- Uncommented `rustdesk.nix` in MX system and added `rustdesk-flutter` to GUI services.
- Disabled `services.rustdesk-server.signal` on X1 system to align with updated settings.
- Added extra HTTP headers and security configurations in the Nginx proxy for Headscale.
- Improves websocket handling, security headers, and HTTPS redirection.
- Introduced OIDC settings in Headscale, including allowed domains, client ID, client secret path, and issuer.
- Enables support for OpenID Connect authentication.
- Included `headscale.nix` in the MX system configuration for VPN management.
- Added Nginx and ACME configuration to route traffic securely to Headscale.
- Ensures Headscale is enabled with required settings and packaged in the system.
- Included `tailscale` package in the unstable overlay for additional VPN tools.
- Facilitates easier package management and usage for systems requiring Tailscale.
- Added `services.tailscale.enable = true` to the configurations of SGX, MX, and X1 systems for VPN support.
- Improves secure connectivity and simplifies network management across these systems.
- Added OIDC app to Nextcloud with specific URL, SHA256, and license configuration for authentication support.
- Configured Nginx to redirect `.well-known/webfinger` to Nextcloud for improved compatibility.
- Updated Nextcloud settings to include `overwrite.cli.url` for proper URL handling.
- Changed `powerManagement.cpuFreqGovernor` from `ondemand` to `performance` for enhanced CPU performance.
- Aligns system configuration with performance optimization goals.
- Disabled `security.tpm2.enable` and `security.tpm2.abrmd.enable` options.
- Ensures TPM2-related services are not active on the system for this configuration.
- Added `emailOnFailure.enable` option to metacfg with a default of `false`.
- Enabled email notifications on failure for SGX and MX systems.
- Enhanced `systemd-email-notify` module to support the new configuration.
- Introduced a default `home-manager` configuration for user setup.
- Enabled multiple CLI tools like `bash`, `fish`, `bat`, and `starship`.
- Configured `home.sessionPath` to include the user's bin directory.
- Removed SGX-specific settings including `aesmd_dcap`, `sgx_default_qcnl.conf`, and `security.tpm2` configurations.
- Updated `system.stateVersion` and switched kernel modules to `kvm-amd`.
- Adjusted disk UUIDs and removed unused `/boot` filesystem definition.
- Uncommented the `sessionPath` configuration to re-enable JetBrains Toolbox scripts support.
- Aligns with current default settings for better integration.
- Introduced `supportedFeatures` to each builder for better control over build capabilities (`nixos-test`, `benchmark`, `big-parallel`, and `kvm` for SGX).
- Enabled `builders-use-substitutes` setting to optimize build efficiency.
- Replaced `programs.fish.loginShellInit` with `programs.fish.shellInit` for aligning key usage.
- Ensures proper Nix path initialization across fish shell sessions.
- Deleted `environment.shellInit` previously used for Nix path initialization in SSH sessions.
- Path initialization is now fully handled by `programs.fish.loginShellInit` for consistency across environments.
- Added `sshKey` field for all builder configurations in `nixbuild.nix` to standardize access keys.
- Replaced `programs.fish.shellInit` with `environment.shellInit` and introduced `programs.fish.loginShellInit` for improved Nix path initialization.
- Updated multiple Flake lockfile entries to the latest revisions for improved consistency with upstream changes.
- Removed redundant `sshKey` fields from builder configurations in `nixbuild.nix`.
- Added `Nix` path initialization for fish shell SSH sessions and refactored mouse bindings in `default.nix`.
- Moved shared distributed build settings to `nixbuild.nix` for reuse.
- Updated `m4` and `rialo` systems to import the centralized configuration.
- Simplifies maintenance and ensures consistency across systems.
- Updated `@anthropic-ai/claude-code` package to version 2.0.25.
- Revised hashes in `package.nix` and `package-lock.json` for the new release.
- Added `writableTmpDirAsHomeHook` and `versionCheckHook` for install checks.
- Refined update script to use `--generate-lockfile` and handle unfree dependencies.
- Updated `@anthropic-ai/claude-code` package to version 2.0.1.
- Adjusted hashes in `package.nix` and `package-lock.json` for the new version.
- Added `--unset DEV` flag in `postInstall` script to prevent crashes.
- Updated `@anthropic-ai/claude-code` package to version 1.0.128.
- Adjusted hashes in `package.nix` and `package-lock.json` for the new version.
- Removed redundant `--unset DEV` flag in `postInstall` script.
- Set `boot.tmp.useTmpfs` to `false` in `x86_64-linux/sgx/default.nix`.
- Applied `lib.mkDefault` to `boot.tmp.useTmpfs` in `services/base/default.nix` for consistency.
- Reformatted function parameters to enhance readability.
- Added `build-dir = "/var/tmp"` to nix settings for better build management.
- Removed redundant `TMPDIR` environment variable for nix-daemon in systemd services.
- Enabled `services.cratedocs-mcp` with firewall access in the SGX module for enhanced functionality.
- Updated multiple Flake lockfile entries to the latest revisions, ensuring access to updated upstream changes.
