- Set `pkiBundle` in `secureboot` to use `mkDefault` for better configurability.
- Added kernel parameters for HALO, improving performance and boot customization.
- Configured ROCm symlink and switched HALO to `linuxPackages_latest`.
- Added system configuration for the HALO machine, including hardware, sound, and remapping settings.
- Configured user-specific settings like session paths, favorite apps, and terminal customization.
- Introduced zram swap, SSD TRIM, and PipeWire priority tuning for performance optimization.
- Introduced `sound.nix` to manage audio device priorities using PipeWire's WirePlumber configuration.
- Linked `sound.nix` to `default.nix` for streamlined system audio customization.
- Ensures defined priority levels for HDMI, USB microphones, and SPDIF outputs.
- Added `html`, `json`, and `rss` to the `search.formats` list in `searx.nix`.
- Enhances flexibility by allowing multiple output formats for search results.
- Moved Searx-related settings from `default.nix` and `nginx.nix` to a dedicated `searx.nix` module for improved modularity and maintainability.
- Updated references and ACME certificate configuration to align with the new structure.
- Simplifies management of Searx service and its associated secrets.
- Added a new Sops secret for `searx/secret_key` with a corresponding configuration path.
- Updated Searx settings to include the `secret_key` reference.
- Ensures secure integration of secret management with Searx service.
- Added `search.hoyer.world` to the `extraDomainNames` list for the `internal.hoyer.world` ACME certificate.
- Ensures proper SSL configuration for the new subdomain.
- Replaced `DEFAULT_SYSTEM_PROMPT` with `BOT_SYSTEM_PROMPT` for clarity and modularity.
- Introduced a `build_system_prompt` function to dynamically compose prompts.
- Enhanced `call_claude` CLI with new tool options and appendable prompts.
- Added a default system prompt and adjusted the structure to use XML for clarity.
- Improved help command handling by simplifying triggers and updating responses.
- Enhanced NixOS configuration with support for optional custom instructions.
- Replaced Nextcloud chat history fetching with in-memory storage for conversation history.
- Added limits to history length based on an environment variable (`CONTEXT_MESSAGES`).
- Simplified prompt-building logic by removing async history fetching.
- Switched `maxTokens` to `contextMessages` to set chat history length instead of token limit.
- Updated environment variables, NixOS module, and prompt building logic for consistency.
- Removed in-memory conversation history, now fetching from Nextcloud for better scalability.
- Simplified the `call_claude` function by removing the unused `MAX_TOKENS` argument handling.
- Ensures cleaner and more maintainable command construction.
- Updated webhook parsing to align with the latest Nextcloud Talk Bot format.
- Improved handling of actor, message, and conversation data for clarity and flexibility.
- Added robust JSON decoding with fallback for content extraction.
- Enhanced signature verification by adding support for a `random` token included in webhook headers.
- Introduced logging to display signature variants for debugging purposes.
- Improved webhook handling to process new `X-Nextcloud-Talk-Random` header.
- Added info-level logging to provide details about signature verification, including secret length and partial hashes for expected and received signatures.
- Helps in debugging signature mismatches without exposing full sensitive data.
- Set `User` and `Group` for the bot service to enhance security and isolation.
- Added system user and group for `claude-bot` with defined home directory.
- Modified secrets ownership to align with the new bot user.
- Updated bot to only respond in group chats when explicitly mentioned.
- Added mention detection using regex for "Claude" patterns and cleaned up the message text for processing.
- Improved help message to clarify usage in direct messages and group chats.
- Replaced `buildPythonApplication` with `python3.withPackages` for a cleaner and more concise implementation.
- Adjusted service configuration to use the updated packaging structure, ensuring compatibility with the new setup.
- Simplifies the NixOS module by reducing redundancy and improving maintainability.
- Added configuration for Nextcloud Claude Bot, including NixOS module, secrets management, and example setup files.
- Introduced a Python-based HTTP server for handling webhook events and interacting with Nextcloud Talk.
- Integrated necessary dependencies and systemd service for seamless operation.
- Added `nvtopPackages.amd` to the package list for better GPU monitoring on AMD systems.
- Enhances system configuration by enabling real-time visualization of GPU usage.
Create 6 new NixOS modules to reduce duplication across system configs:
- hardware/wooting: Wooting keyboard udev rules and Bluetooth compat
- services/nginx-base: Common nginx server settings
- services/acme-base: ACME certificate defaults
- services/xremap: Key remapping with sensible defaults
- system/no-sleep: Disable sleep/suspend/hibernate targets
- system/kernel-tweaks: PM freeze timeout and zram configuration
Update system configuration files to use these new modules.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Tune sysctl parameters for better I/O and memory performance:
- Lower swappiness to reduce disk swapping with zram
- Reduce vfs_cache_pressure to keep filesystem caches longer
- Adjust dirty page writeback ratios for SSD performance
- Configure zram with zstd compression
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Enabled Docker support by setting `docker.enable` to true.
- Disabled Podman's Docker compatibility mode with `podman.dockerCompat`.
- Improves virtualization configuration by prioritizing Docker usage.
- Switched root filesystem from Btrfs to XFS for improved performance and simplicity.
- Updated the UUID and mount options accordingly.
- Removed unused Btrfs auto-scrub service as it is no longer required.
- Added support for Steam by enabling it in `default.nix` under `programs.steam`.
- Aligns with the pattern of including widely used software for enhanced functionality.
- Dropped `mitigations=off` from `boot.kernelParams` for improved alignment with security best practices.
- Ensures the system maintains mitigations against CPU vulnerabilities by default.
- Added `cider-2` to the `programs` list in `default.nix` for extended functionality.
- Aligns with the existing pattern of including commonly used utilities.
- Added `lockdown=confidentiality`, `quiet`, `splash`, `video=efifb:nobgrt`, and `mitigations=off` to `boot.kernelParams` for improved boot behavior.
- Enhances security, reduces verbosity, and
- Refactored hardware-configuration.nix for better formatting and added `noatime` option for `/` filesystem.
- Enabled `build` service and set CPU frequency governor to `performance` for enhanced optimization.
- Updated default.nix with additional service and power management features.
- Removed unnecessary blank lines around `services.xremap.deviceNames` for cleaner formatting.
- Aligns with consistent configuration style across `xremap.nix`.
- Added user `harald` to the `input` group for proper permissions.
- Introduced device-specific configuration using `services.xremap.deviceNames`.
- Refined key remapping structure by aligning with `keymap` format.
- Changed `system.defaults.dock.autohide` to `true` for better user experience.
- Aligns with macOS usability improvements and recent configuration updates.
- Replaced `not-detected.nix` import with `lenovo-thinkpad-x1-11th-gen` module from `nixos-hardware`
- Improved hardware compatibility for the 11th generation Lenovo ThinkPad X1
