- Uncommented `rustdesk.nix` in MX system and added `rustdesk-flutter` to GUI services.
- Disabled `services.rustdesk-server.signal` on X1 system to align with updated settings.
- Added extra HTTP headers and security configurations in the Nginx proxy for Headscale.
- Improves websocket handling, security headers, and HTTPS redirection.
- Introduced OIDC settings in Headscale, including allowed domains, client ID, client secret path, and issuer.
- Enables support for OpenID Connect authentication.
- Included `headscale.nix` in the MX system configuration for VPN management.
- Added Nginx and ACME configuration to route traffic securely to Headscale.
- Ensures Headscale is enabled with required settings and packaged in the system.
- Added `services.tailscale.enable = true` to the configurations of SGX, MX, and X1 systems for VPN support.
- Improves secure connectivity and simplifies network management across these systems.
- Added OIDC app to Nextcloud with specific URL, SHA256, and license configuration for authentication support.
- Configured Nginx to redirect `.well-known/webfinger` to Nextcloud for improved compatibility.
- Updated Nextcloud settings to include `overwrite.cli.url` for proper URL handling.
- Changed `powerManagement.cpuFreqGovernor` from `ondemand` to `performance` for enhanced CPU performance.
- Aligns system configuration with performance optimization goals.
- Disabled `security.tpm2.enable` and `security.tpm2.abrmd.enable` options.
- Ensures TPM2-related services are not active on the system for this configuration.
- Added `emailOnFailure.enable` option to metacfg with a default of `false`.
- Enabled email notifications on failure for SGX and MX systems.
- Enhanced `systemd-email-notify` module to support the new configuration.
- Removed SGX-specific settings including `aesmd_dcap`, `sgx_default_qcnl.conf`, and `security.tpm2` configurations.
- Updated `system.stateVersion` and switched kernel modules to `kvm-amd`.
- Adjusted disk UUIDs and removed unused `/boot` filesystem definition.
- Set `boot.tmp.useTmpfs` to `false` in `x86_64-linux/sgx/default.nix`.
- Applied `lib.mkDefault` to `boot.tmp.useTmpfs` in `services/base/default.nix` for consistency.
- Enabled `services.cratedocs-mcp` with firewall access in the SGX module for enhanced functionality.
- Updated multiple Flake lockfile entries to the latest revisions, ensuring access to updated upstream changes.
- Added `wantedBy = ["graphical.target"]` to the `gnome-remote-desktop` service configuration.
- Ensures the service starts automatically with the graphical session.
- Enabled `gnome-remote-desktop` to allow remote desktop connectivity by default on the `x1` system.
- Improves accessibility and remote management for the system.
- Set minimum protocol to SMB2 and enabled extended attribute (EA) support in Samba settings.
- Added `fruit:nfs_aces` and `fruit:wipe_intentionally_left_blank_rfork` options for improved macOS compatibility.
- Changed the `time-machine` key to `TimeMachineBackup` in the Samba share configuration.
- Aligns key naming to standard conventions and improves readability.
- Disabled Netatalk service by setting `enable` to `false`.
- Improved macOS compatibility in Samba with specific `fruit` and `vfs` options.
- Added a new Time Machine share configuration for backups.
- Added `power.pm_freeze_timeout` kernel setting with a value of 30000 to extend system freeze timeout.
- Removed `cloudflare-warp` from system packages and systemd packages for cleanup.
- Introduced `gemini-cli` as a CLI tool in the x1 configuration.
- Added a new overlay for `gemini-cli` package with npm dependencies.
- Removed `goose-cli` and `aider-chat` from the existing application list.
- Enabled the cratedocs-mcp service in the x1 configuration.
- Added `cratedocs` as a new flake input and included its modules and overlay.
- Updated multiple flake inputs (`nixpkgs`, `rust-overlay`, etc.) with new revisions.
- Removed inotify sysctl settings from hardware configuration.
- Added updated inotify limits under GUI services for JetBrains IDEs.
This ensures better compatibility and performance for these tools.
Signed-off-by: Harald Hoyer <harald@hoyer.xyz>
Adjusted the virtual_alias_maps to properly include both root and admin email forwarding. Removed unused rootAlias line and ensured the configuration aligns with intended email routing behavior.
