Browse Source

update

master
Yorick van Pelt 2 months ago
parent
commit
6003da0f60
  1. 44
      emacs/emacs-custom.el
  2. 1
      nixos/conf
  3. 6
      nixos/logical/frumar.nix
  4. 12
      nixos/logical/pennyworth.nix
  5. 3
      nixos/services/git.nix
  6. 4
      nixos/services/pub.nix

44
emacs/emacs-custom.el

@ -0,0 +1,44 @@
(custom-set-variables
;; custom-set-variables was added by Custom.
;; If you edit it by hand, you could mess it up, so be careful.
;; Your init file should contain only one such instance.
;; If there is more than one, they won't work right.
'(custom-safe-themes
'("8db4b03b9ae654d4a57804286eb3e332725c84d7cdab38463cb6b97d5762ad26" "d677ef584c6dfc0697901a44b885cc18e206f05114c8a3b7fde674fce6180879" "a8245b7cc985a0610d71f9852e9f2767ad1b852c2bdea6f4aadc12cce9c4d6d0" "8aebf25556399b58091e533e455dd50a6a9cba958cc4ebb0aab175863c25b9a4" default))
'(notmuch-saved-searches
'((:name "unread" :query "tag:unread" :key "u")
(:name "flagged" :query "tag:flagged" :key "f")
(:name "sent" :query "tag:sent" :key "t")
(:name "drafts" :query "tag:draft" :key "d")
(:name "all mail" :query "*" :key "a")
(:name "inbox" :query "tag:inbox")))
'(safe-local-variable-values
'((c-block-comment-prefix . " ")
(eval c-set-offset 'inlambda 0)
(eval c-set-offset 'arglist-cont-nonempty
'(c-lineup-gcc-asm-reg c-lineup-arglist))
(eval c-set-offset 'arglist-close 0)
(eval c-set-offset 'arglist-intro '++)
(eval c-set-offset 'case-label 0)
(eval c-set-offset 'statement-case-open 0)
(eval c-set-offset 'access-label '-)
(eval c-set-offset 'substatement-open 0)
(eval c-set-offset 'arglist-cont-nonempty '+)
(eval c-set-offset 'arglist-cont 0)
(eval c-set-offset 'arglist-intro '+)
(eval c-set-offset 'inline-open 0)
(eval c-set-offset 'defun-open 0)
(eval c-set-offset 'innamespace 0)
(indicate-empty-lines . t))))
(custom-set-faces
;; custom-set-faces was added by Custom.
;; If you edit it by hand, you could mess it up, so be careful.
;; Your init file should contain only one such instance.
;; If there is more than one, they won't work right.
'(evil-goggles-change-face ((t (:inherit diff-removed))))
'(evil-goggles-delete-face ((t (:inherit diff-removed))))
'(evil-goggles-paste-face ((t (:inherit diff-added))))
'(evil-goggles-undo-redo-add-face ((t (:inherit diff-added))))
'(evil-goggles-undo-redo-change-face ((t (:inherit diff-changed))))
'(evil-goggles-undo-redo-remove-face ((t (:inherit diff-removed))))
'(evil-goggles-yank-face ((t (:inherit diff-changed)))))

1
nixos/conf

@ -7,6 +7,7 @@ fi
export NIX_PATH=yori-nix=$PWD
host=$1
TARGET_HOST=$(nix eval --raw -f vpn.nix ips.$host)
TARGET_HOST=$(ssh $TARGET_HOST ip --json r get 1.1.1.1 | jq -r '.[0].prefsrc')
#TARGET_HOST=192.168.178.1
case $2 in
copy-keys)

6
nixos/logical/frumar.nix

@ -97,14 +97,18 @@
interval = "*-*-01 02:00:00"; # monthly + 2 hours
};
};
users.users.plex.packages = with pkgs; [
ffmpeg
];
users.users.yorick.packages = with pkgs; [
borgbackup
bup
fzf
git-annex
magic-wormhole
python
python3
ranger
pyroscope
rtorrent
];
}

12
nixos/logical/pennyworth.nix

@ -76,6 +76,18 @@ in {
"pub.yori.cc".locations."/muflax/".extraConfig = ''
rewrite ^/muflax/(.*)$ https://alt.muflax.church/$1 permanent;
'';
"plex.yori.cc" = (sslforward "http://${vpn.ips.frumar}:32400") // {
extraConfig = ''
gzip on;
gzip_vary on;
gzip_min_length 1000;
gzip_proxied any;
gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml;
proxy_http_version 1.1;
proxy_buffering off;
'';
};
"media.yori.cc" = sslforward "http://${vpn.ips.frumar}:32001";
};
deployment.keyys = [ <yori-nix/keys/http.muflax.key> ];
networking.firewall.allowedUDPPorts = [ 31790 ]; # wg

3
nixos/services/git.nix

@ -12,10 +12,11 @@ in {
users.extraUsers.git = {
createHome = true;
home = config.services.gitea.stateDir;
extraGroups = [ "git" ];
group = "git";
useDefaultShell = true;
isSystemUser = true;
};
users.groups.git = {};
services.gitea = {
enable = true;
user = "git";

4
nixos/services/pub.nix

@ -12,13 +12,15 @@ in {
UMask = lib.mkForce "0022";
BindReadOnlyPaths = [ "/home/public/public" ];
};
users.extraUsers.public = {
users.users.public = {
home = "/home/public";
group = "public";
useDefaultShell = true;
isSystemUser = true;
openssh.authorizedKeys.keys = with (import ../sshkeys.nix); [ public ];
createHome = false; # sets wrong permissions
};
users.groups.public = {};
services.nginx.virtualHosts.${cfg.vhost} = {
forceSSL = true;
enableACME = true;

Loading…
Cancel
Save