diff options
author | Ben Sima <ben@bsima.me> | 2019-01-22 08:51:14 -0800 |
---|---|---|
committer | Ben Sima <ben@bsima.me> | 2019-01-25 15:11:10 -0800 |
commit | cdc9a34ec47ce1adebd1ce3555589acc6cc2e32f (patch) | |
tree | c18f790577bc36ef325ee2c14d09ad7c158494d6 /machines | |
parent | 8b9c64c415e521afdb035ceb2ca94e3711c1fca5 (diff) |
Add my machine config (finally)
Diffstat (limited to 'machines')
-rw-r--r-- | machines/lithium.nix | 311 |
1 files changed, 311 insertions, 0 deletions
diff --git a/machines/lithium.nix b/machines/lithium.nix new file mode 100644 index 0000000..4970b91 --- /dev/null +++ b/machines/lithium.nix @@ -0,0 +1,311 @@ +{ config, lib, pkgs, ... }: + +let + gitDir = "/srv/git"; + benKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiNB0iF9ClawNEizBtdYucqp1tAXXRbqvlPS6PFRrtiwSl+SJD29BCLgA5rLxcmFhBHZ/iId/En7GPFEzI/gMu071J7pUI4OcW0UVZju3GNc6ZEz/a6AD2u79JiXEDHfPEdmMqAe36kkaK0KJWSQP3xsFRwJ+8F8HHbSwoCLL+GJhBgAWHQLGfKesNrDacNljNDU3CgkEnDmu8QKuSzH2k1vrr69q2u2iMSAdiStDBAWEjN5nCVrm2XB2vmFLMtXpX2n8JI+znOGzRRDc8dNXejQeDMZGyV6jfVidEIX7vdgSydGjTRKcCLVAsKY3z0gYBZ8u8EUNujgcFBnnAvytj ben@neb"; + nickKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDfSOxXJTQADjROqbaiJtjbJaHTsBtuWNvQpDvXLigl9R27VqIn7dYk2STuWglwFyrvYfU1UmjgJcJ6J2KbXGTH5mhaC04MJ4aqmOR3Ynnq7nDzmtEtn1I+K7LmpFXsFXgOTzIlzggIWflGd1pPBwgWqMoPDcSqNQFPI/+rk1JOxk3e2Mq60VTp9WM9hs0AJQEyZ+wwZ0vyrj588kQb6jQUZ7qx1UZoDzPc57zREEZbQeU1Gd9FK2bCHlKOBHYlqIftSRBGGCpuo7zobhajR0xHO9RnF0NmeLbW85XhDus8vVgBg/BTDPxHEzm5jKiCkc+i3ia0Ff9mp2zgtSdXCp5jbVZ3AYfYLi1zbPWmaSdWqFx2ntOLwWR3/RHjw6+b4KmUQ4xtQHyXOijTBCH29i7VCo7l8WL+I2mSGJ7/Wtw7NFtMpVVs8/0iKt2t12FIefzvbZoWU7vbmuO7+gQI5l+F+JE6DLWOl04vT/V98WxiHA5rbCjTT/bubs4gTeCR9qNehaoM+apitpUP8HXygnxD7EJeK6JNkdub9TY663IkiKlpnWgeoDTNSP7JF/jkU0Nt8yoR2pTyxQqMFYa37/3WKjmSHk1TgxLEmlwHQFtIkTPn8PL+VLa4ACYuWUjxS4aMRpxo9eJUHdy0Y04yKxXN8BLw7FAhytm2pTXtT4zqaQ== nicksima@gmail.com"; + dreKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBaWLX6UpkiFZmS9OX8mcXIdmvxmHfP/v+8Sx9j3PCbFA+Jaj+PlCCiX/iLOL4Vgq3aQQpBg0FQWttLdCrGbTpnADfmU5TlbUk/9YEhPZG3MP1rYGtpIqmWFEWKGaiJHeW2SRVgnbJFwFKUtrsCQ/OAVENJTZ2xsn/t3xGYfCXqhs2jVctZmuhyO+Qw5KuAgIdr96+QsBVA1V/BdadDicDUgS7ixHyzECME9YT5ldj8YcsJcD4G07bfg7omF5s263BHx0sLpXKRQbIvcVcdnoAZK0JQEaz9adWaMzRuDhP+hMcsF4T2O1ZRLW4nsDRnK5N+KWO5317Jr8eVCqEpSQr aulloa@WINDOWS-DI0KOEL"; +in +{ + + networking = { + hostName = "lithium"; + hosts = { + "192.168.56.104" = [ "pprjam.localhost" ]; + "127.0.0.1" = [ "localhost" "news.bnet" ]; + "::1" = [ "localhost" "ipv6-localhost" "ipv6-loopback" ]; + }; + + firewall = { + allowedTCPPorts = [ 8096 22 8000 8443 443 500 10000 3000 8080 ]; + checkReversePath = false; + }; + + }; + + time.timeZone = "America/Los_Angeles"; + + environment.systemPackages = with pkgs; [ + wget + vnstat + ]; + + fonts.fonts = with pkgs; [ + google-fonts mononoki source-code-pro fantasque-sans-mono hack-font + fira fira-code fira-code-symbols + ]; + + nixpkgs = { + config = { + allowUnfree = true; + allowBroken = true; + }; + }; + + hardware = { + opengl.enable = true; + pulseaudio = { + enable = true; + extraConfig = '' + load-module module-loopback + ''; + }; + }; + + programs = { + bash.enableCompletion = true; + command-not-found.enable = true; + gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + mosh.enable = true; + }; + + virtualisation = { + docker = { + enable = true; + liveRestore = false; + }; + libvirtd.enable = true; + virtualbox = { + host = { + enable = true; + headless = false; + addNetworkInterface = true; + }; + guest = { + enable = true; + x11 = false; + }; + }; + }; + + services = { + logind = { + lidSwitch = "ignore"; + extraConfig = "IdleAction=ignore"; + }; + + openssh = { + enable = true; + forwardX11 = true; + }; + + offlineimap = { + enable = true; + install = true; + }; + + deluge = { + enable = true; + openFilesLimit = 10240; + web.enable = true; + }; + + printing.enable = true; + + xserver = { + enable = true; + layout = "us"; + #displayManager.lightdm = { + # enable = false; + # background = "/home/ben/.background-image"; + #}; + + desktopManager = { + kodi.enable = true; + gnome3 = { + enable = true; + extraGSettingsOverridePackages = with pkgs; [ gnome3.gnome_settings_daemon ]; + extraGSettingsOverrides = '' + [org.gnome.desktop.screensaver] + lock-delay=3600 + lock-enabled=true' + + [org.gnome.desktop.session] + idle-delay=900 + + [org.gnome.settings-daemon.plugins.power] + power-button-action='nothing' + idle-dim=true + sleep-inactive-battery-type='nothing' + sleep-inactive-ac-timeout=3600 + sleep-inactive-ac-type='nothing' + sleep-inactive-battery-timeout=1800 + ''; + }; + #xrandrHeads = [ + # { + # output = "HDMI1"; + # primary = true; + # monitorConfig = '' + # DisplaySize 1920x1080 + # ''; + # } + # #{ + # # output = "DP1"; + # # monitorConfig = '' + # # DisplaySize 1920x1080 + # # ''; + # #} + #]; + }; + }; + + redshift = { + enable = true; + latitude = "33.044444"; + longitude = "-117.271667"; + }; + + emby = { + enable = true; + user = "emby"; + }; + + # just for hero development + mysql = { + enable = true; + package = pkgs.mysql57; + }; + + vnstat.enable = true; + + # security stuff + fail2ban.enable = false; + clamav = { + daemon.enable = false; + updater.enable = false; + }; + + gitolite = { + enable = true; + enableGitAnnex = true; + dataDir = "${gitDir}"; + user = "git"; + group = "git"; + extraGitoliteRc = '' + $RC{UMASK} = 0022; + $RC{SITE_INFO} = 'a computer is a bicycle for the mind.'; + $RC{GIT_CONFIG_KEYS} = 'gitweb\.(owner|description|category)'; + ''; + adminPubkey = "${benKey}"; + }; + lighttpd = { + enable = true; + port = 8000; + document-root = "${gitDir}"; + mod_userdir = true; + mod_status = true; + collectd = { + enable = true; + }; + cgit = { + enable = true; + configText = '' + cache-size=0 + clone-url=git@buildmindful.com:$CGIT_REPO_URL + enable-index-owner=1 + enable-http-clone=0 + enable-index-links=1 + enable-commit-graph=1 + enable-log-filecount=1 + enable-log-linecount=1 + enable-git-config=1 + remove-suffix=1 + branch-sort=age + max-stats=week + mimetype.gif=image/gif + mimetype.html=text/html + mimetype.jpg=image/jpeg + mimetype.jpeg=image/jpeg + mimetype.pdf=application/pdf + mimetype.png=image/png + mimetype.svg=image/svg+xml + about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh + source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py + readme=:README.md + root-title=buildmindful git repository + root-desc=a computer is a bicycle for the mind. + project-list=${gitDir}/projects.list + scan-path=${gitDir}/repositories + ''; + }; + }; + postgresql = { + enable = true; + package = pkgs.postgresql100; + authentication = '' + local all pprjam md5 + local all pprjam_test md5 + ''; + enableTCPIP = true; + }; + redis = { + enable = true; + }; + }; + + users = { + users = { + ben = { + isNormalUser = true; + home = "/home/ben"; + openssh.authorizedKeys.keys = [ "${benKey}" ]; + extraGroups = [ "wheel" "networkmanager" "docker" ]; + }; + nick = { + isNormalUser = true; + home = "/home/nick"; + openssh.authorizedKeys.keys = [ "${nickKey}" ]; + extraGroups = [ "docker" ]; + }; + dre = { + isNormalUser = true; + home = "/home/dre"; + openssh.authorizedKeys.keys = [ "${dreKey}" ]; + extraGroups = [ "docker" ]; + }; + }; + }; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.initrd.luks.devices = [ + { + name = "root"; + device = "/dev/disk/by-uuid/a0160f25-e0e3-4af0-8236-3e298eac957a"; + preLVM = true; + } + ]; + + powerManagement.enable = false; + + nix = { + gc = { + automatic = true; + dates = "03:15"; + }; + binaryCaches = [ "https://cache.nixos.org/" ]; + nixPath = [ + "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs" + "nixos-config=/etc/nixos/configuration.nix" + "/nix/var/nix/profiles/per-user/root/channels" + ]; + extraOptions = '' + gc-keep-outputs = true + gc-keep-derivations = true + ''; + }; + + # This value determines the NixOS release with which your system is to be + # compatible, in order to avoid breaking some software such as database + # servers. You should change this only after NixOS release notes say you + # should. + system.stateVersion = "17.09"; # Did you read the comment? + system.autoUpgrade.enable = true; + +} |