{ config, lib, pkgs, ... }: let gitDir = "/srv/git"; benKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiNB0iF9ClawNEizBtdYucqp1tAXXRbqvlPS6PFRrtiwSl+SJD29BCLgA5rLxcmFhBHZ/iId/En7GPFEzI/gMu071J7pUI4OcW0UVZju3GNc6ZEz/a6AD2u79JiXEDHfPEdmMqAe36kkaK0KJWSQP3xsFRwJ+8F8HHbSwoCLL+GJhBgAWHQLGfKesNrDacNljNDU3CgkEnDmu8QKuSzH2k1vrr69q2u2iMSAdiStDBAWEjN5nCVrm2XB2vmFLMtXpX2n8JI+znOGzRRDc8dNXejQeDMZGyV6jfVidEIX7vdgSydGjTRKcCLVAsKY3z0gYBZ8u8EUNujgcFBnnAvytj ben@neb"; nickKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDfSOxXJTQADjROqbaiJtjbJaHTsBtuWNvQpDvXLigl9R27VqIn7dYk2STuWglwFyrvYfU1UmjgJcJ6J2KbXGTH5mhaC04MJ4aqmOR3Ynnq7nDzmtEtn1I+K7LmpFXsFXgOTzIlzggIWflGd1pPBwgWqMoPDcSqNQFPI/+rk1JOxk3e2Mq60VTp9WM9hs0AJQEyZ+wwZ0vyrj588kQb6jQUZ7qx1UZoDzPc57zREEZbQeU1Gd9FK2bCHlKOBHYlqIftSRBGGCpuo7zobhajR0xHO9RnF0NmeLbW85XhDus8vVgBg/BTDPxHEzm5jKiCkc+i3ia0Ff9mp2zgtSdXCp5jbVZ3AYfYLi1zbPWmaSdWqFx2ntOLwWR3/RHjw6+b4KmUQ4xtQHyXOijTBCH29i7VCo7l8WL+I2mSGJ7/Wtw7NFtMpVVs8/0iKt2t12FIefzvbZoWU7vbmuO7+gQI5l+F+JE6DLWOl04vT/V98WxiHA5rbCjTT/bubs4gTeCR9qNehaoM+apitpUP8HXygnxD7EJeK6JNkdub9TY663IkiKlpnWgeoDTNSP7JF/jkU0Nt8yoR2pTyxQqMFYa37/3WKjmSHk1TgxLEmlwHQFtIkTPn8PL+VLa4ACYuWUjxS4aMRpxo9eJUHdy0Y04yKxXN8BLw7FAhytm2pTXtT4zqaQ== nicksima@gmail.com"; dreKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBaWLX6UpkiFZmS9OX8mcXIdmvxmHfP/v+8Sx9j3PCbFA+Jaj+PlCCiX/iLOL4Vgq3aQQpBg0FQWttLdCrGbTpnADfmU5TlbUk/9YEhPZG3MP1rYGtpIqmWFEWKGaiJHeW2SRVgnbJFwFKUtrsCQ/OAVENJTZ2xsn/t3xGYfCXqhs2jVctZmuhyO+Qw5KuAgIdr96+QsBVA1V/BdadDicDUgS7ixHyzECME9YT5ldj8YcsJcD4G07bfg7omF5s263BHx0sLpXKRQbIvcVcdnoAZK0JQEaz9adWaMzRuDhP+hMcsF4T2O1ZRLW4nsDRnK5N+KWO5317Jr8eVCqEpSQr aulloa@WINDOWS-DI0KOEL"; in { networking = { hostName = "lithium"; hosts = { "192.168.56.104" = [ "pprjam.localhost" ]; "127.0.0.1" = [ "localhost" "news.bnet" ]; "::1" = [ "localhost" "ipv6-localhost" "ipv6-loopback" ]; }; firewall = { allowedTCPPorts = [ 8096 22 8000 8443 443 500 10000 3000 8080 ]; checkReversePath = false; }; }; time.timeZone = "America/Los_Angeles"; environment.systemPackages = with pkgs; [ wget vnstat ]; fonts.fonts = with pkgs; [ google-fonts mononoki source-code-pro fantasque-sans-mono hack-font fira fira-code fira-code-symbols ]; nixpkgs = { config = { allowUnfree = true; allowBroken = true; }; }; hardware = { opengl.enable = true; pulseaudio = { enable = true; extraConfig = '' load-module module-loopback ''; }; }; programs = { bash.enableCompletion = true; command-not-found.enable = true; gnupg.agent = { enable = true; enableSSHSupport = true; }; mosh.enable = true; }; virtualisation = { docker = { enable = true; liveRestore = false; }; libvirtd.enable = true; virtualbox = { host = { enable = true; headless = false; addNetworkInterface = true; }; guest = { enable = true; x11 = false; }; }; }; services = { logind = { lidSwitch = "ignore"; extraConfig = "IdleAction=ignore"; }; openssh = { enable = true; forwardX11 = true; }; offlineimap = { enable = true; install = true; }; deluge = { enable = true; openFilesLimit = 10240; web.enable = true; }; printing.enable = true; xserver = { enable = true; layout = "us"; #displayManager.lightdm = { # enable = false; # background = "/home/ben/.background-image"; #}; desktopManager = { kodi.enable = true; gnome3 = { enable = true; extraGSettingsOverridePackages = with pkgs; [ gnome3.gnome_settings_daemon ]; extraGSettingsOverrides = '' [org.gnome.desktop.screensaver] lock-delay=3600 lock-enabled=true' [org.gnome.desktop.session] idle-delay=900 [org.gnome.settings-daemon.plugins.power] power-button-action='nothing' idle-dim=true sleep-inactive-battery-type='nothing' sleep-inactive-ac-timeout=3600 sleep-inactive-ac-type='nothing' sleep-inactive-battery-timeout=1800 ''; }; #xrandrHeads = [ # { # output = "HDMI1"; # primary = true; # monitorConfig = '' # DisplaySize 1920x1080 # ''; # } # #{ # # output = "DP1"; # # monitorConfig = '' # # DisplaySize 1920x1080 # # ''; # #} #]; }; }; redshift = { enable = true; latitude = "33.044444"; longitude = "-117.271667"; }; emby = { enable = true; user = "emby"; }; # just for hero development mysql = { enable = true; package = pkgs.mysql57; }; vnstat.enable = true; # security stuff fail2ban.enable = false; clamav = { daemon.enable = false; updater.enable = false; }; gitolite = { enable = true; enableGitAnnex = true; dataDir = "${gitDir}"; user = "git"; group = "git"; extraGitoliteRc = '' $RC{UMASK} = 0022; $RC{SITE_INFO} = 'a computer is a bicycle for the mind.'; $RC{GIT_CONFIG_KEYS} = 'gitweb\.(owner|description|category)'; ''; adminPubkey = "${benKey}"; }; lighttpd = { enable = true; port = 8000; document-root = "${gitDir}"; mod_userdir = true; mod_status = true; collectd = { enable = true; }; cgit = { enable = true; configText = '' cache-size=0 clone-url=git@buildmindful.com:$CGIT_REPO_URL enable-index-owner=1 enable-http-clone=0 enable-index-links=1 enable-commit-graph=1 enable-log-filecount=1 enable-log-linecount=1 enable-git-config=1 remove-suffix=1 branch-sort=age max-stats=week mimetype.gif=image/gif mimetype.html=text/html mimetype.jpg=image/jpeg mimetype.jpeg=image/jpeg mimetype.pdf=application/pdf mimetype.png=image/png mimetype.svg=image/svg+xml about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py readme=:README.md root-title=buildmindful git repository root-desc=a computer is a bicycle for the mind. project-list=${gitDir}/projects.list scan-path=${gitDir}/repositories ''; }; }; postgresql = { enable = true; package = pkgs.postgresql100; authentication = '' local all pprjam md5 local all pprjam_test md5 ''; enableTCPIP = true; }; redis = { enable = true; }; }; users = { users = { ben = { isNormalUser = true; home = "/home/ben"; openssh.authorizedKeys.keys = [ "${benKey}" ]; extraGroups = [ "wheel" "networkmanager" "docker" ]; }; nick = { isNormalUser = true; home = "/home/nick"; openssh.authorizedKeys.keys = [ "${nickKey}" ]; extraGroups = [ "docker" ]; }; dre = { isNormalUser = true; home = "/home/dre"; openssh.authorizedKeys.keys = [ "${dreKey}" ]; extraGroups = [ "docker" ]; }; }; }; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; boot.initrd.luks.devices = [ { name = "root"; device = "/dev/disk/by-uuid/a0160f25-e0e3-4af0-8236-3e298eac957a"; preLVM = true; } ]; powerManagement.enable = false; nix = { gc = { automatic = true; dates = "03:15"; }; binaryCaches = [ "https://cache.nixos.org/" ]; nixPath = [ "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs" "nixos-config=/etc/nixos/configuration.nix" "/nix/var/nix/profiles/per-user/root/channels" ]; extraOptions = '' gc-keep-outputs = true gc-keep-derivations = true ''; }; # This value determines the NixOS release with which your system is to be # compatible, in order to avoid breaking some software such as database # servers. You should change this only after NixOS release notes say you # should. system.stateVersion = "17.09"; # Did you read the comment? system.autoUpgrade.enable = true; }