System, Service, and Networking Configuration Updates

- `services.pfix-srsd` now automatically integrates with the local Postfix instance, when enabled. This behavior can disabled using the [services.pfix-srsd.configurePostfix](#opt-services.pfix-srsd.configurePostfix) option. - `services.monero` now includes the `environmentFile` option for adding secrets to the Monero daemon config. - `services.netbird.server` now uses dedicated packages split out due to relicensing of server components to AGPLv3 with version `0.53.0`, - `services.pds` has been renamed to `services.bluesky-pds`. - The new option [networking.ipips](#opt-networking.ipips) has been added to create IP within IP kind of tunnels (including 4in6, ip6ip6 and ipip). With the existing [networking.sits](#opt-networking.sits) option (6in4), it is now possible to create all combinations of IPv4 and IPv6 encapsulation. - It is now possible to configure the default source address using the new options [networking.defaultGateway.source](#opt-networking.defaultGateway.source), [networking.defaultGateway6.source](#opt-networking.defaultGateway6.source). - Potential race conditions in the network setup when using `networking.interfaces` have been fixed by disabling duplicate address detection (DAD) for statically configured IPv6 addresses. - `strongSwan` has been updated to 6.0. See [strongSwan 6.0.0 release notes](https://github.com/strongswan/strongswan/releases/tag/6.0.0) for a complete list of changes. - `amdgpu` kernel driver overdrive mode can now be enabled by setting [hardware.amdgpu.overdrive.enable](#opt-hardware.amdgpu.overdrive.enable) and customized through [hardware.amdgpu.overdrive.ppfeaturemask](#opt-hardware.amdgpu.overdrive.ppfeaturemask). This allows for fine-grained control over the GPU's performance and maybe required by overclocking softwares like Corectrl and Lact. These new options replace old options such as {option}`programs.corectrl.gpuOverclock.enable` and {option}`programs.tuxclocker.enableAMD`. - `services.varnish.http_address` has been superseeded by `services.varnish.listen` which is now structured config for all of varnish's `-a` variations. - [](#opt-services.gnome.gnome-keyring.enable) does not ship with an SSH agent anymore, as this is now handled by the `gcr_4` package instead of `gnome-keyring`. A new module has been added to support this, under [](#opt-services.gnome.gcr-ssh-agent.enable) (its default value has been set to [](#opt-services.gnome.gnome-keyring.enable) to ensure a smooth transition). See the [relevant upstream PR](https://gitlab.gnome.org/GNOME/gcr/-/merge_requests/67) for more details. - The `nettools` package (ifconfig, arp, mii-tool, netstat, route) is not installed by default anymore. The suite is unmaintained and users should migrate to `iproute2` and `ethtool` instead. - `sparkleshare` has been removed as it no longer builds and has been abandoned upstream. - The `open-webui` package's postgres support have been moved to optional dependencies to comply with upstream changes in 0.6.26.

This document outlines various system, service, and networking configuration updates. `services.pfix-srsd` now auto-integrates with Postfix; `services.monero` gains `environmentFile` for secrets; `services.netbird.server` uses new packages due to relicensing; and `services.pds` renamed to `services.bluesky-pds`. Networking gains `networking.ipips` for IP-within-IP tunnels (completing IPv4/IPv6 encapsulation options) and configurable default gateway source addresses. IPv6 DAD disabled for static addresses to fix network setup race conditions. `strongSwan` updated to 6.0. `amdgpu` kernel driver overdrive mode is now configurable, replacing old options. `services.varnish.http_address` superseded by `services.varnish.listen`. `gnome-keyring` SSH agent moved to `gcr_4` via new `services.gnome.gcr-ssh-agent.enable` module. `nettools` no longer default installed, `sparkleshare` removed, and `open-webui`'s PostgreSQL support now optional.