diff --git a/home/alex/programs/emacs/doom/config.el b/home/alex/programs/emacs/doom/config.el index cce8070..356afe6 100644 --- a/home/alex/programs/emacs/doom/config.el +++ b/home/alex/programs/emacs/doom/config.el @@ -141,7 +141,7 @@ (setq! bibtex-completion-bibliography ak/bibliography) (setq! citar-bibliography ak/bibliography) -(use-package! ledger +(use-package! ledger-mode :config (setq ;; Use an ISO date format for ledger entries @@ -254,12 +254,13 @@ (use-package! denote :after org :config - (setq denote-directory (concat org-directory "/notes") - - ) + (setq denote-directory (concat org-directory "/notes")) + (require 'denote-journal-extras) + (setq denote-journal-extras-title-format 'day-date-month-year) (map! :leader (:prefix ("n" . "notes") - :desc "Denote" "d" #'denote-open-or-create-with-command + :desc "Denote" "d" #'denote-open-or-create-with-command + :desc "New journal entry" "j" #'denote-journal-extras-new-or-existing-entry )) :bind (("C-c n d" . #'denote-open-or-create-with-command)) diff --git a/hosts/thrall/default.nix b/hosts/thrall/default.nix index 13416f9..08cbfef 100644 --- a/hosts/thrall/default.nix +++ b/hosts/thrall/default.nix @@ -2,11 +2,17 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -{ inputs, lib, config, pkgs, ... }: +{ + inputs, + lib, + config, + pkgs, + ... +}: let - authorityFromUrl = url: - builtins.head (pkgs.lib.drop 1 (pkgs.lib.splitString "://" url)); -in { + authorityFromUrl = url: builtins.head (pkgs.lib.drop 1 (pkgs.lib.splitString "://" url)); +in +{ disabledModules = [ "services/web-apps/hledger-web.nix" ]; imports = [ @@ -48,66 +54,83 @@ in { # The global useDHCP flag is deprecated, therefore explicitly set to false here. # Per-interface useDHCP will be mandatory in the future, so this generated config # replicates the default behaviour. - networking = let extIface = "ens3"; - in { - hostName = "thrall"; - domain = "failco.de"; - wireless.enable = false; - useDHCP = false; - enableIPv6 = false; - interfaces.${extIface} = { - ipv4.addresses = [{ - address = "195.90.211.228"; - prefixLength = 22; - }]; - }; - defaultGateway = "195.90.208.1"; - nameservers = [ "1.1.1.1" "8.8.8.8" ]; - firewall = { - allowedTCPPorts = [ 22 53 80 443 5000 ]; - allowedUDPPorts = [ 53 42666 ]; - }; - - # wireguard related config - nat.enable = true; - nat.externalInterface = extIface; - nat.internalInterfaces = [ "wg0" ]; - - wireguard.interfaces = { - wg0 = { - ips = [ "10.0.0.1/24" ]; - listenPort = 42666; - - postSetup = '' - ${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT - ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o ${extIface} -j MASQUERADE - ''; - postShutdown = '' - ${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT - ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.0.0/24 -o ${extIface} -j MASQUERADE - ''; - - privateKeyFile = config.age.secrets.wireguard-thrall.path; - peers = [ + networking = + let + extIface = "ens3"; + in + { + hostName = "thrall"; + domain = "failco.de"; + wireless.enable = false; + useDHCP = false; + enableIPv6 = false; + interfaces.${extIface} = { + ipv4.addresses = [ { - # my phone - publicKey = "9EaBSNsJW0W/xPMLJ54zr3UNK3bZ/2ULOmhV1gPfSXk="; - allowedIPs = [ "10.0.0.2/32" ]; - } - { - # my tablet - publicKey = "NG9y+0RMDTjiG65yC4Z0ymJ0G5fe1mOhl4GyC3xAh1k="; - allowedIPs = [ "10.0.0.3/32" ]; - } - { - # homematic - publicKey = "slqWgVksOCav0bASxupaFGqfr6vajxDRNIlZYocONQ4="; - allowedIPs = [ "10.0.0.4/32" ]; + address = "195.90.211.228"; + prefixLength = 22; } ]; }; + defaultGateway = "195.90.208.1"; + nameservers = [ + "1.1.1.1" + "8.8.8.8" + ]; + firewall = { + allowedTCPPorts = [ + 22 + 53 + 80 + 443 + 5000 + ]; + allowedUDPPorts = [ + 53 + 42666 + ]; + }; + + # wireguard related config + nat.enable = true; + nat.externalInterface = extIface; + nat.internalInterfaces = [ "wg0" ]; + + wireguard.interfaces = { + wg0 = { + ips = [ "10.0.0.1/24" ]; + listenPort = 42666; + + postSetup = '' + ${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT + ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o ${extIface} -j MASQUERADE + ''; + postShutdown = '' + ${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT + ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.0.0/24 -o ${extIface} -j MASQUERADE + ''; + + privateKeyFile = config.age.secrets.wireguard-thrall.path; + peers = [ + { + # my phone + publicKey = "9EaBSNsJW0W/xPMLJ54zr3UNK3bZ/2ULOmhV1gPfSXk="; + allowedIPs = [ "10.0.0.2/32" ]; + } + { + # my tablet + publicKey = "NG9y+0RMDTjiG65yC4Z0ymJ0G5fe1mOhl4GyC3xAh1k="; + allowedIPs = [ "10.0.0.3/32" ]; + } + { + # homematic + publicKey = "slqWgVksOCav0bASxupaFGqfr6vajxDRNIlZYocONQ4="; + allowedIPs = [ "10.0.0.4/32" ]; + } + ]; + }; + }; }; - }; security.acme = { acceptTerms = true; @@ -131,7 +154,14 @@ in { # List packages installed in system profile. To search, run: # $ nix search wget - environment.systemPackages = with pkgs; [ wget rsync htop tmux git rclone ]; + environment.systemPackages = with pkgs; [ + wget + rsync + htop + tmux + git + rclone + ]; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. @@ -155,7 +185,11 @@ in { services.kresd = { enable = true; - listenPlain = [ "[::1]:53" "127.0.0.1:53" "10.0.0.1:53" ]; + listenPlain = [ + "[::1]:53" + "127.0.0.1:53" + "10.0.0.1:53" + ]; }; services.lorri.enable = true; @@ -220,9 +254,7 @@ in { forceSSL = true; enableACME = true; locations."/" = { - proxyPass = "http://127.0.0.1:${ - toString config.services.forgejo.settings.server.HTTP_PORT - }/"; + proxyPass = "http://127.0.0.1:${toString config.services.forgejo.settings.server.HTTP_PORT}/"; proxyWebsockets = true; }; }; @@ -232,8 +264,7 @@ in { forceSSL = true; enableACME = true; locations."/" = { - proxyPass = - "http://127.0.0.1:${toString config.services.paperless.port}/"; + proxyPass = "http://127.0.0.1:${toString config.services.paperless.port}/"; proxyWebsockets = true; }; }; @@ -244,9 +275,7 @@ in { enableACME = true; basicAuthFile = config.age.secrets.hledger-web.path; locations."/" = { - proxyPass = "http://${config.services.hledger-web.host}:${ - toString config.services.hledger-web.port - }/"; + proxyPass = "http://${config.services.hledger-web.host}:${toString config.services.hledger-web.port}/"; proxyWebsockets = true; }; }; @@ -282,7 +311,9 @@ in { FROM = "noreply@failco.de"; }; - other = { SHOW_FOOTER_VERSION = false; }; + other = { + SHOW_FOOTER_VERSION = false; + }; }; }; @@ -313,7 +344,10 @@ in { manage = true; }; journalFiles = [ "current.journal" ]; - extraOptions = [ "-B" "--value=then" ]; + extraOptions = [ + "-B" + "--value=then" + ]; }; services.fail2ban = { @@ -323,8 +357,12 @@ in { bantime = "1h"; bantime-increment.enable = true; - ignoreIP = - [ "127.0.0.0/8" "195.90.211.228/22" "10.0.0.0/8" "192.168.0.0/16" ]; + ignoreIP = [ + "127.0.0.0/8" + "195.90.211.228" + "10.0.0.0/8" + "192.168.0.0/16" + ]; jails.postfix = '' filter = postfix @@ -338,10 +376,8 @@ in { enable = true; user = "alex"; dataDir = "/home/alex/sync"; - overrideDevices = - true; # overrides any devices added or deleted through the WebUI - overrideFolders = - true; # overrides any folders added or deleted through the WebUI + overrideDevices = true; # overrides any devices added or deleted through the WebUI + overrideFolders = true; # overrides any folders added or deleted through the WebUI settings = { folders = { "org" = { @@ -354,17 +390,18 @@ in { }; "paperless" = { path = "${config.services.paperless.consumptionDir}"; - devices = [ "redmi" "dregil" ]; + devices = [ + "redmi" + "dregil" + ]; }; }; devices = { "redmi" = { - id = - "C43WITF-2HS2UCD-X6QFM4H-SC7XQJ7-X5F73EB-7FZHMII-KQNSH5D-NMICIAW"; + id = "C43WITF-2HS2UCD-X6QFM4H-SC7XQJ7-X5F73EB-7FZHMII-KQNSH5D-NMICIAW"; }; "dregil" = { - id = - "SMVQO7Q-EB2V7PC-B4LP5IN-SM2UUE4-FUI2RI4-LARFW3S-LXHPAT5-FLNY7QH"; + id = "SMVQO7Q-EB2V7PC-B4LP5IN-SM2UUE4-FUI2RI4-LARFW3S-LXHPAT5-FLNY7QH"; }; }; }; @@ -373,16 +410,26 @@ in { mailserver = { enable = true; fqdn = "thrall.failco.de"; - domains = [ "failco.de" "jakalx.net" "kobjolke.de" ]; + domains = [ + "failco.de" + "jakalx.net" + "kobjolke.de" + ]; loginAccounts = { "me@failco.de" = { # nix-shell -p mkpasswd --run 'mkpasswd -sm sha512crypt' hashedPasswordFile = config.age.secrets.mailPass.path; - aliases = [ "lx@failco.de" "alex@failco.de" ]; + aliases = [ + "lx@failco.de" + "alex@failco.de" + ]; - catchAll = [ "failco.de" "kobjolke.de" ]; + catchAll = [ + "failco.de" + "kobjolke.de" + ]; }; "alex@jakalx.net" = { @@ -396,7 +443,9 @@ in { }; }; - extraVirtualAliases = { "familie@kobjolke.de" = [ "me@failco.de" ]; }; + extraVirtualAliases = { + "familie@kobjolke.de" = [ "me@failco.de" ]; + }; forwards = { "anne@kobjolke.de" = "anne.kobjolke@gmail.cem"; @@ -410,12 +459,22 @@ in { virusScanning = true; }; - services.postgresql = { package = pkgs.postgresql_15; }; + services.postgresql = { + package = pkgs.postgresql_15; + }; services.roundcube = { enable = true; hostName = "mail.failco.de"; - dicts = with pkgs.aspellDicts; [ en de ]; - plugins = [ "archive" "attachment_reminder" "managesieve" "markasjunk" ]; + dicts = with pkgs.aspellDicts; [ + en + de + ]; + plugins = [ + "archive" + "attachment_reminder" + "managesieve" + "markasjunk" + ]; extraConfig = '' # starttls needed for authentication, so the fqdn required to match # the certificate @@ -432,6 +491,4 @@ in { # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "20.09"; # Did you read the comment? - } -