jakalx/nixos-config
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: jakalx:7767c0a3182213f69deb91aa676fd02f3b4b128e
Branches Tags
jakalx:main
jakalx:develop
jakalx:feature/hledger-web-module
..
compare: jakalx:77898172f1fdde7bf6a8480a20d59b5b9dcfed38
Branches Tags
jakalx:develop
jakalx:main
jakalx:feature/hledger-web-module

No commits in common. "7767c0a3182213f69deb91aa676fd02f3b4b128e" and "77898172f1fdde7bf6a8480a20d59b5b9dcfed38" have entirely different histories.
7767c0a318 ... 77898172f1

2 changed files with 96 additions and 154 deletions
Download patch file Download diff file Expand all files Collapse all files

9
home/alex/programs/emacs/doom/config.el
View file

@ -141,7 +141,7 @@
(setq! bibtex-completion-bibliography ak/bibliography)
(setq! citar-bibliography ak/bibliography)
(use-package! ledger-mode
(use-package! ledger
:config
(setq
;; Use an ISO date format for ledger entries
@ -254,13 +254,12 @@
(use-package! denote
:after org
:config
(setq denote-directory (concat org-directory "/notes"))
(require 'denote-journal-extras)
(setq denote-journal-extras-title-format 'day-date-month-year)
(setq denote-directory (concat org-directory "/notes")
)
(map! :leader
(:prefix ("n" . "notes")
:desc "Denote" "d" #'denote-open-or-create-with-command
:desc "New journal entry" "j" #'denote-journal-extras-new-or-existing-entry
))
:bind
(("C-c n d" . #'denote-open-or-create-with-command))

143
hosts/thrall/default.nix
View file

@ -2,17 +2,11 @@
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
inputs,
lib,
config,
pkgs,
...
}:
{ inputs, lib, config, pkgs, ... }:
let
authorityFromUrl = url: builtins.head (pkgs.lib.drop 1 (pkgs.lib.splitString "://" url));
in
{
authorityFromUrl = url:
builtins.head (pkgs.lib.drop 1 (pkgs.lib.splitString "://" url));
in {
disabledModules = [ "services/web-apps/hledger-web.nix" ];
imports = [
@ -54,41 +48,24 @@ in
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking =
let
extIface = "ens3";
in
{
networking = let extIface = "ens3";
in {
hostName = "thrall";
domain = "failco.de";
wireless.enable = false;
useDHCP = false;
enableIPv6 = false;
interfaces.${extIface} = {
ipv4.addresses = [
{
ipv4.addresses = [{
address = "195.90.211.228";
prefixLength = 22;
}
];
}];
};
defaultGateway = "195.90.208.1";
nameservers = [
"1.1.1.1"
"8.8.8.8"
];
nameservers = [ "1.1.1.1" "8.8.8.8" ];
firewall = {
allowedTCPPorts = [
22
53
80
443
5000
];
allowedUDPPorts = [
53
42666
];
allowedTCPPorts = [ 22 53 80 443 5000 ];
allowedUDPPorts = [ 53 42666 ];
};
# wireguard related config
@ -154,14 +131,7 @@ in
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
wget
rsync
htop
tmux
git
rclone
];
environment.systemPackages = with pkgs; [ wget rsync htop tmux git rclone ];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
@ -185,11 +155,7 @@ in
services.kresd = {
enable = true;
listenPlain = [
"[::1]:53"
"127.0.0.1:53"
"10.0.0.1:53"
];
listenPlain = [ "[::1]:53" "127.0.0.1:53" "10.0.0.1:53" ];
};
services.lorri.enable = true;
@ -254,7 +220,9 @@ in
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.forgejo.settings.server.HTTP_PORT}/";
proxyPass = "http://127.0.0.1:${
toString config.services.forgejo.settings.server.HTTP_PORT
}/";
proxyWebsockets = true;
};
};
@ -264,7 +232,8 @@ in
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.paperless.port}/";
proxyPass =
"http://127.0.0.1:${toString config.services.paperless.port}/";
proxyWebsockets = true;
};
};
@ -275,7 +244,9 @@ in
enableACME = true;
basicAuthFile = config.age.secrets.hledger-web.path;
locations."/" = {
proxyPass = "http://${config.services.hledger-web.host}:${toString config.services.hledger-web.port}/";
proxyPass = "http://${config.services.hledger-web.host}:${
toString config.services.hledger-web.port
}/";
proxyWebsockets = true;
};
};
@ -311,9 +282,7 @@ in
FROM = "noreply@failco.de";
};
other = {
SHOW_FOOTER_VERSION = false;
};
other = { SHOW_FOOTER_VERSION = false; };
};
};
@ -344,10 +313,7 @@ in
manage = true;
};
journalFiles = [ "current.journal" ];
extraOptions = [
"-B"
"--value=then"
];
extraOptions = [ "-B" "--value=then" ];
};
services.fail2ban = {
@ -357,12 +323,8 @@ in
bantime = "1h";
bantime-increment.enable = true;
ignoreIP = [
"127.0.0.0/8"
"195.90.211.228"
"10.0.0.0/8"
"192.168.0.0/16"
];
ignoreIP =
[ "127.0.0.0/8" "195.90.211.228/22" "10.0.0.0/8" "192.168.0.0/16" ];
jails.postfix = ''
filter = postfix
@ -376,8 +338,10 @@ in
enable = true;
user = "alex";
dataDir = "/home/alex/sync";
overrideDevices = true; # overrides any devices added or deleted through the WebUI
overrideFolders = true; # overrides any folders added or deleted through the WebUI
overrideDevices =
true; # overrides any devices added or deleted through the WebUI
overrideFolders =
true; # overrides any folders added or deleted through the WebUI
settings = {
folders = {
"org" = {
@ -390,18 +354,17 @@ in
};
"paperless" = {
path = "${config.services.paperless.consumptionDir}";
devices = [
"redmi"
"dregil"
];
devices = [ "redmi" "dregil" ];
};
};
devices = {
"redmi" = {
id = "C43WITF-2HS2UCD-X6QFM4H-SC7XQJ7-X5F73EB-7FZHMII-KQNSH5D-NMICIAW";
id =
"C43WITF-2HS2UCD-X6QFM4H-SC7XQJ7-X5F73EB-7FZHMII-KQNSH5D-NMICIAW";
};
"dregil" = {
id = "SMVQO7Q-EB2V7PC-B4LP5IN-SM2UUE4-FUI2RI4-LARFW3S-LXHPAT5-FLNY7QH";
id =
"SMVQO7Q-EB2V7PC-B4LP5IN-SM2UUE4-FUI2RI4-LARFW3S-LXHPAT5-FLNY7QH";
};
};
};
@ -410,26 +373,16 @@ in
mailserver = {
enable = true;
fqdn = "thrall.failco.de";
domains = [
"failco.de"
"jakalx.net"
"kobjolke.de"
];
domains = [ "failco.de" "jakalx.net" "kobjolke.de" ];
loginAccounts = {
"me@failco.de" = {
# nix-shell -p mkpasswd --run 'mkpasswd -sm sha512crypt'
hashedPasswordFile = config.age.secrets.mailPass.path;
aliases = [
"lx@failco.de"
"alex@failco.de"
];
aliases = [ "lx@failco.de" "alex@failco.de" ];
catchAll = [
"failco.de"
"kobjolke.de"
];
catchAll = [ "failco.de" "kobjolke.de" ];
};
"alex@jakalx.net" = {
@ -443,9 +396,7 @@ in
};
};
extraVirtualAliases = {
"familie@kobjolke.de" = [ "me@failco.de" ];
};
extraVirtualAliases = { "familie@kobjolke.de" = [ "me@failco.de" ]; };
forwards = {
"anne@kobjolke.de" = "anne.kobjolke@gmail.cem";
@ -459,22 +410,12 @@ in
virusScanning = true;
};
services.postgresql = {
package = pkgs.postgresql_15;
};
services.postgresql = { package = pkgs.postgresql_15; };
services.roundcube = {
enable = true;
hostName = "mail.failco.de";
dicts = with pkgs.aspellDicts; [
en
de
];
plugins = [
"archive"
"attachment_reminder"
"managesieve"
"markasjunk"
];
dicts = with pkgs.aspellDicts; [ en de ];
plugins = [ "archive" "attachment_reminder" "managesieve" "markasjunk" ];
extraConfig = ''
# starttls needed for authentication, so the fqdn required to match
# the certificate
@ -491,4 +432,6 @@ in
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "20.09"; # Did you read the comment?
}