- Added "obsidian" folder with path "~/obsidian" and device list
- Added "sync" folder with path "~/sync" and device list
- Both folders configured with same device list: sgx, S25, x1, m4
- Maintains consistent folder configuration pattern in fileserver setup
Switched to using the latest kernel packages for the x1 system by removing the comment from the kernelPackages line and setting it to lib.mkOverride 0 pkgs.linuxPackages_latest. This ensures the system uses the most recent kernel modules and features while maintaining consistency with other configuration changes. The change aligns with recent system updates and package management improvements.
- Added TCP port 22000 to networking.firewall.allowedTCPPorts for rustdesk server access
- Included freerdp package in GUI services module
- Maintains consistency with recent configuration refactorings and feature additions
• fix(nix): replace ollama with obsidian in system packages
• feat(nix): add cheese, freerdp, and rustdesk-flutter to GUI modules
• refactor(nix): reorganize gnome extensions and services configuration
• chore(nix): configure xrdp to use mkDefault and add firewall rules for RDP
• feat(nix): enable gnome-remote-desktop with proper port configuration
- Added global DNS nameservers configuration for headscale
- Included Cloudflare DNS servers (1.1.1.1, 1.0.0.1) and IPv6 addresses
- Added local DNS server (192.168.178.254) for internal resolution
- Added systemd service dependencies for gitea-runner-default
- Ensured nginx.service is required and started before gitea-runner-default
- Maintains proper service startup order for forgejo deployment
- Renamed `setting.main` to `settings.main` in the Postfix module for consistency with configuration standards.
- Ensured proper functionality of service by aligning with expected key structure.
- Renamed and reorganized configuration keys for consistency (`settings` usage).
- Updated Postfix, systemd, and Syncthing configurations to adhere to the standardized format.
- Improved maintainability and readability of NixOS configurations.
- Enabled `services.gnome.gnome-remote-desktop` in the `x1` configuration.
- Removed an unused `lib` parameter in the `forgejo.nix` module.
- Updated the `home-manager` source in the `flake.lock` file with the latest revision and hash.
Switched from `forgejo-actions-runner` to `forgejo-runner` package for the gitea actions runner instance. This aligns with the updated package naming convention in the system configuration. The change ensures proper integration with the forgejo ecosystem and maintains consistency with the project's package structure.
- Introduced a new `wyoming.nix` file with service definitions for `faster-whisper` and `piper`.
- Enabled TCP ports `10200` and `10300` in the firewall for service communication.
- Updated SGX configuration to include `wyoming.nix` in system imports.
- Enabled `libvirtd` in virtualization settings to allow libvirt usage.
- Added `libvirtd` to `user.extraGroups` for better permissions and management.
- Reformatted `netatalk` service dependencies for readability.
- Updated `hosts allow` setting to include `100.64.0.` for enhanced network access control.
- Uncommented `rustdesk.nix` in MX system and added `rustdesk-flutter` to GUI services.
- Disabled `services.rustdesk-server.signal` on X1 system to align with updated settings.
- Added extra HTTP headers and security configurations in the Nginx proxy for Headscale.
- Improves websocket handling, security headers, and HTTPS redirection.
- Introduced OIDC settings in Headscale, including allowed domains, client ID, client secret path, and issuer.
- Enables support for OpenID Connect authentication.
- Included `headscale.nix` in the MX system configuration for VPN management.
- Added Nginx and ACME configuration to route traffic securely to Headscale.
- Ensures Headscale is enabled with required settings and packaged in the system.
- Added `services.tailscale.enable = true` to the configurations of SGX, MX, and X1 systems for VPN support.
- Improves secure connectivity and simplifies network management across these systems.
- Added OIDC app to Nextcloud with specific URL, SHA256, and license configuration for authentication support.
- Configured Nginx to redirect `.well-known/webfinger` to Nextcloud for improved compatibility.
- Updated Nextcloud settings to include `overwrite.cli.url` for proper URL handling.
- Changed `powerManagement.cpuFreqGovernor` from `ondemand` to `performance` for enhanced CPU performance.
- Aligns system configuration with performance optimization goals.
- Disabled `security.tpm2.enable` and `security.tpm2.abrmd.enable` options.
- Ensures TPM2-related services are not active on the system for this configuration.
- Added `emailOnFailure.enable` option to metacfg with a default of `false`.
- Enabled email notifications on failure for SGX and MX systems.
- Enhanced `systemd-email-notify` module to support the new configuration.
- Removed SGX-specific settings including `aesmd_dcap`, `sgx_default_qcnl.conf`, and `security.tpm2` configurations.
- Updated `system.stateVersion` and switched kernel modules to `kvm-amd`.
- Adjusted disk UUIDs and removed unused `/boot` filesystem definition.
- Set `boot.tmp.useTmpfs` to `false` in `x86_64-linux/sgx/default.nix`.
- Applied `lib.mkDefault` to `boot.tmp.useTmpfs` in `services/base/default.nix` for consistency.
- Enabled `services.cratedocs-mcp` with firewall access in the SGX module for enhanced functionality.
- Updated multiple Flake lockfile entries to the latest revisions, ensuring access to updated upstream changes.
