Updated ACME and nginx configurations to replace "internal.hoyer.world" with "openwebui.hoyer.world". This ensures correct routing and certificate management for the updated domain.
This commit adds Alacritty and iTerm2 to the system configuration for aarch64-darwin. These changes enhance terminal options, improving flexibility and usability for developers.
Reformatted code blocks for better readability and consistency in Nextcloud and Darwin home configurations. No functional changes were made, ensuring existing behavior remains intact.
Add the `piper` package to the build and enable the `ratbagd` service for managing gaming mice. This enhances device compatibility and configuration options.
Include `config` in function parameters for better configurability. Removed unnecessary Nextcloud apps such as `files_texteditor`, `files_markdown`, `twofactor_backupcodes`, and `twofactor_totp` to streamline service setup.
Enhance Nextcloud setup by enabling additional applications such as calendar, contacts, and notes. This change improves the service's functionality and usability by integrating essential productivity tools directly into the Nextcloud environment.
Adjusted the parameter formatting in `acme.nix` and `nginx.nix` for better readability and consistency. The changes include standardizing the indentation and spacing for multiline declarations.
Add ports 80 and 443 to the list of allowed TCP ports in the firewall configuration. This change ensures that HTTP and HTTPS traffic can pass through, which is essential for web services to operate correctly.
Change the sopsFile path in acme.nix to point to the sgx directory instead of hetzner to ensure the correct configuration file is referenced. Added a new encrypted secrets file specific to the sgx directory to maintain security and confidentiality.
Convert the port value to a string in nginx configuration to ensure correct proxyPass functionality. This change prevents potential runtime errors when using numeric port values directly in the proxyPass directive.
Introduce the `config` argument to the SGX NGINX module to enhance configurability and integration. This change allows for more flexible usage of configurations that may rely on system-level settings. It prepares the NGINX module for more complex future modifications or integrations.
Update the OLLAMA_API_BASE_URL to ensure proper resolution with the full domain name `m4.fritz.box`. This change ensures that the API endpoint is correctly accessible within the network.
Added the `openFirewall` option set to true in the SGX OpenWebUI configuration. This change ensures that firewall rules are adjusted to allow access to the configured port. This enhances accessibility and simplifies setup for users.
Corrected the spelling of "environment" from "enviroment" in the OpenWebUI configuration file. This change ensures the configuration is correctly interpreted, avoiding potential issues with environment variable settings.
Introduce a new NixOS configuration for the OpenWebUI service, enabling it by default on port 8080. The setup includes environment settings to disable telemetry and authentication, and it adds the openwebui.nix to the system modules.
Change the working directory from `/root` to `/root/nixcfg` in the `nixos-upgrade` systemd service to ensure the correct configuration repository is used. This update prevents potential errors due to fetching and resetting in the wrong directory.
Include git in the `PATH` for the `nixos-upgrade` systemd service. This change ensures that the service can execute git commands during its operations. The path addition resolves issues related to unavailable git commands.
Introduce a preStart hook to the nixos-upgrade systemd service to ensure the local repository is updated before upgrades by fetching and resetting to the origin's HEAD. This enhances the reliability and consistency of the upgrade process. Also, maintain the commented out old flake path for backward traceability.
Remove duplicate configurations for the rot8000 git filter from both mx and base modules. This change helps to streamline the code by ensuring that the unnecessary and redundant configurations are eliminated.
Enable JXL (JPEG XL) format previews in Nextcloud configuration. This addition allows users to view and manage JPEG XL images directly within Nextcloud, enhancing the user experience with modern image formats.
Introduce a new module, ipu.nix, enabling IPU6 platform support. This change aids in configuring specific hardware settings and includes the setup for future kernel package adjustments. The IPU6 module is prepared for integration but is currently commented out in the imports for further testing.
Refactor various NixOS and home-manager configurations to improve consistency and readability. Correct naming inconsistencies, ensure proper indentation, and restructure Samba settings for better clarity and maintainability.
Updated the Nixpkgs and Home Manager inputs from 24.05 to 24.11. Removed the attic module and its dependencies, added mnw to neovim-flake. Refined Neovim configuration by disabling nvimCodeActionMenu and optimizing other settings.
Introduce 'cleanup', 'autoUpdate', and 'upgrade' options under the onActivation section for improved manageability. Additionally, remove unused homebrew configuration from modules/darwin/nix/default.nix.
Convert masApps from list to set for better structure consistency. Add initialization for Homebrew in the Fish shell to ensure the environment is correctly set up.
This commit updates the default Homebrew configuration to include 'mas' alongside 'libusb' for the aarch64-darwin system. It also introduces an empty 'masApps' array for potential future use.
Added configuration to enable Homebrew on aarch64-darwin systems. Created a new module for managing Homebrew settings and added support for declarative tap management.
Renamed several modules to better align with Darwin-specific configurations. Refactored configuration for Alacritty and removed it from system packages where not needed. Introduced Homebrew settings and cleaned up redundant entries in multiple Nix files.
Add Zsh to the list of available shells in the Darwin services module.
Introduce new Nix configurations for aarch64-darwin, including system packages and font settings.
Set up user-specific environment for Harald on aarch64-darwin system.
Reformatted the boot.kernelModules array for better readability. This change enhances the clarity of the list and follows more consistent coding practices across the configuration file.
Included HSA_OVERRIDE_GFX_VERSION for ROCm acceleration. Added LIBVA_DRIVER_NAME and commented NIXOS_OZONE_WL to environment.sessionVariables settings.
Added configuration to set fish as the default shell for user harald. This improves user experience by providing a more friendly and powerful shell environment.
Introduces a new configuration for setting the maintenance window start in the Nextcloud settings. This ensures better scheduling and coordination for maintenance activities.
Added systemd and PAM configuration to set NOFILE and MEMLOCK limits to 32768. This change enhances the system's capability to handle a larger number of open files and memory-locked segments.
Increased the file descriptor limit (NOFILE) from 32000 to 32768 in systemd and PAM settings. This adjustment aligns system limits with higher resource demands.
Added configuration to increase the system-wide file descriptor limit and memory lock limit. This change involves updating systemd and PAM settings to enhance resource management.
Updated Avahi service configuration to support both IPv4 and IPv6 addressing. This change includes enabling nssmdns4 and nssmdns6, along with setting ipv4 and ipv6 to true.
Reorganized the configuration blocks for better readability. The `enabledPreviewProviders` list and `phpOptions` section now follow a more logical structure.
This commit enhances the Nextcloud configuration by enabling previews for WEBP image files. It adds "OC\\Preview\\WEBP" to the list of supported preview formats.
Update coturn service configuration with new port ranges and enhanced security options. Also, add ACME support for certificate management and configure firewall to allow necessary ports.
Ensure the coturn static-auth-secret has the correct owner and specifies restart units. This enhances security by assigning ownership and improves reliability by ensuring relevant units restart when secrets change.
Add coturn service definition for x86_64-linux systems with static-auth-secret and additional settings for Nextcloud integration. Includes secrets management via `sops` and secure TLS configurations.
Updated LUKS device configurations to include allowDiscards option. This allows the system to send discard/TRIM commands to LUKS devices for better performance.
Removed unnecessary blank lines to improve readability and maintain consistency with the formatting guidelines. This change does not impact functionality but cleans up the code.
Added configuration to use the latest kernel packages for boot. This change ensures the system benefits from the most recent updates and security patches.
The extraConfig for resolved had an incorrect semicolon causing configuration issues. This change removes the semicolon to ensure proper configuration loading.
Enabled the Syncthing service in the fileserver configuration. Set the user to 'harald' and specified directories for data and configuration.
Signed-off-by: Harald Hoyer <harald@hoyer.xyz>
Changed the keyboard variant configuration in xserver to include a trailing comma. This ensures the variant setting is correctly parsed by the xserver.
Enabled ResolveUnicastSingleLabel option in systemd-resolved configuration. This ensures unicast single-label domain names can be resolved. Added in the extraConfig section.
This commit updates the allowed TCP port for networking in the SGX configuration file. Instead of hardcoding the port number, it now uses the port specified in the netatalk configuration. This change enables more flexibility in port assignment and reduces potential conflicts.
The configuration update for the x86_64-linux t15 hardware adds a US layout variant to the existing German keyboard configuration. This change will allow switching between US and German keyboard layouts as per user requirements.
This commit updates the hardware configuration file for the x86_64-linux system. Specifically, it modifies the xserver keymap settings, ensuring proper keymap configuration for 'de' layout with 'nodeadkeys' variant in the x86_64-linux system.
Multiple boot options have been added in the hardware-configuration for the x86_64-linux system. This includes unsafe secrets mitigation options, such as 'noibrs', 'noibpb', 'nopti', etc., to potentially enhance system performance.
Created a new module for home printer setup and enabled it on x86_64-linux systems. The module configures printing drivers and ensures that printers are set up properly. In addition, moved specific printer configurations into the newly created homeprinter module.
This commit adds configurations for two printers (Brother DCP-L2530DW and Canon MG6300 series) in the nix file. It also enables printing services and resolves DNSSEC degradation. This ensures a more seamless and secure printing experience.
The indentation in the mailserver.nix file was fixed to follow proper syntax guidelines. This was a minor change, but it improves code readability and adherence to stylistic standards.
The 'atticd' service has been deleted from the sgx-nixos configuration. Additionally, the reference to 'atticd.nix' has been removed from the 'default.nix' imports. This was done to help streamline the system configuration.
The user's extraGroups in the NixOS module now contains 'wheel' by default. This change provides the user with more privileges. Consequently, 'wheel' has been removed from the SGX-Attic's 'user.extraGroups' as it became redundant.
This commit removes a predefined TCP port (8080) from the allowed list in the networking firewall. This choice will increase the security features by avoiding any unnecessary open ports in the firewall configuration.
The import statement for the atticd.nix file has been commented out in the default.nix file under the sgx-nixos system. This reflects changes in dependencies or system configurations.
This commit adds "wheel" to the user.extraGroups in the default SGX configuration file for x86_64-linux system. This is a necessary update to ensure users
This commit refactors the hardware configuration in the SGX attic. A new file named `disko.nix` has been added which houses the disk setup previously located on `hardware-configuration.nix`. Additionally, some parameters in `default.nix` have been updated and unneeded configuration settings have been removed.
This commit adds a new email alias to the mailserver configuration. This new addition will allow emails sent to this address to be properly routed and received.
This commit adds a new email alias to the mailserver configuration. This new addition will allow emails sent to this address to be properly routed and received.
This commit updates the list of email aliases for various users in the mailserver configuration. It reorders existing aliases and introduces new ones, extending their visibility in different domains. This offers aliases under the hoyer.social and hoyer.world domains, enhancing flexibility for users.
This commit updates the certificate scheme configuration on the mailserver. The `certificateScheme` and `acmeCertificateName` have been added, and an unnecessary certificate reference in the `acme.nix` file has been deleted.
This commit removes the dnsProvider attribute ("internetbs") from four entries in the acme.nix file. These changes aim to reduce redundancy and maintain simplicity in the script.
This commit removes the dnsProvider property from the "varlink.org" configuration within the acme.nix file. This step contributes to system simplification and potential adaptability improvements.
Added "herward-hoyer.de" as a new domain in the acme.nix file. Set "internetbs" as the DNS provider and added "*.herward-hoyer.de" to the extra domain names.
The DNS provider has been changed from "internetbs" to "cloudflare". Moreover, configurations for multiple domains have been updated and expanded, including "mx.surfsite.org", "surfsite.org", "hartwin-hoyer.de", "varlink.org", "hoyer.xyz", and others.
A new DNS provider, Cloudflare, has been added to the configuration for domain "harald-hoyer.de" in the acme.nix file. This change will affect the handling of DNS requests for this domain.
The commit includes the addition of the "meike-hoyer.de" domain to the acme.nix file, using "cloudflare" as the DNS provider. This update enhances the system's domain coverage.
This update removes the myprivacy.tools domain from the configuration of the mailserver. As a result, no incoming or outgoing messages will be processed for this domain. Also, all email addresses related to myprivacy.tools were also removed.
This commit changes the default retention period for garbage collection in the attic daemon setting from 30 days to 3 months. This will allow the system to maintain data for a longer period before cleaning.
This commit introduces a new parameter for setting the garbage collection interval in the atticd.nix file. The garbage collection interval is set to run every 30 days, helping to manage unnecessary data and improve system performance.
The atticd settings in systems/x86_64-linux/sgx-nixos have been updated to include an API endpoint. The primary purpose of this change is to ensure that atticd infrastructure can successfully connect to the new endpoint at https://attic.teepot.org.
The attic-client has been added to the packages for the x86_64-linux system. This change enables interaction with the Attic distributed storage system, expanding the capabilities of this system setting.
The attic-client has been added to the packages for the x86_64-linux system. This change enables interaction with the Attic distributed storage system, expanding the capabilities of this system setting.
This commit allows TCP traffic on port 8080 and permits ICMP echo requests for ping command in SGX-NixOS. Moreover, the necessary code adjustments have been made in the default.nix file.
This commit includes the atticd service to the sgx-nixos system. The `atticd.nix` file has been added with default configuration and the attic service has been included in imports in `default.nix`. Modifications were made in `flake.nix` and `flake.lock` to integrate attic dependencies.
Harald Hoyer