This commit adds a git safe directory to the system config. This is to ensure that the git configurations are securely stored in "/var/lib/gitea/repositories/harald/nixcfg.git".
This commit removes specific email addresses related to "meike-knutz.de" and "gerlinde-hoyer.de" in the mailserver configuration. It affects aliases, postmaster, and abuse sections of the configuration.
This commit removes the defaultPhoneRegion from the config section and sets it in the settings section in nextcloud.nix file. This reorganization improves the structure and readability of the configuration.
The Nextcloud package in the x86_64-linux system has been upgraded from version 28 to version 29. This update introduces the latest features, improvements, and security fixes from the Nextcloud project.
This commit moves the kernel package version override from the base nixos service to specific system configurations. Now, the latest linux packages will be used only in the system configurations where the override has been explicitly added. This approach gives us more flexibility to handle different kernel package versions for different systems.
An extra comma is added to the pccs_url in the sgx_default_qcnl.conf file to correct a possible syntax error. This fix ensures the correct parsing of the JSON object.
A new systemd service, `check_root`, has been added which checks disk usage of the root directory. If usage exceeds 85%, an email alert is sent. In addition to this service, a corresponding systemd timer is added to trigger this check daily.
This commit introduces a new systemd service that runs daily to check the disk usage of the /boot partition. If utilization exceeds a set threshold, it triggers a warning email. This will ensure prompt alerts on critically low boot disk space, helping in maintaining a stable system.
This commit includes a new lid switch configuration for the logind service within the SGX default configuration file. The lid switch has been set to "ignore", enhancing control over system behaviors upon lid actions.
In systems/x86_64-linux/x1/default.nix, 'docker' has been added to user.extraGroups. This allows the current user to manage Docker without needing root access.
This commit introduces virtualization configurations for docker and libvirtd in the x86_64-linux system. It also sets the podman.dockerCompat to false to avoid compatibility issues.
This commit updates the hardware configuration for SGX systems. We have configured the available kernel modules list to include TPM-related modules. Also, unnecessary TPM2 security settings have been removed to clean up the configuration file.
The commit turns on the TPM2 security feature and its associated Access Broker and Resource Manager daemon (abrmd) in the hardware configuration for the x86_64-linux SGX system. This action, represented by changing the respective entries from false to true, enhances the security of this system configuration.
Harald Hoyer