update
parent
976d9808b1
commit
6003da0f60
|
@ -0,0 +1,44 @@
|
||||||
|
(custom-set-variables
|
||||||
|
;; custom-set-variables was added by Custom.
|
||||||
|
;; If you edit it by hand, you could mess it up, so be careful.
|
||||||
|
;; Your init file should contain only one such instance.
|
||||||
|
;; If there is more than one, they won't work right.
|
||||||
|
'(custom-safe-themes
|
||||||
|
'("8db4b03b9ae654d4a57804286eb3e332725c84d7cdab38463cb6b97d5762ad26" "d677ef584c6dfc0697901a44b885cc18e206f05114c8a3b7fde674fce6180879" "a8245b7cc985a0610d71f9852e9f2767ad1b852c2bdea6f4aadc12cce9c4d6d0" "8aebf25556399b58091e533e455dd50a6a9cba958cc4ebb0aab175863c25b9a4" default))
|
||||||
|
'(notmuch-saved-searches
|
||||||
|
'((:name "unread" :query "tag:unread" :key "u")
|
||||||
|
(:name "flagged" :query "tag:flagged" :key "f")
|
||||||
|
(:name "sent" :query "tag:sent" :key "t")
|
||||||
|
(:name "drafts" :query "tag:draft" :key "d")
|
||||||
|
(:name "all mail" :query "*" :key "a")
|
||||||
|
(:name "inbox" :query "tag:inbox")))
|
||||||
|
'(safe-local-variable-values
|
||||||
|
'((c-block-comment-prefix . " ")
|
||||||
|
(eval c-set-offset 'inlambda 0)
|
||||||
|
(eval c-set-offset 'arglist-cont-nonempty
|
||||||
|
'(c-lineup-gcc-asm-reg c-lineup-arglist))
|
||||||
|
(eval c-set-offset 'arglist-close 0)
|
||||||
|
(eval c-set-offset 'arglist-intro '++)
|
||||||
|
(eval c-set-offset 'case-label 0)
|
||||||
|
(eval c-set-offset 'statement-case-open 0)
|
||||||
|
(eval c-set-offset 'access-label '-)
|
||||||
|
(eval c-set-offset 'substatement-open 0)
|
||||||
|
(eval c-set-offset 'arglist-cont-nonempty '+)
|
||||||
|
(eval c-set-offset 'arglist-cont 0)
|
||||||
|
(eval c-set-offset 'arglist-intro '+)
|
||||||
|
(eval c-set-offset 'inline-open 0)
|
||||||
|
(eval c-set-offset 'defun-open 0)
|
||||||
|
(eval c-set-offset 'innamespace 0)
|
||||||
|
(indicate-empty-lines . t))))
|
||||||
|
(custom-set-faces
|
||||||
|
;; custom-set-faces was added by Custom.
|
||||||
|
;; If you edit it by hand, you could mess it up, so be careful.
|
||||||
|
;; Your init file should contain only one such instance.
|
||||||
|
;; If there is more than one, they won't work right.
|
||||||
|
'(evil-goggles-change-face ((t (:inherit diff-removed))))
|
||||||
|
'(evil-goggles-delete-face ((t (:inherit diff-removed))))
|
||||||
|
'(evil-goggles-paste-face ((t (:inherit diff-added))))
|
||||||
|
'(evil-goggles-undo-redo-add-face ((t (:inherit diff-added))))
|
||||||
|
'(evil-goggles-undo-redo-change-face ((t (:inherit diff-changed))))
|
||||||
|
'(evil-goggles-undo-redo-remove-face ((t (:inherit diff-removed))))
|
||||||
|
'(evil-goggles-yank-face ((t (:inherit diff-changed)))))
|
|
@ -7,6 +7,7 @@ fi
|
||||||
export NIX_PATH=yori-nix=$PWD
|
export NIX_PATH=yori-nix=$PWD
|
||||||
host=$1
|
host=$1
|
||||||
TARGET_HOST=$(nix eval --raw -f vpn.nix ips.$host)
|
TARGET_HOST=$(nix eval --raw -f vpn.nix ips.$host)
|
||||||
|
TARGET_HOST=$(ssh $TARGET_HOST ip --json r get 1.1.1.1 | jq -r '.[0].prefsrc')
|
||||||
#TARGET_HOST=192.168.178.1
|
#TARGET_HOST=192.168.178.1
|
||||||
case $2 in
|
case $2 in
|
||||||
copy-keys)
|
copy-keys)
|
||||||
|
|
|
@ -97,14 +97,18 @@
|
||||||
interval = "*-*-01 02:00:00"; # monthly + 2 hours
|
interval = "*-*-01 02:00:00"; # monthly + 2 hours
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
users.users.plex.packages = with pkgs; [
|
||||||
|
ffmpeg
|
||||||
|
];
|
||||||
users.users.yorick.packages = with pkgs; [
|
users.users.yorick.packages = with pkgs; [
|
||||||
borgbackup
|
borgbackup
|
||||||
bup
|
bup
|
||||||
fzf
|
fzf
|
||||||
git-annex
|
git-annex
|
||||||
magic-wormhole
|
magic-wormhole
|
||||||
python
|
python3
|
||||||
ranger
|
ranger
|
||||||
|
pyroscope
|
||||||
rtorrent
|
rtorrent
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -76,6 +76,18 @@ in {
|
||||||
"pub.yori.cc".locations."/muflax/".extraConfig = ''
|
"pub.yori.cc".locations."/muflax/".extraConfig = ''
|
||||||
rewrite ^/muflax/(.*)$ https://alt.muflax.church/$1 permanent;
|
rewrite ^/muflax/(.*)$ https://alt.muflax.church/$1 permanent;
|
||||||
'';
|
'';
|
||||||
|
"plex.yori.cc" = (sslforward "http://${vpn.ips.frumar}:32400") // {
|
||||||
|
extraConfig = ''
|
||||||
|
gzip on;
|
||||||
|
gzip_vary on;
|
||||||
|
gzip_min_length 1000;
|
||||||
|
gzip_proxied any;
|
||||||
|
gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_buffering off;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
"media.yori.cc" = sslforward "http://${vpn.ips.frumar}:32001";
|
||||||
};
|
};
|
||||||
deployment.keyys = [ <yori-nix/keys/http.muflax.key> ];
|
deployment.keyys = [ <yori-nix/keys/http.muflax.key> ];
|
||||||
networking.firewall.allowedUDPPorts = [ 31790 ]; # wg
|
networking.firewall.allowedUDPPorts = [ 31790 ]; # wg
|
||||||
|
|
|
@ -12,10 +12,11 @@ in {
|
||||||
users.extraUsers.git = {
|
users.extraUsers.git = {
|
||||||
createHome = true;
|
createHome = true;
|
||||||
home = config.services.gitea.stateDir;
|
home = config.services.gitea.stateDir;
|
||||||
extraGroups = [ "git" ];
|
group = "git";
|
||||||
useDefaultShell = true;
|
useDefaultShell = true;
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
};
|
};
|
||||||
|
users.groups.git = {};
|
||||||
services.gitea = {
|
services.gitea = {
|
||||||
enable = true;
|
enable = true;
|
||||||
user = "git";
|
user = "git";
|
||||||
|
|
|
@ -12,13 +12,15 @@ in {
|
||||||
UMask = lib.mkForce "0022";
|
UMask = lib.mkForce "0022";
|
||||||
BindReadOnlyPaths = [ "/home/public/public" ];
|
BindReadOnlyPaths = [ "/home/public/public" ];
|
||||||
};
|
};
|
||||||
users.extraUsers.public = {
|
users.users.public = {
|
||||||
home = "/home/public";
|
home = "/home/public";
|
||||||
|
group = "public";
|
||||||
useDefaultShell = true;
|
useDefaultShell = true;
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
openssh.authorizedKeys.keys = with (import ../sshkeys.nix); [ public ];
|
openssh.authorizedKeys.keys = with (import ../sshkeys.nix); [ public ];
|
||||||
createHome = false; # sets wrong permissions
|
createHome = false; # sets wrong permissions
|
||||||
};
|
};
|
||||||
|
users.groups.public = {};
|
||||||
services.nginx.virtualHosts.${cfg.vhost} = {
|
services.nginx.virtualHosts.${cfg.vhost} = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
|
|
Loading…
Reference in New Issue