This commit removes the dnsProvider property from the "varlink.org" configuration within the acme.nix file. This step contributes to system simplification and potential adaptability improvements.
Added "herward-hoyer.de" as a new domain in the acme.nix file. Set "internetbs" as the DNS provider and added "*.herward-hoyer.de" to the extra domain names.
The DNS provider has been changed from "internetbs" to "cloudflare". Moreover, configurations for multiple domains have been updated and expanded, including "mx.surfsite.org", "surfsite.org", "hartwin-hoyer.de", "varlink.org", "hoyer.xyz", and others.
A new DNS provider, Cloudflare, has been added to the configuration for domain "harald-hoyer.de" in the acme.nix file. This change will affect the handling of DNS requests for this domain.
The commit includes the addition of the "meike-hoyer.de" domain to the acme.nix file, using "cloudflare" as the DNS provider. This update enhances the system's domain coverage.
This update removes the myprivacy.tools domain from the configuration of the mailserver. As a result, no incoming or outgoing messages will be processed for this domain. Also, all email addresses related to myprivacy.tools were also removed.
This commit introduces a new substituter 'https://attic.teepot.org/tee-pot' and its associated trusted key 'tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg='. The changes affect the Nix, aesmd_dcap, home settings, and pccs modules. This update provides additional package sources for these modules.
This commit changes the default retention period for garbage collection in the attic daemon setting from 30 days to 3 months. This will allow the system to maintain data for a longer period before cleaning.
This commit introduces a new parameter for setting the garbage collection interval in the atticd.nix file. The garbage collection interval is set to run every 30 days, helping to manage unnecessary data and improve system performance.
The atticd settings in systems/x86_64-linux/sgx-nixos have been updated to include an API endpoint. The primary purpose of this change is to ensure that atticd infrastructure can successfully connect to the new endpoint at https://attic.teepot.org.
The attic-client has been added to the packages for the x86_64-linux system. This change enables interaction with the Attic distributed storage system, expanding the capabilities of this system setting.
The attic-client has been added to the packages for the x86_64-linux system. This change enables interaction with the Attic distributed storage system, expanding the capabilities of this system setting.
This commit allows TCP traffic on port 8080 and permits ICMP echo requests for ping command in SGX-NixOS. Moreover, the necessary code adjustments have been made in the default.nix file.
This commit updates the revision and hashes of several dependencies in flake.lock. It includes updates to "nix-darwin", "disko", "nixpkgs", and "sops-nix", ensuring they are up-to-date with their respective repositories.
This commit includes the atticd service to the sgx-nixos system. The `atticd.nix` file has been added with default configuration and the attic service has been included in imports in `default.nix`. Modifications were made in `flake.nix` and `flake.lock` to integrate attic dependencies.
A new package, k9s, has been added to the default packages for x86_64-linux system. This effort is to enhance the overall system functionality and user experience.
The installation guide in the README file has been modified for clarity. The phrase 'Install system' is updated to 'Install a system' to improve readability and understanding.
The goaccess.nix import has been commented out in the mx/default.nix file. This change signifies that the goaccess feature is currently not being utilized or is under maintenance.
This commit updates the docker image URL for the nix runner in the forgejo.nix configuration. The new URL points to the image hosted at git.hoyer.xyz/harald/nix-runner:latest. This change is
This change updates the nginx configuration in the x86_64-linux system. It adds a new parameter, clientMaxBodySize, which is set to allow larger payloads of up to 100M, improving our capacity to handle bigger client requests.
This commit enables the host network mode setting for the forgejo-runner in the x86_64-linux/mx system. This change facilitates better network performance and easy communication with the host.
The Docker image reference for the "nix" key in the `systems/x86_64-linux/mx/forgejo.nix` file was updated. This change points to a more recent version of the image, "nix-runner:latest", to ensure our deployments are based on the latest state.
This commit adds a new runner image for the Nix environment. The "nix:docker://backslashhh/nix:latest" line has been included in the Forgejo configuration, allowing Gitea to use the latest Nix image in the runner.
This commit updates the runner labels in the forgejo.nix file. It changes the URL links for the runner images and specifies the version of Ubuntu to be used. The new labels reference the runner images from the gitea repository rather than Node.js images.
Corrects the indentation in the systemd service and timer definitions within the default.nix configuration file. This improves the readability and maintenance of the code.
The runner token in the Hetzner secrets configuration file has been updated. Additionally, the last modified timestamp has been changed to reflect the latest modifications.
This commit introduces the configuration for the gitea-actions-runner service in the forgejo.nix file. It also includes adding a new encrypted yaml file for the runner token. The configurations set up instances and labels for different versions of Ubuntu.
The system's configuration for x86_64-linux architecture has been modified. Specifically, warp-svc will not be started automatically anymore, as its reference in the "wants" section of "multi-user" targets in systemd configuration has been removed.
The systemd.user.services block in the default.nix file has been commented out. This change is vital if the associated services are not meant to be used or activated, avoiding any potential conflicts or issues.
The default value for `wheelNeedsPassword` has been changed to `true` in `base/default.nix`. The redundant entry in `gui/default.nix` setting `wheelNeedsPassword` to `true` was removed as it is now enforced by the base module.
This change updates the settings in the GUI module for the sudo wheel group. The security policy has been modified to require a password when a member of the wheel group attempts to use sudo.
Adjust default garbage collection intervals and retention periods. Set default GC to run weekly and retain 14 days on nixos module and to run daily and retain 7 days on the 64-linux module.
Signed-off-by: Harald Hoyer <harald@hoyer.xyz>
The update modifies the default setting for the 'sudo wheelNeedsPassword' option in both the base and gui modules/services. Now, the base service has 'sudo wheelNeedsPassword' marked as a default option and disabled by default in the gui service.
New system packages including azure-cli, cloudflare-warp, desktop-file-utils, and kubectl have been added to the environment. The systemd has been configured for cloudflare-warp. Additionally, version updates were made in flake.lock with revised hashes and revisions.
This update introduces a more efficient way for managing whitelisted domains in rspamd.nix. Instead of repeating the list of domains across multiple configurations, the domains are now defined only once in a dedicated variable. This improves the maintainability and readability of the code.
This commit simplifies the configuration of rspamd settings in x86_64-linux systems. It primarily involves restructuring of settings for 'settings.conf', 'spf_whitelist', 'spf_dkim_whitelist', 'dmarc_whitelist', and 'greylist-whitelist-domains'.
This commit introduces new whitelisted domains for SPFs, DKIMs, DMARCs and Greylists in the Rspamd configurations. It also adds new rules for incoming emails from bogensport-jugend@gmx.de, including disabling greylisting and specifying actions to apply.
This commit introduces new whitelisted domains for SPFs, DKIMs, DMARCs and Greylists in the Rspamd configurations. It also adds new rules for incoming emails from bogensport-jugend@gmx.de, including disabling greylisting and specifying actions to apply.
This commit introduces new whitelisted domains for SPFs, DKIMs, DMARCs and Greylists in the Rspamd configurations. It also adds new rules for incoming emails from bogensport-jugend@gmx.de, including disabling greylisting and specifying actions to apply.
This commit corrects the code's formatting in two parts:
1) It normalizes the indentation in the BindPaths block under aesmd_dcap/default.nix.
2) It also removes the extra space before "DE" in the default_phone_region setting in nextcloud.nix.
The flake.lock file has been updated with the latest modifications, including changes to the lastModified, narHash, and rev values for several Github repositories. Furthermore, the trezord service has been enabled in the default.nix file for the x1 system.
This commit removes the "--refresh" flag from the system.autoUpgrade field in the default.nix file. The update function will now rely on the remaining flags only.
The primary change in this commit enables the Git program in the base/default service module. This marks a configuration alteration at the systems level, transferring the 'programs.git.enable' declaration from 'systems/x86_64-linux/mx/default.nix' to 'modules/nixos/services/base/default.nix'. We've undertaken this change for better structuring of our service configuration.
Move 'default_phone_region' setting to the proper place. The previous erroneous location of the following setting `default_phone_region` was fixed and moved under `settings` where the rest of the options reside. The configuration now aligns with the expected structure.
Harald Hoyer