commit c6776ae2966356ad9884bd6b4456c28ca5b08de2
parent 899479c4096e34d2f5e7353299f501fb8104107a
Author: William Casarin <jb55@jb55.com>
Date: Wed, 30 Mar 2022 08:23:34 -0700
Merge remote-tracking branch 'origin/master'
Diffstat:
11 files changed, 396 insertions(+), 162 deletions(-)
diff --git a/bin/notmuch-poll b/bin/notmuch-poll
@@ -5,6 +5,9 @@ notmuchcmd () {
$(notmuch "$@")
}
+# bulk bs
+notmuchcmd tag +filed +bulk 'folder:".Bulk"'
+
# sent
notmuchcmd tag +sent tag:inbox and not tag:sent and folder:".Sent"
@@ -44,16 +47,16 @@ notmuchcmd tag +git +list to:git@vger.kernel.org and tag:inbox and not tag:git
notmuchcmd tag +bitcoin +list folder:".Lists.bitcoin" and tag:inbox
notmuchcmd tag +best -filed +bitcoin-dev +bitcoin +list to:"bitcoin-dev@lists.linuxfoundation.org" and tag:inbox and not tag:bitcoin-dev
notmuchcmd tag +cypherpunks +list 'from:cypherpunks@lists.cpunks.org' and tag:inbox
-notmuchcmd tag +bitcoin +libbitcoin +list to:libbitcoin@lists.dyne.org and tag:inbox
-notmuchcmd tag +bitcoin +core +busy to:bitcoin@noreply.github.com and tag:inbox and subject:bitcoin/bitcoin
-notmuchcmd tag +bitcoin +core +gui +busy to:bitcoin-core/gui and tag:inbox
+notmuchcmd tag +bitcoin +core to:bitcoin@noreply.github.com and tag:inbox and subject:bitcoin/bitcoin
+notmuchcmd tag +bitcoin +core +gui to:bitcoin-core/gui and tag:inbox
notmuchcmd tag +bitcoin +busy +bips to:"bitcoin/bips" and tag:inbox
-notmuchcmd tag +lightning +lightning-dev +list to:lightning-dev
notmuchcmd tag +lightning to:"lightningnetwork/" and tag:inbox
notmuchcmd tag +crypto +list to:cryptography.metzdowd.com and tag:inbox
notmuchcmd tag +github +filed \(folder:".GitHub" or from:github.com\) and tag:inbox
+notmuchcmd tag -filed '(to:workflows@vger.kernel.org)' and tag:inbox
-notmuchcmd tag +lightning +clightning +list to:"c-lightning@lists.ozlabs.org" and tag:inbox
+notmuchcmd tag -filed +lightning +lightning-dev +list to:lightning-dev
+notmuchcmd tag -filed +lightning +clightning +list to:"c-lightning@lists.ozlabs.org" and tag:inbox
notmuchcmd tag +lightning +clightning '(to:"ElementsProject/lightning" or to:"lightningd/plugins")' and tag:inbox
notmuchcmd tag +nix-dev +nix +list \(to:nix-dev@lists.science.uu.nl OR to:nix-dev@cs.uu.nl OR to:nix-devel@googlegroups.com OR from:nixos1@discoursemail.com\) and tag:inbox
@@ -72,10 +75,16 @@ notmuchcmd tag +work +commit tag:github and tag:inbox and to:commitdev
# except if someone mentions e
notmuchcmd tag +flagged -busy -filed tag:inbox and '(tag:list and tag:to-me) or to:mention@noreply.github.com or author@noreply.github.com or to:review_requested@noreply.github.com or to:comment@noreply.github.com or (subject:jb55 and tag:github)'
+# spam
+notmuchcmd tag +spam -inbox 'from:"BOOM OF SALES"' and tag:inbox
+
# not spam
notmuchcmd tag +inbox -spam +flagged "bitcoin wizard" and tag:spam
# phone mail
-notmuchcmd tag -inbox tag:inbox and '(folder:".Archive" or folder:".Trash")'
+notmuchcmd tag -inbox tag:inbox and '(folder:".Archive" or folder:".Trash" or folder:".Archives")'
+
+# bulk bs
+notmuchcmd tag +filed +bulk 'folder:".Bulk"'
printf "notmuch tagging done.\n"
diff --git a/bin/runlog b/bin/runlog
@@ -1,2 +1,2 @@
#!/usr/bin/env bash
-systemctl restart "$@"; journalctl -fu "$@"
+systemctl restart "$@"; journalctl -n30 -fu "$@"
diff --git a/dotfiles/.bash_aliases b/dotfiles/.bash_aliases
@@ -1 +1,273 @@
#!/usr/bin/env bash
+# generic stuff for non-interactive shells
+
+# sharefile
+export PAGER="less"
+export LESS="-cix8RM --save-marks"
+
+# mesa
+export RADV_PERFTEST=aco
+export AMD_DEBUG=nodma
+
+TERM_THEME="$(basename $(readlink ~/.Xresources.d/themes/current))"
+
+if [ "$TERM_THEME" == "light" ]
+then
+ export BAT_THEME=GitHub
+else
+ export BAT_THEME=base16
+fi
+
+export NNCPCFG=~/.nncprc
+export PANDOC=pandoc-nice
+export BAT_STYLE=plain
+export LPASS_HOME="$HOME/.config/lpass"
+export FUZZER=fzf
+export GOPHERCLIENT=vf1
+export GEMINICLIENT=av98
+export GOPHER=$GOPHERCLIENT
+export GNUPGHOME="$HOME/.gnupg"
+export SHAREFILE_HOST='charon:public/s/'
+export KINDLE_FROM_EMAIL='jackbox55@gmail.com'
+export KINDLE_TXT_EMAIL='jb55@jb55.com'
+export KINDLE_EMAIL='jb55@free.kindle.com'
+export SHAREFILE_URL='https://jb55.com/s/'
+export SHARE_SS_DIR="$HOME/var/img/ss"
+export DOTFILES=${DOTFILES:-$HOME/dotfiles}
+export VI_MODE=1
+export XZ=pxz
+export HISTSIZE=50000
+export FZF_CTRL_R_OPTS="-e"
+export FZF_DEFAULT_OPTS="-e"
+export FZF_DEFAULT_COMMAND='rg --files --hidden'
+export EMACSCLIENT=edit
+
+export NIXPKGS=$HOME/nixpkgs
+
+# nix paths
+export NIX_PATH="nixpkgs=$NIXPKGS:$NIX_PATH"
+export NIX_PATH="nixos-config=$NIX_FILES:$NIX_PATH"
+export NIX_PATH="jb55pkgs=$HOME/etc/jb55pkgs:$NIX_PATH"
+export NIX_PATH="dotfiles=$HOME/dotfiles:$NIX_PATH"
+
+# Customize to your needs...
+
+# other
+export EDITOR="edit"
+export VISUAL="edit"
+export BROWSER="browser"
+export PAGER=less
+
+# go
+
+export GOPATH=$HOME/dev/gocode
+export PATH=$HOME/bin:$PATH
+export PATH=$HOME/.local/bin:$PATH
+export PATH=$HOME/.npm/bin:$PATH
+
+md () {
+ mandown README*
+}
+
+function run_fuzzer() {
+ eval "$(fuzz-run-command "$@")"
+}
+
+alias C="pcal list"
+alias m="neomutt"
+alias mq="msmtp-queue"
+alias s="general-status"
+alias t="todo.sh"
+alias e="edit -n"
+alias g=git
+alias f=run_fuzzer
+alias vim=nvim
+alias feh="feh --conversion-timeout 2"
+alias info="info --vi-keys"
+alias ag="ag --pager=less"
+alias attach="grabssh; screen -rD"
+alias awkt="awk -v FS=$'\t' -v OFS=$'\t'"
+alias catt="pygmentize -O style=monokai -f console256 -g"
+alias clip="xclip -selection clipboard"
+alias cpptags="ctags -R --sort=1 --c++-kinds=+p --fields=+iaS --extra=+q --language-force=C++"
+alias crontab="VIM_CRONTAB=true crontab"
+alias cutt="cut -d $'\t' --output-delimiter=$'\t'"
+alias emacs="env TERM=xterm-256color emacs"
+alias fixssh="source $HOME/bin/fixssh"
+alias githist="git reflog show | grep '}: commit' | nl | sort -nr | nl | sort -nr | cut --fields=1,3 | sed s/commit://g | sed -e 's/HEAD*@{[0-9]*}://g'"
+alias jsonpp="python -mjson.tool"
+alias ls="ls --color"
+alias noder="env NODE_NO_READLINE=1 rlwrap node"
+alias nr="npm run"
+alias page=$PAGER
+alias prettyjson=jsonpp
+alias sorry='sudo $(fc -l -n -1)'
+alias tmuxa="tmux a -d -t "
+alias tmux="tmux -2"
+alias vless="/usr/share/vim/vim72/macros/less.sh"
+alias vnc_once="x11vnc -safer -nopw -once -display :0"
+alias wget="wget -c"
+alias xclip="xclip -selection clipboard"
+alias myip="dig +short myip.opendns.com @resolver1.opendns.com"
+alias wanip=myip
+alias myipaddress=myip
+alias ns="nix-shell -p"
+alias fzf="fzf --exact"
+alias u="cd .."
+alias scs="systemctl status"
+alias scsu="systemctl status --user"
+alias jc="journalctl -u"
+alias jcu="journalctl --user -u"
+
+ghclone () {
+ cd "$(gh-clone "$@")"
+}
+
+srhtclone () {
+ cd "$(srht-clone "$@")"
+}
+
+cdnp () {
+ nix-build '<nixpkgs>' --no-out-link -A "$1"
+ cd $(nix-path "$1")
+}
+
+np () {
+ nix-path "$1"
+}
+
+nsr () {
+ local cmd="$1"
+ shift
+ nix-shell -p "$cmd" --run "$@"
+}
+
+nsr2 () {
+ local cmd="$1"
+ shift
+ local cmd2="$(<<<"$cmd" rev | cut -d. -f1 | rev) $@"
+ nsr "$cmd" "$cmd2"
+}
+
+nsc () {
+ local cmd="$1"
+ shift
+ nix-shell -p "$cmd" --command "$@"
+}
+
+share () {
+ sharefile "$@" | xclip
+}
+
+sharess () {
+ share_last_ss | xclip
+}
+
+lt () {
+ ls -ltah "$@" | "$PAGER"
+}
+
+lt1 () {
+ res=$(\ls -1 -t "$@" | head -n1)
+ xclip <<<"$res"
+ printf '%s\n' "$res"
+}
+
+mv1 () {
+ mv $(lt1 | stripansi) "$@"
+}
+
+pcsv () {
+ csv-delim "$@" | pcsvt
+}
+
+pcsvt () {
+ columnt "$@" | cat -n | less -R -S
+}
+
+header() {
+ headers "${2:-/dev/stdin}" | grep "$1" | cutt -f1 | sed -E 's,^[ ]*,,g'
+}
+
+nsum() {
+ awkt '{total = total + $1}END{print total}'
+}
+
+sumcol() {
+ cut -f "$1" | nsum
+}
+
+uniqc() {
+ sort "$@" | uniq -c | sort -nr
+}
+
+cdl () {
+ cd "$(dirname "$(readlink -f "$(which "$1")")")"
+}
+
+env-type () {
+ envtype="$1"
+ shift
+ nix-shell -Q -p $envtype "$@"
+}
+
+haskell-env () {
+ env-type "haskellEnv" "$@"
+}
+
+haskell-env-hoogle () {
+ env-type "haskellEnvHoogle" "$@"
+}
+
+haskell-env-tools() {
+ env-type "haskellTools" "$@"
+}
+
+build-nix-cache() {
+ nix-env -f "$NIXPKGS" -qaP \* > ~/.nixenv.cache
+}
+
+haskell-shell() {
+ nix-shell -p "haskellPackages.ghcWithPackages (pkgs: with pkgs; [$*])"
+}
+
+nix-path() {
+ nix-instantiate --eval --expr 'with import <nixpkgs> {}; "${'"$1"'}"' | sed 's/"//g'
+}
+
+vnc-once() {
+ x11vnc -safer -nopw -once -display ':0' "$1"
+}
+
+sql_wineparty() {
+ export CS='postgres://wineparty.xyz/wineparty'
+ export PG_USER='jb55'
+}
+
+sql_() {
+ local query="$1"
+ local args=("-U" "$pg_user" -A)
+ if [ ! -z "$query" ];
+ then
+ args+=(-c "$query")
+ fi
+ psql -F $'\t' "${args[@]}"
+}
+
+sql() {
+ sql_ "$@" -t | pcsvt
+}
+
+# fzf
+source $DOTFILES/.fzf_helpers
+
+# z
+source $HOME/bin/z.sh
+
+# private stuff
+source $HOME/.bash_private
+
+# nix
+#. /Users/jb55/.nix-profile/etc/profile.d/nix.sh
+
+CURL_CA_BUNDLE=/opt/local/share/curl/curl-ca-bundle.crt
diff --git a/jb55pkgs/default.nix b/jb55pkgs/default.nix
@@ -97,7 +97,7 @@ in rec {
bcalc = fetch-jb55 {
repo = "bcalc";
- rev = "b96c9f5379841c5049dc1b0aca05750f5f0dcdb8";
- sha256 = "1lq7jqlyk4crd6f2z1ms0vqy6mq58q819nwn68adjdv309l4dqvf";
+ rev = "607c4d562178f4aecee008012e9e83871d2a4f5c";
+ sha256 = "sha256-WD85Ypx0ZbSBj5+1OZcwPRz4V6dbPeK5foB/gn+romc=";
};
}
diff --git a/nix-config/configuration.nix b/nix-config/configuration.nix
@@ -16,7 +16,7 @@ let machine = extra.private.machine;
is-minimal = false;
git-server = import ./misc/git-server.nix;
util = import ./misc/util.nix { inherit pkgs; };
- private = import ./private.nix;
+ private = import ./private.nix { inherit pkgs; };
machine = machineConfig;
};
util = extra.util;
diff --git a/nix-config/environment/default.nix b/nix-config/environment/default.nix
@@ -20,7 +20,7 @@ let jb55pkgs = import <jb55pkgs> { inherit pkgs; };
sharefile
zebra
define
- nixpkgs-ml-tools
+ #nixpkgs-ml-tools
];
minimal-pkgs = with pkgs; [
diff --git a/nix-config/machines/charon/default.nix b/nix-config/machines/charon/default.nix
@@ -4,6 +4,7 @@ let gitExtra = {
git = {projectroot = "/var/git-public/repos";};
host = "git.jb55.com";
};
+ radicale_data = "/var/radicale/data";
httpipePort = "8899";
# httpiped = (import (pkgs.fetchgit {
# url = https://github.com/jb55/httpipe;
@@ -13,15 +14,8 @@ let gitExtra = {
npmrepo = (import (pkgs.fetchFromGitHub {
owner = "jb55";
repo = "npm-repo-proxy";
- rev = "bef839a95736588ec40c917fa63d490cd736f307";
- sha256 = "1j2xclgcmz9hbf47k4ygyzmiradfg9q30m8bzr1i2x91kz1ck946";
- }) {}).package;
-
- gaufre = (import (pkgs.fetchFromGitHub {
- owner = "jb55";
- repo = "gaufre";
- rev = "fe9d3cb3a6e4616d1f2f95607cea3a0582db4872";
- sha256 = "091lbcijfzbbr3sm4nxqzz5pdgwqlhhxsa6qy0svmk44q3nd6zvh";
+ rev = "5bb651689c9e74299094ac989125685c810ee9b2";
+ sha256 = "16cjcz2cakrgl3crn63s5w1k4h4y51h8v0326v5bim8r1hxrpq4n";
}) {}).package;
pgpkeys = pkgs.fetchurl {
@@ -29,6 +23,15 @@ let gitExtra = {
sha256 = "91ec02a43317289057c3f7c4f4129558ae799a4789a98bda0fd9360142096731";
};
+ nip05 = pkgs.writeText "nip05.json" ''
+ {
+ "names": {
+ "jb55": "fd3fdb0d0d8d6f9a7667b53211de8ae3c5246b79bdaf64ebac849d5148b5615f",
+ "_": "fd3fdb0d0d8d6f9a7667b53211de8ae3c5246b79bdaf64ebac849d5148b5615f"
+ }
+ }
+ '';
+
gitCfg = extra.git-server { inherit config pkgs; extra = extra // gitExtra; };
hearpress = (import <jb55pkgs> { nixpkgs = pkgs; }).hearpress;
@@ -45,19 +48,19 @@ let gitExtra = {
[vanessa-famcal-access]
user = vanessa
collection = jb55/4bcae62e-9c8b-0d94-d8ef-977a29a24a84
- permission = rw
+ permissions = rw
# Give owners read-write access to everything else:
[owner-write]
user = .+
- collection = %(login)s(/.*)?
- permission = rw
+ collection = {user}/[^/]+
+ permissions = rw
# Everyone can read the root collection
[read]
user = .*
- collection =
- permission = r
+ collection = .*
+ permissions = R
'';
jb55-activity = pkgs.writeText "jb55-custom-activity" ''
{
@@ -114,20 +117,7 @@ in
#(import ./vidstats extra)
];
- services.xinetd.enable = true;
- services.xinetd.services =
- [
- { name = "gopher";
- port = 70;
- server = "${pkgs.gophernicus}/bin/in.gophernicus";
- serverArgs = "-h jb55.com -nf -r /var/gopher";
- extraConfig = ''
- disable = no
- '';
- }
- ];
-
- users.extraGroups.jb55cert.members = [ "prosody" "nginx" ];
+ users.extraGroups.jb55cert.members = [ "prosody" "nginx" "radicale" ];
users.extraGroups.vmail.members = [ "jb55" ];
services.gitDaemon.basePath = "/var/git-public/repos";
@@ -145,35 +135,25 @@ in
};
services.radicale.enable = true;
- services.radicale.config = ''
- [auth]
- type = htpasswd
- htpasswd_filename = /home/jb55/.config/radicale/users
- htpasswd_encryption = plain
- delay = 1
- [storage]
- filesystem_folder = /home/jb55/.config/radicale/data
-
- [server]
- hosts = 127.0.0.1:5232
- ssl = False
- max_connections = 20
-
- # 1 Megabyte
- max_content_length = 10000000
-
- timeout = 10
-
- [rights]
- type = from_file
- file = ${radicale-rights}
- '';
+ services.radicale.settings.storage.filesystem_folder = "/var/radicale/data";
+ services.radicale.settings.auth.type = "htpasswd";
+ services.radicale.settings.auth.htpasswd_filename = "${extra.private.radicale.users}";
+ services.radicale.settings.auth.htpasswd_encryption = "plain";
+ services.radicale.settings.auth.delay = "1";
+ services.radicale.settings.server.hosts = "127.0.0.1:5232";
+ services.radicale.settings.server.ssl = "False";
+ services.radicale.settings.server.max_connections = "20";
+ services.radicale.settings.server.max_content_length = "10000000";
+ services.radicale.settings.server.timeout = "10";
+ services.radicale.settings.rights.type = "from_file";
+ services.radicale.settings.rights.file = "${radicale-rights}";
+
+ security.acme.acceptTerms = true;
security.acme.certs."jb55.com" = {
webroot = "/var/www/challenges";
group = "jb55cert";
- allowKeysForGroup = true;
#postRun = "systemctl restart prosody";
email = myemail;
};
@@ -181,35 +161,30 @@ in
security.acme.certs."git.jb55.com" = {
webroot = "/var/www/challenges";
group = "jb55cert";
- allowKeysForGroup = true;
email = myemail;
};
security.acme.certs."openpgpkey.jb55.com" = {
webroot = "/var/www/challenges";
group = "jb55cert";
- allowKeysForGroup = true;
email = myemail;
};
security.acme.certs."social.jb55.com" = {
webroot = "/var/www/challenges";
group = "jb55cert";
- allowKeysForGroup = true;
email = myemail;
};
security.acme.certs."sheetzen.com" = {
webroot = "/var/www/challenges";
group = "jb55cert";
- allowKeysForGroup = true;
email = myemail;
};
security.acme.certs."bitcoinwizard.net" = {
webroot = "/var/www/challenges";
group = "jb55cert";
- allowKeysForGroup = true;
email = myemail;
};
@@ -228,13 +203,17 @@ in
sieves = builtins.readFile ./dovecot/filters.sieve;
};
- users.extraUsers.prosody.extraGroups = [ "jb55cert" ];
- services.prosody.enable = true;
+ users.extraUsers.smtpd.extraGroups = [ "jb55cert" ];
+ users.extraUsers.jb55.extraGroups = [ "jb55cert" ];
+ #users.extraUsers.prosody.extraGroups = [ "jb55cert" ];
+
+ services.prosody.enable = false;
+ services.prosody.xmppComplianceSuite = false;
services.prosody.admins = [ "jb55@jb55.com" ];
services.prosody.allowRegistration = false;
services.prosody.extraModules = xmpp_modules;
services.prosody.package = pkgs.prosody.override {
- withCommunityModules = xmpp_modules;
+ withCommunityModules = xmpp_modules;
};
services.prosody.extraConfig = ''
c2s_require_encryption = true
@@ -278,25 +257,17 @@ in
serviceConfig.ExecStart = "${npmrepo}/bin/npm-repo-proxy";
};
- systemd.services.gaufre = {
- description = "personal gopher proxy";
-
- wantedBy = [ "multi-user.target" ];
-
- serviceConfig.Type = "simple";
- serviceConfig.ExecStart = "${gaufre}/bin/gaufre 7070";
- };
-
services.fcgiwrap.enable = true;
services.nginx.httpConfig = ''
+ limit_req_zone $server_name zone=email_form:10m rate=3r/m;
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name bitcoinwizard.net;
- root /home/jb55/www/coretto.io;
+ root /www/bitcoinwizard.net;
index index.html;
ssl_certificate /var/lib/acme/bitcoinwizard.net/fullchain.pem;
@@ -307,11 +278,12 @@ in
}
location /email {
+ limit_req zone=email_form;
gzip off;
# fcgiwrap is set up to listen on this host:port
fastcgi_pass unix:${config.services.fcgiwrap.socketAddress};
include ${pkgs.nginx}/conf/fastcgi_params;
- fastcgi_param SCRIPT_FILENAME /home/jb55/www/coretto.io/emailform.py;
+ fastcgi_param SCRIPT_FILENAME /www/bitcoinwizard.net/emailform.py;
client_max_body_size 512;
@@ -320,7 +292,18 @@ in
fastcgi_param PATH_INFO $uri;
}
+ }
+
+ server {
+ listen 80;
+ listen [::]:80;
+ server_name cdn.jb55.com;
+
+ location / {
+ autoindex on;
+ root /www/cdn.jb55.com;
+ }
}
server {
@@ -347,36 +330,9 @@ in
}
server {
- listen 80;
- listen [::]:80;
-
- server_name social.jb55.com;
-
- location /.well-known/acme-challenge {
- root /var/www/challenges;
- }
-
- location / {
- return 301 https://social.jb55.com$request_uri;
- }
- }
-
- server {
listen 443 ssl;
listen [::]:443 ssl;
- server_name social.jb55.com;
-
- ssl_certificate /var/lib/acme/social.jb55.com/fullchain.pem;
- ssl_certificate_key /var/lib/acme/social.jb55.com/key.pem;
-
- location / {
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $remote_addr;
- proxy_set_header Host $http_host;
- proxy_pass http://127.0.0.1:5188/;
- }
-
}
server {
@@ -400,7 +356,7 @@ in
root /var/www/challenges;
}
- location ~ ^(/[^/]+)/?$ {
+ location ~ ^(/[^/\s]+)/?$ {
if (-f $document_root$1/file/README.md.html) {
return 302 $1/file/README.md.html;
}
@@ -445,6 +401,16 @@ in
}
server {
+ listen 80;
+ listen [::]:80;
+ server_name lnlink.app;
+
+ location / {
+ root /www/lnlink.app;
+ }
+ }
+
+ server {
listen 443 ssl;
listen [::]:443 ssl;
server_name openpgpkey.jb55.com;
@@ -452,7 +418,7 @@ in
ssl_certificate /var/lib/acme/openpgpkey.jb55.com/fullchain.pem;
ssl_certificate_key /var/lib/acme/openpgpkey.jb55.com/key.pem;
- location /.well-known/openpgpkey/jb55.com/hu/9adqqiba8jxrhu5wf18bfapmnwjk5ybo {
+ location = /.well-known/openpgpkey/jb55.com/hu/9adqqiba8jxrhu5wf18bfapmnwjk5ybo {
alias ${pgpkeys};
}
}
@@ -471,20 +437,28 @@ in
rewrite ^/pkgs.tar.gz$ https://github.com/jb55/jb55pkgs/archive/master.tar.gz permanent;
rewrite ^/pkgs/?$ https://github.com/jb55/jb55pkgs/archive/master.tar.gz permanent;
- if ( $http_accept ~ "application/activity\+json" ) {
- return 302 https://social.jb55.com;
- }
-
- if ( $http_accept ~ "application/ld\+json" ) {
- return 302 https://social.jb55.com;
- }
-
+ location /inbox {
+ proxy_set_header Host $http_host;
+ proxy_redirect off;
+ proxy_pass http://127.0.0.1:5188/inbox;
+ }
location / {
gzip on;
gzip_types application/json;
charset utf-8;
+ proxy_set_header Host $http_host;
+ proxy_redirect off;
+
+ if ( $http_accept ~ "application/activity\+json" ) {
+ proxy_pass http://127.0.0.1:5188;
+ }
+
+ if ( $http_accept ~ "application/ld\+json" ) {
+ proxy_pass http://127.0.0.1:5188;
+ }
+
try_files $uri $uri/ =404;
}
@@ -515,7 +489,19 @@ in
}
location /.well-known/webfinger {
- return 302 https://social.jb55.com$request_uri;
+ proxy_pass http://localhost:5188/;
+ proxy_redirect off;
+ proxy_set_header Host $host;
+ }
+
+ location = /.well-known/openpgpkey/jb55.com/hu/9adqqiba8jxrhu5wf18bfapmnwjk5ybo {
+ add_header Access-Control-Allow-Origin *;
+ alias ${pgpkeys};
+ }
+
+ location = /.well-known/nostr.json {
+ add_header Access-Control-Allow-Origin *;
+ alias ${nip05};
}
location /cal/ {
diff --git a/nix-config/machines/charon/dovecot/filters.sieve b/nix-config/machines/charon/dovecot/filters.sieve
@@ -193,3 +193,7 @@ if allof (header :contains "from" "noreply@md.getsentry.com") {
fileinto "Alerts";
}
+
+if allof ( header "Precedence" "bulk" ) {
+ fileinto "Bulk";
+}
diff --git a/nix-config/machines/charon/networking/default.nix b/nix-config/machines/charon/networking/default.nix
@@ -6,14 +6,12 @@ let
ports = {
git = 9418;
gemini = 1965;
- wireguard = 51820;
};
in
{
services.openssh.gatewayPorts = "yes";
networking.firewall.allowedTCPPorts = with ports; [ 22 443 80 70 12566 12788 5222 5269 3415 git gemini ];
- networking.firewall.allowedUDPPorts = with ports; [ wireguard ];
networking.domain = "jb55.com";
networking.search = [ "jb55.com" ];
@@ -21,39 +19,4 @@ in
127.0.0.1 jb55.com
::1 jb55.com
'';
-
-
- networking.wireguard.interfaces = {
- # "wg0" is the network interface name. You can name the interface arbitrarily.
- wg0 = {
- # Determines the IP address and subnet of the client's end of the tunnel interface.
- ips = [ "10.100.0.7/28" ];
-
- listenPort = ports.wireguard;
-
- # Path to the private key file.
- #
- # Note: The private key can also be included inline via the privateKey option,
- # but this makes the private key world-readable; thus, using privateKeyFile is
- # recommended.
- privateKeyFile = "/home/jb55/.wg/private";
-
- peers = [
- # For a client configuration, one peer entry for the server will suffice.
- { publicKey = "TbGgpOqD6teLon0ksZKS8zvvjHtkOGKNWPpHZxhVFWA=";
- allowedIPs = [ "10.100.0.1/32" ];
- endpoint = "24.84.152.187:51820";
- }
- { publicKey = "wcoun9+1GX4awQF2Yd0WbsQ6RKHE9SsOsYv3qR7mbB0="; # quiver
- allowedIPs = [ "10.100.0.2/32" ];
- }
- { publicKey = "vIh3IQgP92OhHaC9XBiJVDLlrs3GVcR6hlXaapjTiA0="; # phone
- allowedIPs = [ "10.100.0.3/32" ];
- }
- { publicKey = "Dp8Df75X8Kh9gd33e+CWyyhOvT4mT0X9ToPwBUEBU1k="; # mac
- allowedIPs = [ "10.100.0.4/32" ];
- }
- ];
- };
- };
}
diff --git a/nix-config/machines/charon/nginx/default.nix b/nix-config/machines/charon/nginx/default.nix
@@ -55,7 +55,6 @@ in {
proxy_buffering off;
proxy_read_timeout 300s;
expires off;
- default_type application/octet-stream;
access_log ${logDir}/access.log;
error_log ${logDir}/error.log;
diff --git a/nix-config/services/mailz/default.nix b/nix-config/services/mailz/default.nix
@@ -159,9 +159,9 @@ in
{
system.activationScripts.mailz = ''
# Make sure SpamAssassin database is present
- if ! [ -d /etc/spamassassin ]; then
- cp -r ${pkgs.spamassassin}/share/spamassassin /etc
- fi
+ #if ! [ -d /etc/spamassassin ]; then
+ #cp -r ${pkgs.spamassassin}/share/spamassassin /etc
+ #fi
# Make sure a DKIM private key exist
if ! [ -d ${cfg.dkimDirectory}/${cfg.domain} ]; then
@@ -171,7 +171,7 @@ in
fi
'';
- services.spamassassin.enable = true;
+ services.spamassassin.enable = false;
services.opensmtpd = {
enable = true;
@@ -278,6 +278,7 @@ in
}
${mailbox "Alerts"}
+ ${mailbox "Bulk"}
${mailbox "RSS"}
${mailbox "GitHub"}
${mailbox "Lists"}
