Disable rxrpc, kafs, af_key, esp4, esp6 across all systems that enable
metacfg.base. None of them are used on these hosts, and they have a
history of CVEs — blacklisting reduces kernel attack surface.
New `metacfg.services.opencode` module under modules/nixos/services/opencode/
with options for port, user, homeDir, sopsFile, and extraPackages. User and
homeDir default off `metacfg.user`. Host configs for amd and sgx reduce to
enabling the module and pointing at their respective sops file.
Service PATH gains jq, yq-go, python3, gh, gnutar, gzip, unzip, wget,
diffutils, patch, file, tree, bun, uv, ast-grep, claude-code, and tmux for
agent ergonomics.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Added `StartLimitIntervalSec` and `StartLimitBurst` for `ntfy-failure@` unit.
- Refactored `ExecStart` into `script` for improved readability.
- Adjusted `scriptArgs` from `%I` to `%i`.
%i passes the escaped unit name which systemctl status cannot resolve,
causing "Failed to mangle name" errors.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Wrap `config.onFailure` in `mkIf cfg.enable` to ensure units are conditionally applied based on the service's `enable` configuration.
- Prevents unnecessary configuration of failure units when the service is disabled.
Add configurable ntfy options (tokenFile, url, topic) to the shared
emailOnFailure module. When tokenFile is set, a ntfy-failure@ template
service is added alongside the existing email notifications. Systems
without ntfy configured are unaffected.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Added `alsa-utils`, `file`, and `pciutils` to the default system packages for broader functionality.
- Enhances hardware interaction and file management capabilities.
- Set `pkiBundle` in `secureboot` to use `mkDefault` for better configurability.
- Added kernel parameters for HALO, improving performance and boot customization.
- Configured ROCm symlink and switched HALO to `linuxPackages_latest`.
- Added WezTerm package to the GUI services module for enhanced terminal capabilities.
- Configured a custom `wezterm.lua` file to enable Kitty keyboard support.
- Minor adjustment to `favorite-apps` in Home Manager for streamlined customization.
Create 6 new NixOS modules to reduce duplication across system configs:
- hardware/wooting: Wooting keyboard udev rules and Bluetooth compat
- services/nginx-base: Common nginx server settings
- services/acme-base: ACME certificate defaults
- services/xremap: Key remapping with sensible defaults
- system/no-sleep: Disable sleep/suspend/hibernate targets
- system/kernel-tweaks: PM freeze timeout and zram configuration
Update system configuration files to use these new modules.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Included `ssh-tresor` in the package lists for Darwin and NixOS modules.
- Added `ssh-tresor` as a new flake input in `flake.nix` with its overlay.
- Integrates secure SSH key management functionality across configurations.
- Added systemd service configuration to enable gnome-remote-desktop on graphical.target
- Conditionally enable firewall rules for RDP ports (3389) only when gnome-remote-desktop is enabled
- Maintains consistent service configuration with existing xrdp and firewall setup patterns
- Added TCP port 22000 to networking.firewall.allowedTCPPorts for rustdesk server access
- Included freerdp package in GUI services module
- Maintains consistency with recent configuration refactorings and feature additions
• fix(nix): replace ollama with obsidian in system packages
• feat(nix): add cheese, freerdp, and rustdesk-flutter to GUI modules
• refactor(nix): reorganize gnome extensions and services configuration
• chore(nix): configure xrdp to use mkDefault and add firewall rules for RDP
• feat(nix): enable gnome-remote-desktop with proper port configuration
- Replaced `inherit` with explicit `settings` for Git user configuration.
- Unified Git configuration structure across NixOS and home modules.
- Adjusted GUI configuration by enabling `gdm.autoSuspend` and reordering options.
- Uncommented `rustdesk.nix` in MX system and added `rustdesk-flutter` to GUI services.
- Disabled `services.rustdesk-server.signal` on X1 system to align with updated settings.
- Added `emailOnFailure.enable` option to metacfg with a default of `false`.
- Enabled email notifications on failure for SGX and MX systems.
- Enhanced `systemd-email-notify` module to support the new configuration.
- Set `boot.tmp.useTmpfs` to `false` in `x86_64-linux/sgx/default.nix`.
- Applied `lib.mkDefault` to `boot.tmp.useTmpfs` in `services/base/default.nix` for consistency.
- Reformatted function parameters to enhance readability.
- Added `build-dir = "/var/tmp"` to nix settings for better build management.
- Removed redundant `TMPDIR` environment variable for nix-daemon in systemd services.
- Switched from GNOME remote desktop to XRDP for remote access services across configurations.
- Removed GNOME-specific settings and added XRDP service settings in GUI and system modules.
- Enhances flexibility and aligns remote desktop service configuration.
- Added `claude-code` to the default packages for `aarch64-linux/rnix`.
- Moved `jetbrains-toolbox` to be included for all platforms instead of x86_64 only.
- Removed the `nixsgx-flake` input and its associated overlay from `flake.nix` and `extern` overlays.
- Updated `default.nix` to exclude `nixsgx-flake` from update-inputs script.
- Simplifies configuration by deprecating unused or unnecessary components.
- Removed inotify sysctl settings from hardware configuration.
- Added updated inotify limits under GUI services for JetBrains IDEs.
This ensures better compatibility and performance for these tools.
Signed-off-by: Harald Hoyer <harald@hoyer.xyz>
- Replace `vim.defaultEditor` with `neovim.defaultEditor`.
- Add `vim.enable` to enable Vim by default.
- Simplify imports by removing unused `options`.
Replaced custom Nerd Fonts overrides with predefined ones. Removed unused Neovim settings and plugins, and disabled Neovim for a specific user. Updated various flake dependencies to their latest versions.
Introduce a NixOS module for sending service status emails on failures via systemd. The module provides configurable options for email recipients and integrates with the `sendmail` utility to notify admins about service issues.
Added `systemctl-tui` to the NixOS default packages list. This enhances user experience by providing a text-based user interface for managing systemd services.
Set idle I/O and CPU scheduling policies for the Nix daemon to improve GUI responsiveness. Adjusted scheduling class, priority, and policy to optimize background tasks.
