Ensure the coturn static-auth-secret has the correct owner and specifies restart units. This enhances security by assigning ownership and improves reliability by ensuring relevant units restart when secrets change.
Add coturn service definition for x86_64-linux systems with static-auth-secret and additional settings for Nextcloud integration. Includes secrets management via `sops` and secure TLS configurations.
Enabled Intel media driver support and set environment variables for better compatibility with Wayland. Also updated MPV configuration for hardware decoding and GPU settings.
Move and enhance OpenGL configuration in GUI services. The configuration now includes onevpl-intel-gpu and retains intel-compute-runtime from base services.
Added an HTTP SSL CA certificate configuration to enhance security and ensure trusted connections. This change sets the CA certificate file path to '/etc/ssl/certs/ca-certificates.crt'.
Added a custom shell script for qemu-system-x86_64 enabling UEFI support using OVMF. This ensures that the command uses the specified OVMF firmware for UEFI boot.
Add chromium and rustup to systemPackages, and move pcsctools and yubikey-personalization entries. Introduce environment session variable NIXOS_OZONE_WL for better Wayland support.
Updated LUKS device configurations to include allowDiscards option. This allows the system to send discard/TRIM commands to LUKS devices for better performance.
Removed unnecessary blank lines to improve readability and maintain consistency with the formatting guidelines. This change does not impact functionality but cleans up the code.
Enable temporary file storage on tmpfs and configure TMPDIR for the nix-daemon. Also, ensure temporary files are cleaned on boot and enable fstrim service for filesystem maintenance.
Added configuration to use the latest kernel packages for boot. This change ensures the system benefits from the most recent updates and security patches.
The extraConfig for resolved had an incorrect semicolon causing configuration issues. This change removes the semicolon to ensure proper configuration loading.
Enabled the Syncthing service in the fileserver configuration. Set the user to 'harald' and specified directories for data and configuration.
Signed-off-by: Harald Hoyer <harald@hoyer.xyz>
Changed the keyboard variant configuration in xserver to include a trailing comma. This ensures the variant setting is correctly parsed by the xserver.
Enabled ResolveUnicastSingleLabel option in systemd-resolved configuration. This ensures unicast single-label domain names can be resolved. Added in the extraConfig section.
The alacritty package entry was misaligned in the list of systemPackages. This fix ensures consistent indentation for better readability and maintainability.
This commit shifts the Alacritty terminal emulator from "tools" within the user-level configuration to "systemPackages" under the base services configuration. This change allows global access to Alacritty across the system.
Replace the old command with an updated one in the README.md file, removing the `--use-remote-sudo` option. This should help users to effectively utilize the 'darwin-rebuild' functionality accurately.
This commit comments out several configurations in the user's default.nix on harald@mpro. Namely, it disables the sessionPath, home-manager, and alacritty, establishing a new setup for future use.
This commit enables the 'base' edition in the default.nix configuration file within the Darwin suites module. This update provides the necessary settings for the base installation, enhancing the flexibility of system setup.
This commit introduces a new base configuration for the Darwin service. It includes options for system packages, shell programs and security features. This base configuration is customizable with an enable option.
Replace `❯` prompt symbol with `$` for clarity and consistency. Add additional command for Darwin. Remove outdated `command-not-found` section. Update nix and ssh command syntax for better readability and usage.
This commit modifies the `nix` configuration in the `darwin` module, changing from the unstable `nix` package use to the stable version. This change is intended to improve stability and reliability of the module.
This commit renames the 'fonts' array in the darwin system fonts module to 'packages'. The refactor is aimed at improving the code readability and making the name more descriptive and representative of its content.
This commit updates the allowed TCP port for networking in the SGX configuration file. Instead of hardcoding the port number, it now uses the port specified in the netatalk configuration. This change enables more flexibility in port assignment and reduces potential conflicts.
The configuration update for the x86_64-linux t15 hardware adds a US layout variant to the existing German keyboard configuration. This change will allow switching between US and German keyboard layouts as per user requirements.
This commit adds the `autohide-battery@sitnik.ru` extension to the home configurations of `harald@t15` and `harald@x1`. It also adjusts the path of the `xkb.layout` setting in the GUI service's configuration. Furthermore, the `sound-output-device-chooser` extension has been removed.
This commit adds three new GNOME extensions to the gui module in the NixOS service. Specifically, 'gnome-browser-connector', 'autohide-battery', and 'sound-output-device-chooser' were added. This update is intended to enhance the system's user experience.
This commit updates the hardware configuration file for the x86_64-linux system. Specifically, it modifies the xserver keymap settings, ensuring proper keymap configuration for 'de' layout with 'nodeadkeys' variant in the x86_64-linux system.
Multiple boot options have been added in the hardware-configuration for the x86_64-linux system. This includes unsafe secrets mitigation options, such as 'noibrs', 'noibpb', 'nopti', etc., to potentially enhance system performance.
This commit modifies several settings of the home printer module in default.nix. The PageSize parameter was changed, and several new parameters related to print quality and color correction were added for better print results, specifically for photos.
This commit updates the narHashes and revisions of multiple packages in flake.lock file. The revisions are updated to their newer versions for improved performance and security patches.
Created a new module for home printer setup and enabled it on x86_64-linux systems. The module configures printing drivers and ensures that printers are set up properly. In addition, moved specific printer configurations into the newly created homeprinter module.
This commit adds configurations for two printers (Brother DCP-L2530DW and Canon MG6300 series) in the nix file. It also enables printing services and resolves DNSSEC degradation. This ensures a more seamless and secure printing experience.
This commit adds support for the Brother DCP-L2530DW printer driver. The new file, dcpl2530dw-cups/default.nix, includes necessary build inputs and sets up installation paths. Currently, this build only supports the x86_64 platform.
The indentation in the mailserver.nix file was fixed to follow proper syntax guidelines. This was a minor change, but it improves code readability and adherence to stylistic standards.
The 'atticd' service has been deleted from the sgx-nixos configuration. Additionally, the reference to 'atticd.nix' has been removed from the 'default.nix' imports. This was done to help streamline the system configuration.
The user's extraGroups in the NixOS module now contains 'wheel' by default. This change provides the user with more privileges. Consequently, 'wheel' has been removed from the SGX-Attic's 'user.extraGroups' as it became redundant.
This commit removes a predefined TCP port (8080) from the allowed list in the networking firewall. This choice will increase the security features by avoiding any unnecessary open ports in the firewall configuration.
The import statement for the atticd.nix file has been commented out in the default.nix file under the sgx-nixos system. This reflects changes in dependencies or system configurations.
Harald Hoyer