Add my machine config (finally)

1 files changed, 311 insertions, 0 deletions

diff --git a/machines/lithium.nix b/machines/lithium.nix
new file mode 100644
index 0000000..4970b91
--- /dev/null
+++ b/machines/lithium.nix
@@ -0,0 +1,311 @@
+{ config, lib, pkgs, ... }:
+
+let
+  gitDir = "/srv/git";
+  benKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiNB0iF9ClawNEizBtdYucqp1tAXXRbqvlPS6PFRrtiwSl+SJD29BCLgA5rLxcmFhBHZ/iId/En7GPFEzI/gMu071J7pUI4OcW0UVZju3GNc6ZEz/a6AD2u79JiXEDHfPEdmMqAe36kkaK0KJWSQP3xsFRwJ+8F8HHbSwoCLL+GJhBgAWHQLGfKesNrDacNljNDU3CgkEnDmu8QKuSzH2k1vrr69q2u2iMSAdiStDBAWEjN5nCVrm2XB2vmFLMtXpX2n8JI+znOGzRRDc8dNXejQeDMZGyV6jfVidEIX7vdgSydGjTRKcCLVAsKY3z0gYBZ8u8EUNujgcFBnnAvytj ben@neb";
+  nickKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDfSOxXJTQADjROqbaiJtjbJaHTsBtuWNvQpDvXLigl9R27VqIn7dYk2STuWglwFyrvYfU1UmjgJcJ6J2KbXGTH5mhaC04MJ4aqmOR3Ynnq7nDzmtEtn1I+K7LmpFXsFXgOTzIlzggIWflGd1pPBwgWqMoPDcSqNQFPI/+rk1JOxk3e2Mq60VTp9WM9hs0AJQEyZ+wwZ0vyrj588kQb6jQUZ7qx1UZoDzPc57zREEZbQeU1Gd9FK2bCHlKOBHYlqIftSRBGGCpuo7zobhajR0xHO9RnF0NmeLbW85XhDus8vVgBg/BTDPxHEzm5jKiCkc+i3ia0Ff9mp2zgtSdXCp5jbVZ3AYfYLi1zbPWmaSdWqFx2ntOLwWR3/RHjw6+b4KmUQ4xtQHyXOijTBCH29i7VCo7l8WL+I2mSGJ7/Wtw7NFtMpVVs8/0iKt2t12FIefzvbZoWU7vbmuO7+gQI5l+F+JE6DLWOl04vT/V98WxiHA5rbCjTT/bubs4gTeCR9qNehaoM+apitpUP8HXygnxD7EJeK6JNkdub9TY663IkiKlpnWgeoDTNSP7JF/jkU0Nt8yoR2pTyxQqMFYa37/3WKjmSHk1TgxLEmlwHQFtIkTPn8PL+VLa4ACYuWUjxS4aMRpxo9eJUHdy0Y04yKxXN8BLw7FAhytm2pTXtT4zqaQ== nicksima@gmail.com";
+  dreKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBaWLX6UpkiFZmS9OX8mcXIdmvxmHfP/v+8Sx9j3PCbFA+Jaj+PlCCiX/iLOL4Vgq3aQQpBg0FQWttLdCrGbTpnADfmU5TlbUk/9YEhPZG3MP1rYGtpIqmWFEWKGaiJHeW2SRVgnbJFwFKUtrsCQ/OAVENJTZ2xsn/t3xGYfCXqhs2jVctZmuhyO+Qw5KuAgIdr96+QsBVA1V/BdadDicDUgS7ixHyzECME9YT5ldj8YcsJcD4G07bfg7omF5s263BHx0sLpXKRQbIvcVcdnoAZK0JQEaz9adWaMzRuDhP+hMcsF4T2O1ZRLW4nsDRnK5N+KWO5317Jr8eVCqEpSQr aulloa@WINDOWS-DI0KOEL";
+in
+{
+
+  networking = {
+    hostName = "lithium";
+    hosts = {
+      "192.168.56.104" = [ "pprjam.localhost" ];
+      "127.0.0.1" = [ "localhost" "news.bnet" ];
+      "::1" = [ "localhost" "ipv6-localhost" "ipv6-loopback" ];
+    };
+
+    firewall = {
+      allowedTCPPorts = [ 8096 22 8000 8443 443 500 10000 3000 8080 ];
+      checkReversePath = false;
+    };
+
+  };
+
+  time.timeZone = "America/Los_Angeles";
+
+  environment.systemPackages = with pkgs; [
+    wget
+    vnstat
+  ];
+
+  fonts.fonts = with pkgs; [
+    google-fonts mononoki source-code-pro fantasque-sans-mono hack-font
+    fira fira-code fira-code-symbols
+  ];
+
+  nixpkgs = {
+    config = {
+      allowUnfree = true;
+      allowBroken = true;
+    };
+  };
+
+  hardware = {
+    opengl.enable = true;
+    pulseaudio = {
+      enable = true;
+      extraConfig = ''
+        load-module module-loopback
+      '';
+    };
+  };
+
+  programs = {
+    bash.enableCompletion = true;
+    command-not-found.enable = true;
+    gnupg.agent = {
+      enable = true;
+      enableSSHSupport = true;
+    };
+    mosh.enable = true;
+  };
+
+  virtualisation = {
+    docker = {
+      enable = true;
+      liveRestore = false;
+    };
+    libvirtd.enable = true;
+    virtualbox = {
+      host = {
+        enable = true;
+        headless = false;
+        addNetworkInterface = true;
+      };
+      guest = {
+        enable = true;
+        x11 = false;
+      };
+    };
+  };
+
+  services = {
+   logind = {
+      lidSwitch = "ignore";
+      extraConfig = "IdleAction=ignore";
+    };
+
+    openssh = {
+      enable = true;
+      forwardX11 = true;
+    };
+
+    offlineimap = {
+      enable = true;
+      install = true;
+    };
+
+    deluge = {
+      enable = true;
+      openFilesLimit = 10240;
+      web.enable = true;
+    };
+
+    printing.enable = true;
+
+    xserver = {
+      enable = true;
+      layout = "us";
+      #displayManager.lightdm = {
+      #  enable = false;
+      #  background = "/home/ben/.background-image";
+      #};
+
+      desktopManager = {
+        kodi.enable = true;
+        gnome3 = {
+        enable = true;
+        extraGSettingsOverridePackages = with pkgs; [ gnome3.gnome_settings_daemon ];
+        extraGSettingsOverrides = ''
+          [org.gnome.desktop.screensaver]
+          lock-delay=3600
+          lock-enabled=true'
+
+          [org.gnome.desktop.session]
+          idle-delay=900
+
+          [org.gnome.settings-daemon.plugins.power]
+          power-button-action='nothing'
+          idle-dim=true
+          sleep-inactive-battery-type='nothing'
+          sleep-inactive-ac-timeout=3600
+          sleep-inactive-ac-type='nothing'
+          sleep-inactive-battery-timeout=1800
+        '';
+      };
+      #xrandrHeads = [
+      #  {
+      #    output = "HDMI1";
+      #    primary = true;
+      #    monitorConfig = ''
+      #      DisplaySize 1920x1080
+      #    '';
+      #  }
+      #  #{
+      #  #  output = "DP1";
+      #  #  monitorConfig = ''
+      #  #    DisplaySize 1920x1080
+      #  #  '';
+      #  #}
+      #];
+      };
+    };
+
+    redshift = {
+      enable = true;
+      latitude = "33.044444";
+      longitude = "-117.271667";
+    };
+
+    emby = {
+      enable = true;
+      user = "emby";
+    };
+
+    # just for hero development
+    mysql = {
+      enable = true;
+      package = pkgs.mysql57;
+    };
+
+    vnstat.enable = true;
+
+    # security stuff
+    fail2ban.enable = false;
+    clamav = {
+      daemon.enable = false;
+      updater.enable = false;
+    };
+
+    gitolite = {
+      enable = true;
+      enableGitAnnex = true;
+      dataDir = "${gitDir}";
+      user = "git";
+      group = "git";
+      extraGitoliteRc = ''
+        $RC{UMASK} = 0022;
+        $RC{SITE_INFO} = 'a computer is a bicycle for the mind.';
+        $RC{GIT_CONFIG_KEYS} = 'gitweb\.(owner|description|category)';
+      '';
+      adminPubkey = "${benKey}";
+    };
+    lighttpd = {
+      enable = true;
+      port = 8000;
+      document-root = "${gitDir}";
+      mod_userdir = true;
+      mod_status = true;
+      collectd = {
+        enable = true;
+      };
+      cgit = {
+        enable = true;
+        configText = ''
+          cache-size=0
+          clone-url=git@buildmindful.com:$CGIT_REPO_URL
+          enable-index-owner=1
+          enable-http-clone=0
+          enable-index-links=1
+          enable-commit-graph=1
+          enable-log-filecount=1
+          enable-log-linecount=1
+          enable-git-config=1
+          remove-suffix=1
+          branch-sort=age
+          max-stats=week
+          mimetype.gif=image/gif
+          mimetype.html=text/html
+          mimetype.jpg=image/jpeg
+          mimetype.jpeg=image/jpeg
+          mimetype.pdf=application/pdf
+          mimetype.png=image/png
+          mimetype.svg=image/svg+xml
+          about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh
+          source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
+          readme=:README.md
+          root-title=buildmindful git repository
+          root-desc=a computer is a bicycle for the mind.
+          project-list=${gitDir}/projects.list
+          scan-path=${gitDir}/repositories
+        '';
+      };
+    };
+    postgresql = {
+      enable = true;
+      package = pkgs.postgresql100;
+      authentication = ''
+        local all pprjam md5
+        local all pprjam_test md5
+      '';
+      enableTCPIP = true;
+    };
+    redis = {
+      enable = true;
+    };
+  };
+
+  users = {
+    users = {
+      ben = {
+        isNormalUser = true;
+        home = "/home/ben";
+        openssh.authorizedKeys.keys = [ "${benKey}" ];
+        extraGroups = [ "wheel" "networkmanager" "docker" ];
+      };
+      nick = {
+        isNormalUser = true;
+        home = "/home/nick";
+        openssh.authorizedKeys.keys = [ "${nickKey}" ];
+        extraGroups = [ "docker" ];
+      };
+      dre = {
+        isNormalUser = true;
+        home = "/home/dre";
+        openssh.authorizedKeys.keys = [ "${dreKey}" ];
+        extraGroups = [ "docker" ];
+      };
+    };
+  };
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  boot.initrd.luks.devices = [
+    {
+      name = "root";
+      device = "/dev/disk/by-uuid/a0160f25-e0e3-4af0-8236-3e298eac957a";
+      preLVM = true;
+    }
+  ];
+
+  powerManagement.enable = false;
+
+  nix = {
+    gc = {
+      automatic = true;
+      dates = "03:15";
+    };
+    binaryCaches =  [ "https://cache.nixos.org/" ];
+    nixPath = [
+      "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs"
+      "nixos-config=/etc/nixos/configuration.nix"
+      "/nix/var/nix/profiles/per-user/root/channels"
+    ];
+    extraOptions = ''
+      gc-keep-outputs = true
+      gc-keep-derivations = true
+    '';
+  };
+
+  # This value determines the NixOS release with which your system is to be
+  # compatible, in order to avoid breaking some software such as database
+  # servers. You should change this only after NixOS release notes say you
+  # should.
+  system.stateVersion = "17.09"; # Did you read the comment?
+  system.autoUpgrade.enable = true;
+
+}