Adjusted the virtual_alias_maps to properly include both root and admin email forwarding. Removed unused rootAlias line and ensured the configuration aligns with intended email routing behavior.
Added configuration for Postfix to use an external SMTP relay with encrypted credentials managed by SOPS. Updated `mail.nix` to include relay settings and linked the secrets file for password storage.
Introduce `mail.nix` to configure mail utilities (`mailutils`, `mutt`) and enable Postfix service. Updated `default.nix` to include the new configuration file.
Ensure netatalk, samba, and syncthing services start only after the required mount points are available. This improves service dependency handling and prevents potential race conditions.
Set higher limits for `fs.inotify.max_user_instances` and `fs.inotify.max_user_watches` in the kernel sysctl configuration. This improves system monitoring capabilities, particularly for applications relying on inotify.
Include 'uv' in the x1 system default packages to extend functionality. This change ensures 'uv' is readily available for use without additional setup.
Reformatted the hardware configuration file for improved clarity and organization. Consolidated nested attributes and adjusted formatting to align with best practices.
Removed comment clutter and streamlined the configuration for better readability and maintenance. Ensured the sops secrets and ACME certificate handling remain functional.
Removed unused arguments (pkgs, lib, config) from the fileserver.nix file to streamline the function signature. This enhances code readability and eliminates redundant parameters.
Added devices "m4" and "x1" along with updating folder configurations to include "x1" in the devices list. Included commented-out Syncthing settings for future use in the x1 default configuration.
Ensure proper service execution by adding mount dependencies to systemd services. This guarantees that required file systems are available before the services start.
Updated the Nextcloud package from version 30 to 31. This ensures access to the latest features and improvements while maintaining compatibility with the system configuration.
Re-enabled the default vscode package and commented out the custom vscode-with-extensions override. This simplifies the configuration by relying on the standard vscode setup.
Introduce VSCode configuration and integrate roo-cline extension. This includes adding roo-cline to vscode extensions and setting up metadata for its marketplace details.
Introduce encrypted secrets and SOPS configuration for the x1 system. Update SSH and related services to utilize these secrets and modify flake.lock to align with the latest dependencies.
- Added `goose-cli` package definition and metadata in `unstable` overlay.
- Updated `default.nix` under `aarch64-darwin` to include `goose-cli` in system packages.
- Removed commented out packages and cleaned up unused lines for better clarity and maintainability.
Introduced `claude-desktop-with-fhs` package by adding the `claude` flake to the inputs. Updated the system configuration and overlays to integrate the new package for usage.
- Created a `limits` module to centralize system limit configurations.
- Replaced inlined user and systemd limits with the new module on aarch64 and x86_64 platforms.
- Simplifies maintenance and ensures consistency across configurations.
- Enable Ollama API by setting `ENABLE_OLLAMA_API` to true.
- Disable OpenAI API by setting `ENABLE_OPENAI_API` to false.
This improves control over API usage and ensures proper configuration.
- Change OpenWebUI host binding from 0.0.0.0 to 127.0.0.1 for security.
- Consolidate ACME certificates under internal.hoyer.world with extra domain names.
- Update Nginx virtual hosts to use the unified ACME host internal.hoyer.world.
Added Logseq to the system packages for productivity tools. Permitted the insecure Electron 27.3.11 package to bypass restrictions for compatibility needs.
Reformatted configuration files for better readability and consistency. Updated lock file dependencies to the latest revisions, ensuring compatibility and performance improvements.
Renamed folders in the fileserver configuration for improved clarity and alignment with naming conventions. Adjustments ensure better organization and functionality in the SGX environment.
Commented out DNSSEC configuration and single-label resolution in systemd-resolved. This change disables custom DNS behavior to potentially align with default system behavior or compatibility requirements.
Added configuration for Syncthing devices and shared folders, enabling synchronization between specific devices. Adjusted the structure for better clarity and maintainability.
Updated the relay host for RustDesk server from "mx.surfsite.org" to "rustdesk.hoyer.world". This ensures the service uses the new designated host for signal relay.
Enabled `forceSSL` for the RustDesk nginx configuration to ensure secure connections. Replaced `proxyPass` with detailed `extraConfig` to include necessary headers and support for WebSocket connections.
Moved rustdesk-server settings from `default.nix` to a dedicated module `rustdesk.nix`. This improves configuration structure and ensures better modularity for maintainability.
Added `relayHosts` configuration to rustdesk-server to specify the relay host `mx.surfsite.org`. This ensures proper routing and connectivity for the RustDesk service.
- Enabled LLMNR to allow link-local name resolution.
- Enabled MulticastDNS to support service discovery and hostname resolution within local networks.
- Enabled LLMNR to allow link-local name resolution.
- Enabled MulticastDNS to support service discovery and hostname resolution within local networks.
- Enable systemd-resolved and configure DNSSEC with downgrade option.
- Add extra configuration to allow resolving unicast single-label names.
This improves DNS handling and ensures compatibility for SGX setup.
Harald Hoyer