Included HSA_OVERRIDE_GFX_VERSION for ROCm acceleration. Added LIBVA_DRIVER_NAME and commented NIXOS_OZONE_WL to environment.sessionVariables settings.
Introduces a new configuration for setting the maintenance window start in the Nextcloud settings. This ensures better scheduling and coordination for maintenance activities.
Added systemd and PAM configuration to set NOFILE and MEMLOCK limits to 32768. This change enhances the system's capability to handle a larger number of open files and memory-locked segments.
Increased the file descriptor limit (NOFILE) from 32000 to 32768 in systemd and PAM settings. This adjustment aligns system limits with higher resource demands.
Added configuration to increase the system-wide file descriptor limit and memory lock limit. This change involves updating systemd and PAM settings to enhance resource management.
Updated Avahi service configuration to support both IPv4 and IPv6 addressing. This change includes enabling nssmdns4 and nssmdns6, along with setting ipv4 and ipv6 to true.
Reorganized the configuration blocks for better readability. The `enabledPreviewProviders` list and `phpOptions` section now follow a more logical structure.
This commit enhances the Nextcloud configuration by enabling previews for WEBP image files. It adds "OC\\Preview\\WEBP" to the list of supported preview formats.
Update coturn service configuration with new port ranges and enhanced security options. Also, add ACME support for certificate management and configure firewall to allow necessary ports.
Ensure the coturn static-auth-secret has the correct owner and specifies restart units. This enhances security by assigning ownership and improves reliability by ensuring relevant units restart when secrets change.
Add coturn service definition for x86_64-linux systems with static-auth-secret and additional settings for Nextcloud integration. Includes secrets management via `sops` and secure TLS configurations.
Updated LUKS device configurations to include allowDiscards option. This allows the system to send discard/TRIM commands to LUKS devices for better performance.
Removed unnecessary blank lines to improve readability and maintain consistency with the formatting guidelines. This change does not impact functionality but cleans up the code.
Added configuration to use the latest kernel packages for boot. This change ensures the system benefits from the most recent updates and security patches.
The extraConfig for resolved had an incorrect semicolon causing configuration issues. This change removes the semicolon to ensure proper configuration loading.
Enabled the Syncthing service in the fileserver configuration. Set the user to 'harald' and specified directories for data and configuration.
Signed-off-by: Harald Hoyer <harald@hoyer.xyz>
Changed the keyboard variant configuration in xserver to include a trailing comma. This ensures the variant setting is correctly parsed by the xserver.
Enabled ResolveUnicastSingleLabel option in systemd-resolved configuration. This ensures unicast single-label domain names can be resolved. Added in the extraConfig section.
This commit updates the allowed TCP port for networking in the SGX configuration file. Instead of hardcoding the port number, it now uses the port specified in the netatalk configuration. This change enables more flexibility in port assignment and reduces potential conflicts.
The configuration update for the x86_64-linux t15 hardware adds a US layout variant to the existing German keyboard configuration. This change will allow switching between US and German keyboard layouts as per user requirements.
This commit updates the hardware configuration file for the x86_64-linux system. Specifically, it modifies the xserver keymap settings, ensuring proper keymap configuration for 'de' layout with 'nodeadkeys' variant in the x86_64-linux system.
Multiple boot options have been added in the hardware-configuration for the x86_64-linux system. This includes unsafe secrets mitigation options, such as 'noibrs', 'noibpb', 'nopti', etc., to potentially enhance system performance.
Created a new module for home printer setup and enabled it on x86_64-linux systems. The module configures printing drivers and ensures that printers are set up properly. In addition, moved specific printer configurations into the newly created homeprinter module.
This commit adds configurations for two printers (Brother DCP-L2530DW and Canon MG6300 series) in the nix file. It also enables printing services and resolves DNSSEC degradation. This ensures a more seamless and secure printing experience.
The indentation in the mailserver.nix file was fixed to follow proper syntax guidelines. This was a minor change, but it improves code readability and adherence to stylistic standards.
The 'atticd' service has been deleted from the sgx-nixos configuration. Additionally, the reference to 'atticd.nix' has been removed from the 'default.nix' imports. This was done to help streamline the system configuration.
The user's extraGroups in the NixOS module now contains 'wheel' by default. This change provides the user with more privileges. Consequently, 'wheel' has been removed from the SGX-Attic's 'user.extraGroups' as it became redundant.
This commit removes a predefined TCP port (8080) from the allowed list in the networking firewall. This choice will increase the security features by avoiding any unnecessary open ports in the firewall configuration.
The import statement for the atticd.nix file has been commented out in the default.nix file under the sgx-nixos system. This reflects changes in dependencies or system configurations.
This commit adds "wheel" to the user.extraGroups in the default SGX configuration file for x86_64-linux system. This is a necessary update to ensure users
This commit refactors the hardware configuration in the SGX attic. A new file named `disko.nix` has been added which houses the disk setup previously located on `hardware-configuration.nix`. Additionally, some parameters in `default.nix` have been updated and unneeded configuration settings have been removed.
This commit adds a new email alias to the mailserver configuration. This new addition will allow emails sent to this address to be properly routed and received.
This commit adds a new email alias to the mailserver configuration. This new addition will allow emails sent to this address to be properly routed and received.
This commit updates the list of email aliases for various users in the mailserver configuration. It reorders existing aliases and introduces new ones, extending their visibility in different domains. This offers aliases under the hoyer.social and hoyer.world domains, enhancing flexibility for users.
This commit updates the certificate scheme configuration on the mailserver. The `certificateScheme` and `acmeCertificateName` have been added, and an unnecessary certificate reference in the `acme.nix` file has been deleted.
This commit removes the dnsProvider attribute ("internetbs") from four entries in the acme.nix file. These changes aim to reduce redundancy and maintain simplicity in the script.
This commit removes the dnsProvider property from the "varlink.org" configuration within the acme.nix file. This step contributes to system simplification and potential adaptability improvements.
Added "herward-hoyer.de" as a new domain in the acme.nix file. Set "internetbs" as the DNS provider and added "*.herward-hoyer.de" to the extra domain names.
Harald Hoyer