rename lithium and activate gitlab-runner

3 files changed, 291 insertions, 0 deletions

diff --git a/depo/hikuj-zupip/configuration.nix b/depo/hikuj-zupip/configuration.nix
new file mode 100644
index 0000000..00fbf46
--- /dev/null
+++ b/depo/hikuj-zupip/configuration.nix
@@ -0,0 +1,230 @@
+{ config, lib, pkgs, ... }:
+
+{
+
+  networking = {
+    hostName = "lithium";
+    hosts = {
+      "::1" = [ "localhost" "ipv6-localhost" "ipv6-loopback" ];
+    };
+
+    firewall = {
+      allowedTCPPorts = [
+        22 8000 8443 443 8080 8081 # std
+        500 10000 # no idea
+        8096 # emby
+        8112 # deluge
+      ];
+      allowedTCPPortRanges = [
+        { from = 3000; to = 3100; } # dev stuff
+      ];
+      checkReversePath = false;
+    };
+
+  };
+
+  time.timeZone = "America/Los_Angeles";
+
+  fonts.fonts = with pkgs; [
+    google-fonts mononoki source-code-pro fantasque-sans-mono hack-font
+    fira fira-code fira-code-symbols
+  ];
+
+  nixpkgs = {
+    config = {
+      allowUnfree = true;
+      allowBroken = true;
+    };
+  };
+
+  hardware = {
+    opengl.enable = true;
+    pulseaudio = {
+      enable = true;
+      extraConfig = ''
+        load-module module-loopback
+      '';
+    };
+  };
+
+  programs = {
+    bash.enableCompletion = true;
+    command-not-found.enable = true;
+    gnupg.agent = {
+      enable = true;
+      enableSSHSupport = true;
+    };
+    mosh.enable = true;
+  };
+
+  virtualisation = {
+    docker = {
+      enable = false;
+      liveRestore = false;
+    };
+    libvirtd.enable = true;
+    virtualbox = {
+      host = {
+        enable = false;
+        headless = false;
+        addNetworkInterface = false;
+      };
+      guest = {
+        enable = false;
+        x11 = false;
+      };
+    };
+  };
+
+  # https://github.com/NixOS/nixpkgs/issues/53985
+  systemd.services.gitlab-runner.path = [
+    "/run/wrappers"
+  ];
+
+  services = {
+    pcscd.enable = true;
+    logind = {
+      lidSwitch = "ignore";
+      extraConfig = "IdleAction=ignore";
+    };
+
+    # runner for hero ci
+    gitlab-runner = {
+      packages = [ pkgs.bash pkgs.git pkgs.python3 ];
+      enable = true;
+      gracefulTimeout = "2min";
+      gracefulTermination = true;
+      configFile = "/home/ben/gitlab-runner.toml";
+    };
+
+    openssh = {
+      enable = true;
+      forwardX11 = true;
+    };
+
+    deluge = {
+      enable = true;
+      openFilesLimit = 10240;
+      web.enable = true;
+    };
+
+    printing.enable = true;
+
+    tarsnap = {
+      enable = false;
+      archives = {
+        ben-home = {
+          directories = [
+          ];
+        };
+      };
+    };
+
+    xserver = {
+      enable = true;
+      layout = "us";
+
+      xkbOptions = "caps:ctrl_modifier";
+
+      displayManager.sddm.enable = true;
+
+      desktopManager = {
+        kodi.enable = true;
+        plasma5.enable = true;
+        xterm.enable = true;
+      };
+    };
+
+    jupyter = {
+      enable = false;
+      port = 3099;
+      ip = "*";
+      password = "'sha1:4b14a407cabe:fbab8e5400f3f4f3ffbdb00e996190d6a84bf51e'";
+      kernels = {
+        python3 = let
+          env = (pkgs.python3.withPackages (p: with p; [
+            ipykernel pandas scikitlearn numpy matplotlib sympy ipywidgets
+          ]));
+        in {
+          displayName = "py3";
+          argv = [
+            "${env.interpreter}"
+            "-m"
+            "ipykernel_launcher"
+            "-f"
+            "{connection_file}"
+          ];
+          language = "python";
+          #logo32 = "${env.sitePackages}/lib/python3.6/site-packages/ipykernel/resources/logo-32x32.png";
+          #logo64 = "${env.sitePackages}/lib/python3.6/site-packages/ipykernel/resources/logo-64x64.png";
+        };
+      };
+    };
+
+    emby = {
+      enable = true;
+      user = "emby";
+    };
+
+    vnstat.enable = true;
+
+    # security stuff
+    fail2ban.enable = true;
+    clamav = {
+      daemon.enable = true;
+      updater.enable = true;
+    };
+
+    postgresql = {
+      enable = true;
+      package = pkgs.postgresql_10;
+      authentication = ''
+        local all pprjam md5
+        local all pprjam_test md5
+      '';
+      enableTCPIP = true;
+    };
+    redis = {
+      enable = true;
+    };
+  };
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  boot.initrd.luks.devices = [
+    {
+      name = "root";
+      device = "/dev/disk/by-uuid/a0160f25-e0e3-4af0-8236-3e298eac957a";
+      preLVM = true;
+    }
+  ];
+
+  powerManagement.enable = false;
+
+  nix = {
+    gc = {
+      automatic = true;
+      dates = "03:15";
+    };
+    binaryCaches =  [ "https://cache.nixos.org/" ];
+    nixPath = [
+      "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs"
+      "nixos-config=/etc/nixos/configuration.nix"
+      "/nix/var/nix/profiles/per-user/root/channels"
+    ];
+    extraOptions = ''
+      gc-keep-outputs = true
+      gc-keep-derivations = true
+    '';
+  };
+
+  # This value determines the NixOS release with which your system is to be
+  # compatible, in order to avoid breaking some software such as database
+  # servers. You should change this only after NixOS release notes say you
+  # should.
+  system.stateVersion = "17.09"; # Did you read the comment?
+  system.autoUpgrade.enable = true;
+
+}
diff --git a/depo/hikuj-zupip/default.nix b/depo/hikuj-zupip/default.nix
new file mode 100644
index 0000000..ed1733e
--- /dev/null
+++ b/depo/hikuj-zupip/default.nix
@@ -0,0 +1,27 @@
+/*
+
+hidor-kahih - main development/build server
+
+*/
+
+let
+  nixpkgs = builtins.fetchTarball (import ../../pack/nixpkgs.nix);
+in
+import "${nixpkgs}/nixos" {
+  system = "x86_64-linux";
+  configuration = {
+    nixpkgs.overlays = [
+      (import ../../pack/overlay.nix)
+    ];
+
+    imports =
+      [ ./hardware.nix
+        ../users.nix
+        ../packages.nix
+        ./configuration.nix
+    ];
+
+    users.users.root.openssh.authorizedKeys.keys =
+      [(builtins.readFile ../../keys/deploy.pub)];
+  };
+}
diff --git a/depo/hikuj-zupip/hardware.nix b/depo/hikuj-zupip/hardware.nix
new file mode 100644
index 0000000..fc0e7a0
--- /dev/null
+++ b/depo/hikuj-zupip/hardware.nix
@@ -0,0 +1,34 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, ... }:
+
+{
+  imports =
+    [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/0d8b0e52-10de-4af2-bcd9-b36278352e77";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/9B89-85C7";
+      fsType = "vfat";
+    };
+
+  fileSystems."/mnt/lake" =
+    { device = "/dev/disk/by-uuid/037df3ae-4609-402c-ab1d-4593190d0ee7";
+      fsType = "ext4";
+    };
+
+  swapDevices = [ ];
+
+  nix.maxJobs = lib.mkDefault 4;
+  powerManagement.cpuFreqGovernor = "powersave";
+}