- Enabled LLMNR to allow link-local name resolution.
- Enabled MulticastDNS to support service discovery and hostname resolution within local networks.
- Enabled LLMNR to allow link-local name resolution.
- Enabled MulticastDNS to support service discovery and hostname resolution within local networks.
- Enable systemd-resolved and configure DNSSEC with downgrade option.
- Add extra configuration to allow resolving unicast single-label names.
This improves DNS handling and ensures compatibility for SGX setup.
Previously, the `insecureSkipHostcheck` option was incorrectly placed under `settings.options`. This update moves it to the correct path under `settings.gui` to ensure proper configuration behavior.
Adjusts the `insecureSkipHostcheck` setting to align with the proper configuration structure. This resolves a misconfiguration issue in the SGX fileserver Nix file.
Added `insecureSkipHostcheck` option to Syncthing configuration to bypass host verification for the GUI. This can simplify local testing but may introduce security risks if used improperly.
Replaced `proxyWebsockets` with `recommendedProxySettings` for enhanced configurability and alignment with best practices. This improves maintainability and future compatibility of the nginx configuration.
Added Syncthing support with proxy and SSL in nginx and updated ACME certs configuration. Adjusted Syncthing GUI to bind to localhost for improved security.
Enabled `proxyWebsockets` for the nginx reverse proxy configuration to support websocket connections. This ensures compatibility with services requiring websocket communication.
Updated the base URL to align with the current local network setup. This ensures proper connectivity and functionality within the specified environment.
Changed the API base URL from "m4.fritz.box" to "m4.local" for consistency and compatibility within the local network. This ensures better alignment with standard local domain naming practices.
Updated ACME and nginx configurations to replace "internal.hoyer.world" with "openwebui.hoyer.world". This ensures correct routing and certificate management for the updated domain.
Adjusted the parameter formatting in `acme.nix` and `nginx.nix` for better readability and consistency. The changes include standardizing the indentation and spacing for multiline declarations.
Add ports 80 and 443 to the list of allowed TCP ports in the firewall configuration. This change ensures that HTTP and HTTPS traffic can pass through, which is essential for web services to operate correctly.
Change the sopsFile path in acme.nix to point to the sgx directory instead of hetzner to ensure the correct configuration file is referenced. Added a new encrypted secrets file specific to the sgx directory to maintain security and confidentiality.
Convert the port value to a string in nginx configuration to ensure correct proxyPass functionality. This change prevents potential runtime errors when using numeric port values directly in the proxyPass directive.
Introduce the `config` argument to the SGX NGINX module to enhance configurability and integration. This change allows for more flexible usage of configurations that may rely on system-level settings. It prepares the NGINX module for more complex future modifications or integrations.
Update the OLLAMA_API_BASE_URL to ensure proper resolution with the full domain name `m4.fritz.box`. This change ensures that the API endpoint is correctly accessible within the network.
Added the `openFirewall` option set to true in the SGX OpenWebUI configuration. This change ensures that firewall rules are adjusted to allow access to the configured port. This enhances accessibility and simplifies setup for users.
Corrected the spelling of "environment" from "enviroment" in the OpenWebUI configuration file. This change ensures the configuration is correctly interpreted, avoiding potential issues with environment variable settings.
Introduce a new NixOS configuration for the OpenWebUI service, enabling it by default on port 8080. The setup includes environment settings to disable telemetry and authentication, and it adds the openwebui.nix to the system modules.
Refactor various NixOS and home-manager configurations to improve consistency and readability. Correct naming inconsistencies, ensure proper indentation, and restructure Samba settings for better clarity and maintainability.
Updated Avahi service configuration to support both IPv4 and IPv6 addressing. This change includes enabling nssmdns4 and nssmdns6, along with setting ipv4 and ipv6 to true.
Enabled the Syncthing service in the fileserver configuration. Set the user to 'harald' and specified directories for data and configuration.
Signed-off-by: Harald Hoyer <harald@hoyer.xyz>
This commit updates the allowed TCP port for networking in the SGX configuration file. Instead of hardcoding the port number, it now uses the port specified in the netatalk configuration. This change enables more flexibility in port assignment and reduces potential conflicts.
This commit includes a new lid switch configuration for the logind service within the SGX default configuration file. The lid switch has been set to "ignore", enhancing control over system behaviors upon lid actions.
This commit updates the hardware configuration for SGX systems. We have configured the available kernel modules list to include TPM-related modules. Also, unnecessary TPM2 security settings have been removed to clean up the configuration file.
The commit turns on the TPM2 security feature and its associated Access Broker and Resource Manager daemon (abrmd) in the hardware configuration for the x86_64-linux SGX system. This action, represented by changing the respective entries from false to true, enhances the security of this system configuration.
Harald Hoyer