diff --git a/home/alex/programs/emacs/doom/config.el b/home/alex/programs/emacs/doom/config.el index 356afe6..cce8070 100644 --- a/home/alex/programs/emacs/doom/config.el +++ b/home/alex/programs/emacs/doom/config.el @@ -141,7 +141,7 @@ (setq! bibtex-completion-bibliography ak/bibliography) (setq! citar-bibliography ak/bibliography) -(use-package! ledger-mode +(use-package! ledger :config (setq ;; Use an ISO date format for ledger entries @@ -254,13 +254,12 @@ (use-package! denote :after org :config - (setq denote-directory (concat org-directory "/notes")) - (require 'denote-journal-extras) - (setq denote-journal-extras-title-format 'day-date-month-year) + (setq denote-directory (concat org-directory "/notes") + + ) (map! :leader (:prefix ("n" . "notes") - :desc "Denote" "d" #'denote-open-or-create-with-command - :desc "New journal entry" "j" #'denote-journal-extras-new-or-existing-entry + :desc "Denote" "d" #'denote-open-or-create-with-command )) :bind (("C-c n d" . #'denote-open-or-create-with-command)) diff --git a/hosts/thrall/default.nix b/hosts/thrall/default.nix index 08cbfef..13416f9 100644 --- a/hosts/thrall/default.nix +++ b/hosts/thrall/default.nix @@ -2,17 +2,11 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -{ - inputs, - lib, - config, - pkgs, - ... -}: +{ inputs, lib, config, pkgs, ... }: let - authorityFromUrl = url: builtins.head (pkgs.lib.drop 1 (pkgs.lib.splitString "://" url)); -in -{ + authorityFromUrl = url: + builtins.head (pkgs.lib.drop 1 (pkgs.lib.splitString "://" url)); +in { disabledModules = [ "services/web-apps/hledger-web.nix" ]; imports = [ @@ -54,83 +48,66 @@ in # The global useDHCP flag is deprecated, therefore explicitly set to false here. # Per-interface useDHCP will be mandatory in the future, so this generated config # replicates the default behaviour. - networking = - let - extIface = "ens3"; - in - { - hostName = "thrall"; - domain = "failco.de"; - wireless.enable = false; - useDHCP = false; - enableIPv6 = false; - interfaces.${extIface} = { - ipv4.addresses = [ + networking = let extIface = "ens3"; + in { + hostName = "thrall"; + domain = "failco.de"; + wireless.enable = false; + useDHCP = false; + enableIPv6 = false; + interfaces.${extIface} = { + ipv4.addresses = [{ + address = "195.90.211.228"; + prefixLength = 22; + }]; + }; + defaultGateway = "195.90.208.1"; + nameservers = [ "1.1.1.1" "8.8.8.8" ]; + firewall = { + allowedTCPPorts = [ 22 53 80 443 5000 ]; + allowedUDPPorts = [ 53 42666 ]; + }; + + # wireguard related config + nat.enable = true; + nat.externalInterface = extIface; + nat.internalInterfaces = [ "wg0" ]; + + wireguard.interfaces = { + wg0 = { + ips = [ "10.0.0.1/24" ]; + listenPort = 42666; + + postSetup = '' + ${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT + ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o ${extIface} -j MASQUERADE + ''; + postShutdown = '' + ${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT + ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.0.0/24 -o ${extIface} -j MASQUERADE + ''; + + privateKeyFile = config.age.secrets.wireguard-thrall.path; + peers = [ { - address = "195.90.211.228"; - prefixLength = 22; + # my phone + publicKey = "9EaBSNsJW0W/xPMLJ54zr3UNK3bZ/2ULOmhV1gPfSXk="; + allowedIPs = [ "10.0.0.2/32" ]; + } + { + # my tablet + publicKey = "NG9y+0RMDTjiG65yC4Z0ymJ0G5fe1mOhl4GyC3xAh1k="; + allowedIPs = [ "10.0.0.3/32" ]; + } + { + # homematic + publicKey = "slqWgVksOCav0bASxupaFGqfr6vajxDRNIlZYocONQ4="; + allowedIPs = [ "10.0.0.4/32" ]; } ]; }; - defaultGateway = "195.90.208.1"; - nameservers = [ - "1.1.1.1" - "8.8.8.8" - ]; - firewall = { - allowedTCPPorts = [ - 22 - 53 - 80 - 443 - 5000 - ]; - allowedUDPPorts = [ - 53 - 42666 - ]; - }; - - # wireguard related config - nat.enable = true; - nat.externalInterface = extIface; - nat.internalInterfaces = [ "wg0" ]; - - wireguard.interfaces = { - wg0 = { - ips = [ "10.0.0.1/24" ]; - listenPort = 42666; - - postSetup = '' - ${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT - ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o ${extIface} -j MASQUERADE - ''; - postShutdown = '' - ${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT - ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.0.0/24 -o ${extIface} -j MASQUERADE - ''; - - privateKeyFile = config.age.secrets.wireguard-thrall.path; - peers = [ - { - # my phone - publicKey = "9EaBSNsJW0W/xPMLJ54zr3UNK3bZ/2ULOmhV1gPfSXk="; - allowedIPs = [ "10.0.0.2/32" ]; - } - { - # my tablet - publicKey = "NG9y+0RMDTjiG65yC4Z0ymJ0G5fe1mOhl4GyC3xAh1k="; - allowedIPs = [ "10.0.0.3/32" ]; - } - { - # homematic - publicKey = "slqWgVksOCav0bASxupaFGqfr6vajxDRNIlZYocONQ4="; - allowedIPs = [ "10.0.0.4/32" ]; - } - ]; - }; - }; }; + }; security.acme = { acceptTerms = true; @@ -154,14 +131,7 @@ in # List packages installed in system profile. To search, run: # $ nix search wget - environment.systemPackages = with pkgs; [ - wget - rsync - htop - tmux - git - rclone - ]; + environment.systemPackages = with pkgs; [ wget rsync htop tmux git rclone ]; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. @@ -185,11 +155,7 @@ in services.kresd = { enable = true; - listenPlain = [ - "[::1]:53" - "127.0.0.1:53" - "10.0.0.1:53" - ]; + listenPlain = [ "[::1]:53" "127.0.0.1:53" "10.0.0.1:53" ]; }; services.lorri.enable = true; @@ -254,7 +220,9 @@ in forceSSL = true; enableACME = true; locations."/" = { - proxyPass = "http://127.0.0.1:${toString config.services.forgejo.settings.server.HTTP_PORT}/"; + proxyPass = "http://127.0.0.1:${ + toString config.services.forgejo.settings.server.HTTP_PORT + }/"; proxyWebsockets = true; }; }; @@ -264,7 +232,8 @@ in forceSSL = true; enableACME = true; locations."/" = { - proxyPass = "http://127.0.0.1:${toString config.services.paperless.port}/"; + proxyPass = + "http://127.0.0.1:${toString config.services.paperless.port}/"; proxyWebsockets = true; }; }; @@ -275,7 +244,9 @@ in enableACME = true; basicAuthFile = config.age.secrets.hledger-web.path; locations."/" = { - proxyPass = "http://${config.services.hledger-web.host}:${toString config.services.hledger-web.port}/"; + proxyPass = "http://${config.services.hledger-web.host}:${ + toString config.services.hledger-web.port + }/"; proxyWebsockets = true; }; }; @@ -311,9 +282,7 @@ in FROM = "noreply@failco.de"; }; - other = { - SHOW_FOOTER_VERSION = false; - }; + other = { SHOW_FOOTER_VERSION = false; }; }; }; @@ -344,10 +313,7 @@ in manage = true; }; journalFiles = [ "current.journal" ]; - extraOptions = [ - "-B" - "--value=then" - ]; + extraOptions = [ "-B" "--value=then" ]; }; services.fail2ban = { @@ -357,12 +323,8 @@ in bantime = "1h"; bantime-increment.enable = true; - ignoreIP = [ - "127.0.0.0/8" - "195.90.211.228" - "10.0.0.0/8" - "192.168.0.0/16" - ]; + ignoreIP = + [ "127.0.0.0/8" "195.90.211.228/22" "10.0.0.0/8" "192.168.0.0/16" ]; jails.postfix = '' filter = postfix @@ -376,8 +338,10 @@ in enable = true; user = "alex"; dataDir = "/home/alex/sync"; - overrideDevices = true; # overrides any devices added or deleted through the WebUI - overrideFolders = true; # overrides any folders added or deleted through the WebUI + overrideDevices = + true; # overrides any devices added or deleted through the WebUI + overrideFolders = + true; # overrides any folders added or deleted through the WebUI settings = { folders = { "org" = { @@ -390,18 +354,17 @@ in }; "paperless" = { path = "${config.services.paperless.consumptionDir}"; - devices = [ - "redmi" - "dregil" - ]; + devices = [ "redmi" "dregil" ]; }; }; devices = { "redmi" = { - id = "C43WITF-2HS2UCD-X6QFM4H-SC7XQJ7-X5F73EB-7FZHMII-KQNSH5D-NMICIAW"; + id = + "C43WITF-2HS2UCD-X6QFM4H-SC7XQJ7-X5F73EB-7FZHMII-KQNSH5D-NMICIAW"; }; "dregil" = { - id = "SMVQO7Q-EB2V7PC-B4LP5IN-SM2UUE4-FUI2RI4-LARFW3S-LXHPAT5-FLNY7QH"; + id = + "SMVQO7Q-EB2V7PC-B4LP5IN-SM2UUE4-FUI2RI4-LARFW3S-LXHPAT5-FLNY7QH"; }; }; }; @@ -410,26 +373,16 @@ in mailserver = { enable = true; fqdn = "thrall.failco.de"; - domains = [ - "failco.de" - "jakalx.net" - "kobjolke.de" - ]; + domains = [ "failco.de" "jakalx.net" "kobjolke.de" ]; loginAccounts = { "me@failco.de" = { # nix-shell -p mkpasswd --run 'mkpasswd -sm sha512crypt' hashedPasswordFile = config.age.secrets.mailPass.path; - aliases = [ - "lx@failco.de" - "alex@failco.de" - ]; + aliases = [ "lx@failco.de" "alex@failco.de" ]; - catchAll = [ - "failco.de" - "kobjolke.de" - ]; + catchAll = [ "failco.de" "kobjolke.de" ]; }; "alex@jakalx.net" = { @@ -443,9 +396,7 @@ in }; }; - extraVirtualAliases = { - "familie@kobjolke.de" = [ "me@failco.de" ]; - }; + extraVirtualAliases = { "familie@kobjolke.de" = [ "me@failco.de" ]; }; forwards = { "anne@kobjolke.de" = "anne.kobjolke@gmail.cem"; @@ -459,22 +410,12 @@ in virusScanning = true; }; - services.postgresql = { - package = pkgs.postgresql_15; - }; + services.postgresql = { package = pkgs.postgresql_15; }; services.roundcube = { enable = true; hostName = "mail.failco.de"; - dicts = with pkgs.aspellDicts; [ - en - de - ]; - plugins = [ - "archive" - "attachment_reminder" - "managesieve" - "markasjunk" - ]; + dicts = with pkgs.aspellDicts; [ en de ]; + plugins = [ "archive" "attachment_reminder" "managesieve" "markasjunk" ]; extraConfig = '' # starttls needed for authentication, so the fqdn required to match # the certificate @@ -491,4 +432,6 @@ in # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "20.09"; # Did you read the comment? + } +