- Reformatted `netatalk` service dependencies for readability.
- Updated `hosts allow` setting to include `100.64.0.` for enhanced network access control.
- Uncommented `rustdesk.nix` in MX system and added `rustdesk-flutter` to GUI services.
- Disabled `services.rustdesk-server.signal` on X1 system to align with updated settings.
- Added extra HTTP headers and security configurations in the Nginx proxy for Headscale.
- Improves websocket handling, security headers, and HTTPS redirection.
- Introduced OIDC settings in Headscale, including allowed domains, client ID, client secret path, and issuer.
- Enables support for OpenID Connect authentication.
- Included `headscale.nix` in the MX system configuration for VPN management.
- Added Nginx and ACME configuration to route traffic securely to Headscale.
- Ensures Headscale is enabled with required settings and packaged in the system.
- Added `services.tailscale.enable = true` to the configurations of SGX, MX, and X1 systems for VPN support.
- Improves secure connectivity and simplifies network management across these systems.
- Added OIDC app to Nextcloud with specific URL, SHA256, and license configuration for authentication support.
- Configured Nginx to redirect `.well-known/webfinger` to Nextcloud for improved compatibility.
- Updated Nextcloud settings to include `overwrite.cli.url` for proper URL handling.
- Changed `powerManagement.cpuFreqGovernor` from `ondemand` to `performance` for enhanced CPU performance.
- Aligns system configuration with performance optimization goals.
- Disabled `security.tpm2.enable` and `security.tpm2.abrmd.enable` options.
- Ensures TPM2-related services are not active on the system for this configuration.
- Added `emailOnFailure.enable` option to metacfg with a default of `false`.
- Enabled email notifications on failure for SGX and MX systems.
- Enhanced `systemd-email-notify` module to support the new configuration.
- Removed SGX-specific settings including `aesmd_dcap`, `sgx_default_qcnl.conf`, and `security.tpm2` configurations.
- Updated `system.stateVersion` and switched kernel modules to `kvm-amd`.
- Adjusted disk UUIDs and removed unused `/boot` filesystem definition.
- Introduced `supportedFeatures` to each builder for better control over build capabilities (`nixos-test`, `benchmark`, `big-parallel`, and `kvm` for SGX).
- Enabled `builders-use-substitutes` setting to optimize build efficiency.
- Replaced `programs.fish.loginShellInit` with `programs.fish.shellInit` for aligning key usage.
- Ensures proper Nix path initialization across fish shell sessions.
- Deleted `environment.shellInit` previously used for Nix path initialization in SSH sessions.
- Path initialization is now fully handled by `programs.fish.loginShellInit` for consistency across environments.
- Added `sshKey` field for all builder configurations in `nixbuild.nix` to standardize access keys.
- Replaced `programs.fish.shellInit` with `environment.shellInit` and introduced `programs.fish.loginShellInit` for improved Nix path initialization.
- Updated multiple Flake lockfile entries to the latest revisions for improved consistency with upstream changes.
- Removed redundant `sshKey` fields from builder configurations in `nixbuild.nix`.
- Added `Nix` path initialization for fish shell SSH sessions and refactored mouse bindings in `default.nix`.
- Moved shared distributed build settings to `nixbuild.nix` for reuse.
- Updated `m4` and `rialo` systems to import the centralized configuration.
- Simplifies maintenance and ensures consistency across systems.
- Set `boot.tmp.useTmpfs` to `false` in `x86_64-linux/sgx/default.nix`.
- Applied `lib.mkDefault` to `boot.tmp.useTmpfs` in `services/base/default.nix` for consistency.
- Enabled `services.cratedocs-mcp` with firewall access in the SGX module for enhanced functionality.
- Updated multiple Flake lockfile entries to the latest revisions, ensuring access to updated upstream changes.
- Switched from GNOME remote desktop to XRDP for remote access services across configurations.
- Removed GNOME-specific settings and added XRDP service settings in GUI and system modules.
- Enhances flexibility and aligns remote desktop service configuration.
- Added `wantedBy = ["graphical.target"]` to the `gnome-remote-desktop` service configuration.
- Ensures the service starts automatically with the graphical session.
- Enabled `gnome-remote-desktop` to allow remote desktop connectivity by default on the `x1` system.
- Improves accessibility and remote management for the system.
- Included `gemini-cli` to the list of default packages for `aarch64-darwin` platform.
- Ensures availability of the `gemini-cli` tool for users by default.
