summaryrefslogtreecommitdiff
path: root/Biz
diff options
context:
space:
mode:
authorBen Sima <ben@bsima.me>2021-12-21 11:00:53 -0500
committerBen Sima <ben@bsima.me>2021-12-21 11:01:55 -0500
commit2b4e0164beaf697332cebce9c9a088be1978ffc5 (patch)
tree1c353bd9dd559074f616220447dc95bcc9369ee9 /Biz
parentf8197182cc5c2482781c2d02fc8e05ba75d00c09 (diff)
Reorganize some nix code
Diffstat (limited to 'Biz')
-rw-r--r--Biz/Dev.nix3
-rw-r--r--Biz/Dev/Configuration.nix417
-rw-r--r--Biz/Dev/Networking.nix52
3 files changed, 200 insertions, 272 deletions
diff --git a/Biz/Dev.nix b/Biz/Dev.nix
index e0eb89a..80ca773 100644
--- a/Biz/Dev.nix
+++ b/Biz/Dev.nix
@@ -10,8 +10,9 @@ bild.os {
./Dev/Configuration.nix
./Dev/Hardware.nix
./Dev/Hoogle.nix
- ./Dragons.nix
+ ./Dev/Networking.nix
./Dev/Wireguard.nix
+ ./Dragons.nix
# ./Dev/Guix.nix # I need to package a bunch of guile libs first
];
networking.hostName = "lithium";
diff --git a/Biz/Dev/Configuration.nix b/Biz/Dev/Configuration.nix
index 6c58ba4..a365d76 100644
--- a/Biz/Dev/Configuration.nix
+++ b/Biz/Dev/Configuration.nix
@@ -4,52 +4,6 @@ let
ghcCompiler = (import ../Bild/Constants.nix).ghcCompiler;
ports = import ../Cloud/Ports.nix;
in {
- networking = {
- nameservers = [ "1.1.1.1" ];
- hostName = "lithium";
- hosts = {
- "::1" = [ "localhost" "ipv6-localhost" "ipv6-loopback" ];
- };
-
- firewall = {
- allowedTCPPorts = [
- ports.bitcoind
- ports.delugeWeb
- ports.et
- ports.gemini
- ports.git
- ports.http
- ports.https
- ports.jellyfin
- ports.jupyter
- ports.k3s
- ports.mpd
- ports.mpd-stream
- ports.murmur
- ports.radicale
- ports.sabten
- ports.ssh
- ports.tor
- ];
- allowedTCPPortRanges = [
- ports.torrents
- ports.httpdev
- ];
- allowedUDPPorts = [ ports.murmur ports.et ];
- allowedUDPPortRanges = [
- ports.torrents
- ];
- checkReversePath = false;
- };
-
- # The global useDHCP flag is deprecated, therefore explicitly set to false here.
- # Per-interface useDHCP will be mandatory in the future, so this generated config
- # replicates the default behaviour.
- useDHCP = false;
- interfaces.enp1s0.useDHCP = true;
- interfaces.wlp0s20f0u4.useDHCP = true;
- };
-
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
@@ -88,234 +42,155 @@ in {
};
};
- programs = {
- bash.enableCompletion = true;
- command-not-found.enable = true;
- gnupg.agent = {
- enable = true;
- enableSSHSupport = true;
- };
- mosh.enable = true;
- };
-
- virtualisation = {
- docker = {
- enable = true;
- liveRestore = false;
- };
- libvirtd.enable = true;
- virtualbox = {
- host = {
- enable = false;
- headless = false;
- addNetworkInterface = false;
- };
- guest = {
- enable = false;
- x11 = false;
- };
- };
+ programs.bash.enableCompletion = true;
+ programs.command-not-found.enable = true;
+ programs.gnupg.agent.enable = true;
+ programs.gnupg.agent.enableSSHSupport = true;
+ programs.mosh.enable = true;
+
+ virtualisation.docker.enable = true;
+ virtualisation.docker.liveRestore = false;
+ virtualisation.libvirtd.enable = true;
+ virtualisation.virtualbox.host.enable = false;
+ virtualisation.virtualbox.host.headless = false;
+ virtualisation.virtualbox.host.addNetworkInterface = false;
+ virtualisation.virtualbox.guest.enable = false;
+ virtualisation.virtualbox.guest.x11 = false;
+
+ services.my-hoogle.enable = true;
+ services.my-hoogle.port = ports.hoogle;
+ services.my-hoogle.home = "//hoogle.simatime.com";
+ services.my-hoogle.packages = import ../Bild/Deps/Haskell.nix;
+ services.my-hoogle.haskellPackages = pkgs.haskell.packages.${ghcCompiler};
+ services.my-hoogle.host = "0.0.0.0";
+
+ services.eternal-terminal.enable = true;
+
+ services.k3s.enable = true;
+ services.k3s.role = "server";
+
+ services.tor.enable = true;
+ services.tor.client.enable = true;
+ services.tor.settings.enable = true;
+ services.tor.settings.role = "bridge";
+ services.tor.settings.ORPort = ports.tor;
+ services.tor.settings.Nickname = "ydeee3q1cjo83tsuqcz";
+ services.tor.settings.AccountingMax = "10 GBytes";
+ services.tor.settings.AccountingStart = "month 1 1:00";
+ services.tor.settings.ContactInfo = "ContactInfo pgp:66A6AD150399D970DCA4C4E6C8218B7D0BFDECCD ciissversion:2";
+
+ services.bitcoind.mainnet.enable = true;
+ services.bitcoind.mainnet.dataDir = "/mnt/campbell/bitcoind-mainnet/data";
+ services.bitcoind.mainnet.configFile = "/mnt/campbell/bitcoind-mainnet/bitcoin.conf";
+ services.bitcoind.mainnet.prune = 10000;
+
+ services.pcscd.enable = true;
+ services.logind.lidSwitch = "ignore";
+ services.logind.extraConfig = "IdleAction=ignore";
+
+ services.deluge.enable = true;
+ services.deluge.openFilesLimit = 10240;
+ services.deluge.web.enable = true;
+
+ services.printing.enable = true;
+
+ services.murmur.enable = true;
+ services.murmur.registerName = "simatime";
+ services.murmur.password = "simatime";
+ services.murmur.port = ports.murmur;
+
+ services.xserver.enable = true;
+ services.xserver.autorun = true;
+ services.xserver.layout = "us";
+ services.xserver.xkbOptions = "caps:ctrl_modifier";
+ services.xserver.serverFlagsSection = ''
+ Option "BlankTime" "0"
+ Option "StandbyTime" "0"
+ Option "SuspendTime" "0"
+ Option "OffTime" "0"
+ '';
+ services.xserver.displayManager.sddm.enable = true;
+ services.xserver.displayManager.sddm.enableHidpi = true;
+ # Some of these have conflicting definitions, which might be the source of my
+ # problems with the display. Start here for debugging.
+ #services.xserver.displayManager.session.manage = "desktop";
+ #services.xserver.displayManager.session.name = "home-manager";
+ #services.xserver.displayManager.session.start = ''
+ # ${pkgs.runtimeShell} $HOME/.hm-xsession &
+ # waitPID=$!
+ #'';
+ #services.xserver.desktopManager.kodi.enable = false;
+ #services.xserver.desktopManager.plasma5.enable = false;
+ services.xserver.desktopManager.xterm.enable = true;
+ services.xserver.windowManager.xmonad.enable = true;
+ services.xserver.libinput.enable = true;
+ services.xserver.libinput.touchpad.tapping = true;
+ services.xserver.modules = [ pkgs.xf86_input_wacom ];
+ services.xserver.wacom.enable = true;
+
+ services.jupyter.enable = true;
+ services.jupyter.port = ports.jupyter;
+ services.jupyter.ip = "*";
+ services.jupyter.password = "'argon2:$argon2id$v=19$m=10240,t=10,p=8$nvQhgk+htbIYi961YYAf1w$ekpwiTT5L4+OAods0K7EDw'";
+ services.jupyter.kernels.python3 = let
+ env = (pkgs.python3.withPackages (p: with p; [
+ ipykernel pandas scikitlearn numpy matplotlib sympy ipywidgets
+ ]));
+ in {
+ displayName = "py3";
+ argv = [
+ "${env.interpreter}"
+ "-m"
+ "ipykernel_launcher"
+ "-f"
+ "{connection_file}"
+ ];
+ language = "python";
+ # error: must be of type 'null or path'
+ #logo32 = "${env.sitePackages}/ipykernel/resources/logo-32x32.png";
+ #logo64 = "${env.sitePackages}/ipykernel/resources/logo-64x64.png";
};
- services = {
- my-hoogle = {
- enable = true;
- port = ports.hoogle;
- home = "//hoogle.simatime.com";
- packages = import ../Bild/Deps/Haskell.nix;
- haskellPackages = pkgs.haskell.packages.${ghcCompiler};
- host = "0.0.0.0";
- };
-
- eternal-terminal = {
- enable = true;
- };
-
- k3s = {
- enable = true;
- role = "server";
- extraFlags = toString [
- ];
- };
-
- tor = {
- enable = true;
- client.enable = true;
- relay = {
- enable = true;
- role = "bridge";
- port = ports.tor;
- nickname = "ydeee3q1cjo83tsuqcz";
- accountingMax = "10 GBytes";
- accountingStart = "month 1 1:00";
- contactInfo = "ContactInfo pgp:66A6AD150399D970DCA4C4E6C8218B7D0BFDECCD ciissversion:2";
- };
- };
-
- bitcoind = {
- mainnet = {
- enable = true;
- dataDir = "/mnt/campbell/bitcoind-mainnet/data";
- configFile = "/mnt/campbell/bitcoind-mainnet/bitcoin.conf";
- prune = 10000;
- };
- };
-
- pcscd.enable = true;
- logind = {
- lidSwitch = "ignore";
- extraConfig = "IdleAction=ignore";
- };
-
- deluge = {
- enable = true;
- openFilesLimit = 10240;
- web.enable = true;
- };
-
- printing.enable = true;
-
- murmur = {
- enable = true;
- registerName = "simatime";
- password = "simatime";
- port = ports.murmur;
- };
-
- xserver = {
- enable = true;
- autorun = true;
- layout = "us";
- xkbOptions = "caps:ctrl_modifier";
- serverFlagsSection = ''
- Option "BlankTime" "0"
- Option "StandbyTime" "0"
- Option "SuspendTime" "0"
- Option "OffTime" "0"
- '';
- displayManager = {
- sddm = {
- enable = true;
- enableHidpi = true;
- };
- #startx.enable = true;
- session = [
- {
- manage = "desktop";
- name = "home-manager";
- start = ''
- ${pkgs.runtimeShell} $HOME/.hm-xsession &
- waitPID=$!
- '';
- }
- ];
- };
- desktopManager = {
- #kodi.enable = false;
- #plasma5.enable = false;
- xterm.enable = true;
- };
- windowManager = {
- xmonad.enable = true;
- };
- libinput = {
- enable = true;
- tapping = true;
- };
- modules = [ pkgs.xf86_input_wacom ];
- wacom.enable = true;
- };
-
- jupyter = {
- enable = true;
- port = ports.jupyter;
- ip = "*";
- password = "'argon2:$argon2id$v=19$m=10240,t=10,p=8$nvQhgk+htbIYi961YYAf1w$ekpwiTT5L4+OAods0K7EDw'";
- kernels = {
- python3 = let
- env = (pkgs.python3.withPackages (p: with p; [
- ipykernel pandas scikitlearn numpy matplotlib sympy ipywidgets
- ]));
- in {
- displayName = "py3";
- argv = [
- "${env.interpreter}"
- "-m"
- "ipykernel_launcher"
- "-f"
- "{connection_file}"
- ];
- language = "python";
- # error: must be of type 'null or path'
- #logo32 = "${env.sitePackages}/ipykernel/resources/logo-32x32.png";
- #logo64 = "${env.sitePackages}/ipykernel/resources/logo-64x64.png";
- };
- };
- };
-
- jellyfin = { # previously emby
- enable = true;
- user = "jellyfin";
- group = "jellyfin";
- };
-
- minidlna = {
- enable = true;
- announceInterval = 60;
- friendlyName = "Sima Media";
- mediaDirs = [
- "V,/mnt/campbell/ben/youtube"
- "A,/mnt/campbell/ben/music"
- "V,/mnt/campbell/ben/torrents/done"
- ];
- };
-
- vnstat.enable = true;
-
- postgresql = {
- enable = true;
- package = pkgs.postgresql_10;
- authentication = ''
- local all pprjam md5
- local all pprjam_test md5
- '';
- enableTCPIP = true;
- };
- redis = {
- enable = true;
- };
- };
-
- documentation = {
- enable = true;
- dev.enable = true;
- doc.enable = true;
- info.enable = true;
- man.enable = true;
- nixos.enable = true;
- };
+ # previously emby
+ services.jellyfin.enable = true;
+ services.jellyfin.user = "jellyfin";
+ services.jellyfin.group = "jellyfin";
+
+ services.minidlna.enable = true;
+ services.minidlna.announceInterval = 60;
+ services.minidlna.friendlyName = "Sima Media";
+ services.minidlna.mediaDirs = [
+ "V,/mnt/campbell/ben/youtube"
+ "A,/mnt/campbell/ben/music"
+ "V,/mnt/campbell/ben/torrents/done"
+ ];
- nix = {
- autoOptimiseStore = true;
- buildCores = 0; # use all available cores
- # Since this is the dev machine, we can turn these on at the expense
- # of extra disk space.
- extraOptions = ''
- keep-outputs = true
- keep-derivations = true
- '';
- # 1 job * 2 cores = 2 maximum cores used at any one time
- maxJobs = 1;
- sshServe = {
- enable = true;
- keys = lib.trivial.pipe ../Keys/Ben.pub [
- builtins.readFile
- (lib.strings.splitString "\n")
- (lib.filter (s: s != ""))
- ];
- };
- trustedUsers = [ "root" "ben" ];
- };
+ services.vnstat.enable = true;
+
+ documentation.enable = true;
+ documentation.dev.enable = true;
+ documentation.doc.enable = true;
+ documentation.info.enable = true;
+ documentation.man.enable = true;
+ documentation.nixos.enable = true;
+
+ nix.autoOptimiseStore = true;
+ nix.buildCores = 0; # use all available cores
+ # Since this is the dev machine, we can turn these on at the expense
+ # of extra disk space.
+ nix.extraOptions = ''
+ keep-outputs = true
+ keep-derivations = true
+ '';
+ # 1 job * 2 cores = 2 maximum cores used at any one time
+ nix.maxJobs = 1;
+ nix.sshServe.enable = true;
+ nix.sshServe.keys = lib.trivial.pipe ../Keys/Ben.pub [
+ builtins.readFile
+ (lib.strings.splitString "\n")
+ (lib.filter (s: s != ""))
+ ];
+ nix.trustedUsers = [ "root" "ben" ];
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
diff --git a/Biz/Dev/Networking.nix b/Biz/Dev/Networking.nix
new file mode 100644
index 0000000..150b098
--- /dev/null
+++ b/Biz/Dev/Networking.nix
@@ -0,0 +1,52 @@
+{ config, lib, pkgs, ... }:
+
+let
+ ports = import ../Cloud/Ports.nix;
+in {
+ networking = {
+ nameservers = [ "1.1.1.1" ];
+ hostName = "lithium";
+ hosts = {
+ "::1" = [ "localhost" "ipv6-localhost" "ipv6-loopback" ];
+ };
+
+ firewall = {
+ allowedTCPPorts = [
+ ports.bitcoind
+ ports.delugeWeb
+ ports.et
+ ports.gemini
+ ports.git
+ ports.http
+ ports.https
+ ports.jellyfin
+ ports.jupyter
+ ports.k3s
+ ports.mpd
+ ports.mpd-stream
+ ports.murmur
+ ports.radicale
+ ports.sabten
+ ports.ssh
+ ports.tor
+ ];
+ allowedTCPPortRanges = [
+ ports.torrents
+ ports.httpdev
+ ];
+ allowedUDPPorts = [ ports.murmur ports.et ];
+ allowedUDPPortRanges = [
+ ports.torrents
+ ];
+ checkReversePath = false;
+ };
+
+ # The global useDHCP flag is deprecated, therefore explicitly set to false here.
+ # Per-interface useDHCP will be mandatory in the future, so this generated config
+ # replicates the default behaviour.
+ useDHCP = false;
+ interfaces.enp1s0.useDHCP = true;
+ interfaces.wlp0s20f0u4.useDHCP = true;
+ };
+
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-01 07:35:34 +0000