summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Sima <ben@bsima.me>2019-01-22 08:51:14 -0800
committerBen Sima <ben@bsima.me>2019-01-25 15:11:10 -0800
commitcdc9a34ec47ce1adebd1ce3555589acc6cc2e32f (patch)
treec18f790577bc36ef325ee2c14d09ad7c158494d6
parent8b9c64c415e521afdb035ceb2ca94e3711c1fca5 (diff)
Add my machine config (finally)
-rw-r--r--machines/lithium.nix311
1 files changed, 311 insertions, 0 deletions
diff --git a/machines/lithium.nix b/machines/lithium.nix
new file mode 100644
index 0000000..4970b91
--- /dev/null
+++ b/machines/lithium.nix
@@ -0,0 +1,311 @@
+{ config, lib, pkgs, ... }:
+
+let
+ gitDir = "/srv/git";
+ benKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiNB0iF9ClawNEizBtdYucqp1tAXXRbqvlPS6PFRrtiwSl+SJD29BCLgA5rLxcmFhBHZ/iId/En7GPFEzI/gMu071J7pUI4OcW0UVZju3GNc6ZEz/a6AD2u79JiXEDHfPEdmMqAe36kkaK0KJWSQP3xsFRwJ+8F8HHbSwoCLL+GJhBgAWHQLGfKesNrDacNljNDU3CgkEnDmu8QKuSzH2k1vrr69q2u2iMSAdiStDBAWEjN5nCVrm2XB2vmFLMtXpX2n8JI+znOGzRRDc8dNXejQeDMZGyV6jfVidEIX7vdgSydGjTRKcCLVAsKY3z0gYBZ8u8EUNujgcFBnnAvytj ben@neb";
+ nickKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDfSOxXJTQADjROqbaiJtjbJaHTsBtuWNvQpDvXLigl9R27VqIn7dYk2STuWglwFyrvYfU1UmjgJcJ6J2KbXGTH5mhaC04MJ4aqmOR3Ynnq7nDzmtEtn1I+K7LmpFXsFXgOTzIlzggIWflGd1pPBwgWqMoPDcSqNQFPI/+rk1JOxk3e2Mq60VTp9WM9hs0AJQEyZ+wwZ0vyrj588kQb6jQUZ7qx1UZoDzPc57zREEZbQeU1Gd9FK2bCHlKOBHYlqIftSRBGGCpuo7zobhajR0xHO9RnF0NmeLbW85XhDus8vVgBg/BTDPxHEzm5jKiCkc+i3ia0Ff9mp2zgtSdXCp5jbVZ3AYfYLi1zbPWmaSdWqFx2ntOLwWR3/RHjw6+b4KmUQ4xtQHyXOijTBCH29i7VCo7l8WL+I2mSGJ7/Wtw7NFtMpVVs8/0iKt2t12FIefzvbZoWU7vbmuO7+gQI5l+F+JE6DLWOl04vT/V98WxiHA5rbCjTT/bubs4gTeCR9qNehaoM+apitpUP8HXygnxD7EJeK6JNkdub9TY663IkiKlpnWgeoDTNSP7JF/jkU0Nt8yoR2pTyxQqMFYa37/3WKjmSHk1TgxLEmlwHQFtIkTPn8PL+VLa4ACYuWUjxS4aMRpxo9eJUHdy0Y04yKxXN8BLw7FAhytm2pTXtT4zqaQ== nicksima@gmail.com";
+ dreKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBaWLX6UpkiFZmS9OX8mcXIdmvxmHfP/v+8Sx9j3PCbFA+Jaj+PlCCiX/iLOL4Vgq3aQQpBg0FQWttLdCrGbTpnADfmU5TlbUk/9YEhPZG3MP1rYGtpIqmWFEWKGaiJHeW2SRVgnbJFwFKUtrsCQ/OAVENJTZ2xsn/t3xGYfCXqhs2jVctZmuhyO+Qw5KuAgIdr96+QsBVA1V/BdadDicDUgS7ixHyzECME9YT5ldj8YcsJcD4G07bfg7omF5s263BHx0sLpXKRQbIvcVcdnoAZK0JQEaz9adWaMzRuDhP+hMcsF4T2O1ZRLW4nsDRnK5N+KWO5317Jr8eVCqEpSQr aulloa@WINDOWS-DI0KOEL";
+in
+{
+
+ networking = {
+ hostName = "lithium";
+ hosts = {
+ "192.168.56.104" = [ "pprjam.localhost" ];
+ "127.0.0.1" = [ "localhost" "news.bnet" ];
+ "::1" = [ "localhost" "ipv6-localhost" "ipv6-loopback" ];
+ };
+
+ firewall = {
+ allowedTCPPorts = [ 8096 22 8000 8443 443 500 10000 3000 8080 ];
+ checkReversePath = false;
+ };
+
+ };
+
+ time.timeZone = "America/Los_Angeles";
+
+ environment.systemPackages = with pkgs; [
+ wget
+ vnstat
+ ];
+
+ fonts.fonts = with pkgs; [
+ google-fonts mononoki source-code-pro fantasque-sans-mono hack-font
+ fira fira-code fira-code-symbols
+ ];
+
+ nixpkgs = {
+ config = {
+ allowUnfree = true;
+ allowBroken = true;
+ };
+ };
+
+ hardware = {
+ opengl.enable = true;
+ pulseaudio = {
+ enable = true;
+ extraConfig = ''
+ load-module module-loopback
+ '';
+ };
+ };
+
+ programs = {
+ bash.enableCompletion = true;
+ command-not-found.enable = true;
+ gnupg.agent = {
+ enable = true;
+ enableSSHSupport = true;
+ };
+ mosh.enable = true;
+ };
+
+ virtualisation = {
+ docker = {
+ enable = true;
+ liveRestore = false;
+ };
+ libvirtd.enable = true;
+ virtualbox = {
+ host = {
+ enable = true;
+ headless = false;
+ addNetworkInterface = true;
+ };
+ guest = {
+ enable = true;
+ x11 = false;
+ };
+ };
+ };
+
+ services = {
+ logind = {
+ lidSwitch = "ignore";
+ extraConfig = "IdleAction=ignore";
+ };
+
+ openssh = {
+ enable = true;
+ forwardX11 = true;
+ };
+
+ offlineimap = {
+ enable = true;
+ install = true;
+ };
+
+ deluge = {
+ enable = true;
+ openFilesLimit = 10240;
+ web.enable = true;
+ };
+
+ printing.enable = true;
+
+ xserver = {
+ enable = true;
+ layout = "us";
+ #displayManager.lightdm = {
+ # enable = false;
+ # background = "/home/ben/.background-image";
+ #};
+
+ desktopManager = {
+ kodi.enable = true;
+ gnome3 = {
+ enable = true;
+ extraGSettingsOverridePackages = with pkgs; [ gnome3.gnome_settings_daemon ];
+ extraGSettingsOverrides = ''
+ [org.gnome.desktop.screensaver]
+ lock-delay=3600
+ lock-enabled=true'
+
+ [org.gnome.desktop.session]
+ idle-delay=900
+
+ [org.gnome.settings-daemon.plugins.power]
+ power-button-action='nothing'
+ idle-dim=true
+ sleep-inactive-battery-type='nothing'
+ sleep-inactive-ac-timeout=3600
+ sleep-inactive-ac-type='nothing'
+ sleep-inactive-battery-timeout=1800
+ '';
+ };
+ #xrandrHeads = [
+ # {
+ # output = "HDMI1";
+ # primary = true;
+ # monitorConfig = ''
+ # DisplaySize 1920x1080
+ # '';
+ # }
+ # #{
+ # # output = "DP1";
+ # # monitorConfig = ''
+ # # DisplaySize 1920x1080
+ # # '';
+ # #}
+ #];
+ };
+ };
+
+ redshift = {
+ enable = true;
+ latitude = "33.044444";
+ longitude = "-117.271667";
+ };
+
+ emby = {
+ enable = true;
+ user = "emby";
+ };
+
+ # just for hero development
+ mysql = {
+ enable = true;
+ package = pkgs.mysql57;
+ };
+
+ vnstat.enable = true;
+
+ # security stuff
+ fail2ban.enable = false;
+ clamav = {
+ daemon.enable = false;
+ updater.enable = false;
+ };
+
+ gitolite = {
+ enable = true;
+ enableGitAnnex = true;
+ dataDir = "${gitDir}";
+ user = "git";
+ group = "git";
+ extraGitoliteRc = ''
+ $RC{UMASK} = 0022;
+ $RC{SITE_INFO} = 'a computer is a bicycle for the mind.';
+ $RC{GIT_CONFIG_KEYS} = 'gitweb\.(owner|description|category)';
+ '';
+ adminPubkey = "${benKey}";
+ };
+ lighttpd = {
+ enable = true;
+ port = 8000;
+ document-root = "${gitDir}";
+ mod_userdir = true;
+ mod_status = true;
+ collectd = {
+ enable = true;
+ };
+ cgit = {
+ enable = true;
+ configText = ''
+ cache-size=0
+ clone-url=git@buildmindful.com:$CGIT_REPO_URL
+ enable-index-owner=1
+ enable-http-clone=0
+ enable-index-links=1
+ enable-commit-graph=1
+ enable-log-filecount=1
+ enable-log-linecount=1
+ enable-git-config=1
+ remove-suffix=1
+ branch-sort=age
+ max-stats=week
+ mimetype.gif=image/gif
+ mimetype.html=text/html
+ mimetype.jpg=image/jpeg
+ mimetype.jpeg=image/jpeg
+ mimetype.pdf=application/pdf
+ mimetype.png=image/png
+ mimetype.svg=image/svg+xml
+ about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh
+ source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
+ readme=:README.md
+ root-title=buildmindful git repository
+ root-desc=a computer is a bicycle for the mind.
+ project-list=${gitDir}/projects.list
+ scan-path=${gitDir}/repositories
+ '';
+ };
+ };
+ postgresql = {
+ enable = true;
+ package = pkgs.postgresql100;
+ authentication = ''
+ local all pprjam md5
+ local all pprjam_test md5
+ '';
+ enableTCPIP = true;
+ };
+ redis = {
+ enable = true;
+ };
+ };
+
+ users = {
+ users = {
+ ben = {
+ isNormalUser = true;
+ home = "/home/ben";
+ openssh.authorizedKeys.keys = [ "${benKey}" ];
+ extraGroups = [ "wheel" "networkmanager" "docker" ];
+ };
+ nick = {
+ isNormalUser = true;
+ home = "/home/nick";
+ openssh.authorizedKeys.keys = [ "${nickKey}" ];
+ extraGroups = [ "docker" ];
+ };
+ dre = {
+ isNormalUser = true;
+ home = "/home/dre";
+ openssh.authorizedKeys.keys = [ "${dreKey}" ];
+ extraGroups = [ "docker" ];
+ };
+ };
+ };
+
+ # Use the systemd-boot EFI boot loader.
+ boot.loader.systemd-boot.enable = true;
+ boot.loader.efi.canTouchEfiVariables = true;
+
+ boot.initrd.luks.devices = [
+ {
+ name = "root";
+ device = "/dev/disk/by-uuid/a0160f25-e0e3-4af0-8236-3e298eac957a";
+ preLVM = true;
+ }
+ ];
+
+ powerManagement.enable = false;
+
+ nix = {
+ gc = {
+ automatic = true;
+ dates = "03:15";
+ };
+ binaryCaches = [ "https://cache.nixos.org/" ];
+ nixPath = [
+ "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs"
+ "nixos-config=/etc/nixos/configuration.nix"
+ "/nix/var/nix/profiles/per-user/root/channels"
+ ];
+ extraOptions = ''
+ gc-keep-outputs = true
+ gc-keep-derivations = true
+ '';
+ };
+
+ # This value determines the NixOS release with which your system is to be
+ # compatible, in order to avoid breaking some software such as database
+ # servers. You should change this only after NixOS release notes say you
+ # should.
+ system.stateVersion = "17.09"; # Did you read the comment?
+ system.autoUpgrade.enable = true;
+
+}