certificate handling remain functional.
Updated the Nextcloud package from version 30 to 31. This ensures access to the latest features and improvements while maintaining compatibility with the system configuration.
Reformatted configuration files for better readability and consistency. Updated lock file dependencies to the latest revisions, ensuring compatibility and performance improvements.
Updated the relay host for RustDesk server from "mx.surfsite.org" to "rustdesk.hoyer.world". This ensures the service uses the new designated host for signal relay.
Enabled `forceSSL` for the RustDesk nginx configuration to ensure secure connections. Replaced `proxyPass` with detailed `extraConfig` to include necessary headers and support for WebSocket connections.
Moved rustdesk-server settings from `default.nix` to a dedicated module `rustdesk.nix`. This improves configuration structure and ensures better modularity for maintainability.
Added `relayHosts` configuration to rustdesk-server to specify the relay host `mx.surfsite.org`. This ensures proper routing and connectivity for the RustDesk service.
Reformatted code blocks for better readability and consistency in Nextcloud and Darwin home configurations. No functional changes were made, ensuring existing behavior remains intact.
Include `config` in function parameters for better configurability. Removed unnecessary Nextcloud apps such as `files_texteditor`, `files_markdown`, `twofactor_backupcodes`, and `twofactor_totp` to streamline service setup.
Enhance Nextcloud setup by enabling additional applications such as calendar, contacts, and notes. This change improves the service's functionality and usability by integrating essential productivity tools directly into the Nextcloud environment.
Change the working directory from `/root` to `/root/nixcfg` in the `nixos-upgrade` systemd service to ensure the correct configuration repository is used. This update prevents potential errors due to fetching and resetting in the wrong directory.
Include git in the `PATH` for the `nixos-upgrade` systemd service. This change ensures that the service can execute git commands during its operations. The path addition resolves issues related to unavailable git commands.
Introduce a preStart hook to the nixos-upgrade systemd service to ensure the local repository is updated before upgrades by fetching and resetting to the origin's HEAD. This enhances the reliability and consistency of the upgrade process. Also, maintain the commented out old flake path for backward traceability.
Remove duplicate configurations for the rot8000 git filter from both mx and base modules. This change helps to streamline the code by ensuring that the unnecessary and redundant configurations are eliminated.
Enable JXL (JPEG XL) format previews in Nextcloud configuration. This addition allows users to view and manage JPEG XL images directly within Nextcloud, enhancing the user experience with modern image formats.
Refactor various NixOS and home-manager configurations to improve consistency and readability. Correct naming inconsistencies, ensure proper indentation, and restructure Samba settings for better clarity and maintainability.
Introduces a new configuration for setting the maintenance window start in the Nextcloud settings. This ensures better scheduling and coordination for maintenance activities.
Reorganized the configuration blocks for better readability. The `enabledPreviewProviders` list and `phpOptions` section now follow a more logical structure.
This commit enhances the Nextcloud configuration by enabling previews for WEBP image files. It adds "OC\\Preview\\WEBP" to the list of supported preview formats.
Update coturn service configuration with new port ranges and enhanced security options. Also, add ACME support for certificate management and configure firewall to allow necessary ports.
