This commit introduces new whitelisted domains for SPFs, DKIMs, DMARCs and Greylists in the Rspamd configurations. It also adds new rules for incoming emails from bogensport-jugend@gmx.de, including disabling greylisting and specifying actions to apply.
This commit corrects the code's formatting in two parts:
1) It normalizes the indentation in the BindPaths block under aesmd_dcap/default.nix.
2) It also removes the extra space before "DE" in the default_phone_region setting in nextcloud.nix.
The flake.lock file has been updated with the latest modifications, including changes to the lastModified, narHash, and rev values for several Github repositories. Furthermore, the trezord service has been enabled in the default.nix file for the x1 system.
The primary change in this commit enables the Git program in the base/default service module. This marks a configuration alteration at the systems level, transferring the 'programs.git.enable' declaration from 'systems/x86_64-linux/mx/default.nix' to 'modules/nixos/services/base/default.nix'. We've undertaken this change for better structuring of our service configuration.
Move 'default_phone_region' setting to the proper place. The previous erroneous location of the following setting `default_phone_region` was fixed and moved under `settings` where the rest of the options reside. The configuration now aligns with the expected structure.
This commit adds a git safe directory to the system config. This is to ensure that the git configurations are securely stored in "/var/lib/gitea/repositories/harald/nixcfg.git".
This commit removes specific email addresses related to "meike-knutz.de" and "gerlinde-hoyer.de" in the mailserver configuration. It affects aliases, postmaster, and abuse sections of the configuration.
This commit removes the defaultPhoneRegion from the config section and sets it in the settings section in nextcloud.nix file. This reorganization improves the structure and readability of the configuration.
The Nextcloud package in the x86_64-linux system has been upgraded from version 28 to version 29. This update introduces the latest features, improvements, and security fixes from the Nextcloud project.
This commit moves the kernel package version override from the base nixos service to specific system configurations. Now, the latest linux packages will be used only in the system configurations where the override has been explicitly added. This approach gives us more flexibility to handle different kernel package versions for different systems.
An extra comma is added to the pccs_url in the sgx_default_qcnl.conf file to correct a possible syntax error. This fix ensures the correct parsing of the JSON object.
A new systemd service, `check_root`, has been added which checks disk usage of the root directory. If usage exceeds 85%, an email alert is sent. In addition to this service, a corresponding systemd timer is added to trigger this check daily.
This commit introduces a new systemd service that runs daily to check the disk usage of the /boot partition. If utilization exceeds a set threshold, it triggers a warning email. This will ensure prompt alerts on critically low boot disk space, helping in maintaining a stable system.
This commit includes a new lid switch configuration for the logind service within the SGX default configuration file. The lid switch has been set to "ignore", enhancing control over system behaviors upon lid actions.
In systems/x86_64-linux/x1/default.nix, 'docker' has been added to user.extraGroups. This allows the current user to manage Docker without needing root access.
This commit introduces virtualization configurations for docker and libvirtd in the x86_64-linux system. It also sets the podman.dockerCompat to false to avoid compatibility issues.
This commit updates the hardware configuration for SGX systems. We have configured the available kernel modules list to include TPM-related modules. Also, unnecessary TPM2 security settings have been removed to clean up the configuration file.
The commit turns on the TPM2 security feature and its associated Access Broker and Resource Manager daemon (abrmd) in the hardware configuration for the x86_64-linux SGX system. This action, represented by changing the respective entries from false to true, enhances the security of this system configuration.
Harald Hoyer