move lithium to biz as hidor-kahih

6 files changed, 296 insertions, 12 deletions

diff --git a/depo/default.nix b/depo/default.nix
index 79cdca5..65e06ae 100644
--- a/depo/default.nix
+++ b/depo/default.nix
@@ -1,3 +1,4 @@
 {
 nutin-madaj = import ./nutin-madaj;
+hidor-kahih = import ./hidor-kahih;
 }
diff --git a/depo/hidor-kahih/configuration.nix b/depo/hidor-kahih/configuration.nix
new file mode 100644
index 0000000..514c7c0
--- /dev/null
+++ b/depo/hidor-kahih/configuration.nix
@@ -0,0 +1,206 @@
+{ config, lib, pkgs, ... }:
+
+{
+
+  networking = {
+    hostName = "lithium";
+    hosts = {
+      "::1" = [ "localhost" "ipv6-localhost" "ipv6-loopback" ];
+    };
+
+    firewall = {
+      allowedTCPPorts = [ 8096 22 8000 8443 443 500 10000 8080 8081];
+      allowedTCPPortRanges = [
+        { from = 3000; to = 3100; } # dev
+      ];
+      checkReversePath = false;
+    };
+
+  };
+
+  time.timeZone = "America/Los_Angeles";
+
+  environment.systemPackages = with pkgs; [
+    wget
+    vnstat
+  ];
+
+  fonts.fonts = with pkgs; [
+    google-fonts mononoki source-code-pro fantasque-sans-mono hack-font
+    fira fira-code fira-code-symbols
+  ];
+
+  nixpkgs = {
+    config = {
+      allowUnfree = true;
+      allowBroken = true;
+    };
+  };
+
+  hardware = {
+    opengl.enable = true;
+    pulseaudio = {
+      enable = true;
+      extraConfig = ''
+        load-module module-loopback
+      '';
+    };
+  };
+
+  programs = {
+    bash.enableCompletion = true;
+    command-not-found.enable = true;
+    gnupg.agent = {
+      enable = true;
+      enableSSHSupport = true;
+    };
+    mosh.enable = true;
+  };
+
+  virtualisation = {
+    docker = {
+      enable = false;
+      liveRestore = false;
+    };
+    libvirtd.enable = true;
+    virtualbox = {
+      host = {
+        enable = false;
+        headless = false;
+        addNetworkInterface = false;
+      };
+      guest = {
+        enable = false;
+        x11 = false;
+      };
+    };
+  };
+
+  services = {
+    pcscd.enable = true;
+    logind = {
+      lidSwitch = "ignore";
+      extraConfig = "IdleAction=ignore";
+    };
+
+    openssh = {
+      enable = true;
+      forwardX11 = true;
+    };
+
+    deluge = {
+      enable = true;
+      openFilesLimit = 10240;
+      web.enable = true;
+    };
+
+    printing.enable = true;
+
+    xserver = {
+      enable = true;
+      layout = "us";
+
+      xkbOptions = "caps:ctrl_modifier";
+
+      displayManager.sddm.enable = true;
+
+      desktopManager = {
+        kodi.enable = true;
+        plasma5.enable = true;
+        xterm.enable = true;
+      };
+    };
+
+    jupyter = {
+      enable = false;
+      port = 3099;
+      ip = "*";
+      password = "'sha1:4b14a407cabe:fbab8e5400f3f4f3ffbdb00e996190d6a84bf51e'";
+      kernels = {
+        python3 = let
+          env = (pkgs.python3.withPackages (p: with p; [
+            ipykernel pandas scikitlearn numpy matplotlib sympy ipywidgets
+          ]));
+        in {
+          displayName = "py3";
+          argv = [
+            "${env.interpreter}"
+            "-m"
+            "ipykernel_launcher"
+            "-f"
+            "{connection_file}"
+          ];
+          language = "python";
+          #logo32 = "${env.sitePackages}/lib/python3.6/site-packages/ipykernel/resources/logo-32x32.png";
+          #logo64 = "${env.sitePackages}/lib/python3.6/site-packages/ipykernel/resources/logo-64x64.png";
+        };
+      };
+    };
+
+    emby = {
+      enable = true;
+      user = "emby";
+    };
+
+    vnstat.enable = true;
+
+    # security stuff
+    fail2ban.enable = true;
+    clamav = {
+      daemon.enable = true;
+      updater.enable = true;
+    };
+
+    postgresql = {
+      enable = true;
+      package = pkgs.postgresql_10;
+      authentication = ''
+        local all pprjam md5
+        local all pprjam_test md5
+      '';
+      enableTCPIP = true;
+    };
+    redis = {
+      enable = true;
+    };
+  };
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  boot.initrd.luks.devices = [
+    {
+      name = "root";
+      device = "/dev/disk/by-uuid/a0160f25-e0e3-4af0-8236-3e298eac957a";
+      preLVM = true;
+    }
+  ];
+
+  powerManagement.enable = false;
+
+  nix = {
+    gc = {
+      automatic = true;
+      dates = "03:15";
+    };
+    binaryCaches =  [ "https://cache.nixos.org/" ];
+    nixPath = [
+      "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs"
+      "nixos-config=/etc/nixos/configuration.nix"
+      "/nix/var/nix/profiles/per-user/root/channels"
+    ];
+    extraOptions = ''
+      gc-keep-outputs = true
+      gc-keep-derivations = true
+    '';
+  };
+
+  # This value determines the NixOS release with which your system is to be
+  # compatible, in order to avoid breaking some software such as database
+  # servers. You should change this only after NixOS release notes say you
+  # should.
+  system.stateVersion = "17.09"; # Did you read the comment?
+  system.autoUpgrade.enable = true;
+
+}
diff --git a/depo/hidor-kahih/default.nix b/depo/hidor-kahih/default.nix
new file mode 100644
index 0000000..606ce29
--- /dev/null
+++ b/depo/hidor-kahih/default.nix
@@ -0,0 +1,25 @@
+/*
+
+hidor-kahih - main development/build server
+
+*/
+
+let
+  nixpkgs = builtins.fetchTarball (import ../../pack/nixpkgs.nix);
+in
+import "${nixpkgs}/nixos" {
+  system = "x86_64-linux";
+  configuration = {
+    nixpkgs.overlays = [
+      (import ../../pack/overlay.nix)
+    ];
+
+    imports =
+      [ ./hardware.nix
+        ../users.nix
+        ./configuration.nix
+    ];
+
+    users.users.root.openssh.authorizedKeys.keys = [(builtins.readFile ../../keys/ben.pub)];
+  };
+}
diff --git a/depo/hidor-kahih/hardware.nix b/depo/hidor-kahih/hardware.nix
new file mode 100644
index 0000000..fc0e7a0
--- /dev/null
+++ b/depo/hidor-kahih/hardware.nix
@@ -0,0 +1,34 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, ... }:
+
+{
+  imports =
+    [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/0d8b0e52-10de-4af2-bcd9-b36278352e77";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/9B89-85C7";
+      fsType = "vfat";
+    };
+
+  fileSystems."/mnt/lake" =
+    { device = "/dev/disk/by-uuid/037df3ae-4609-402c-ab1d-4593190d0ee7";
+      fsType = "ext4";
+    };
+
+  swapDevices = [ ];
+
+  nix.maxJobs = lib.mkDefault 4;
+  powerManagement.cpuFreqGovernor = "powersave";
+}
diff --git a/depo/nutin-madaj/default.nix b/depo/nutin-madaj/default.nix
index ffb2909..0b8f8d5 100644
--- a/depo/nutin-madaj/default.nix
+++ b/depo/nutin-madaj/default.nix
@@ -15,10 +15,8 @@ let
     url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.1/nixos-mailserver-v2.2.1.tar.gz";
     sha256 = "03d49v8qnid9g9rha0wg2z6vic06mhp0b049s3whccn1axvs2zzx";
   };
-  benKey =  "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiNB0iF9ClawNEizBtdYucqp1tAXXRbqvlPS6PFRrtiwSl+SJD29BCLgA5rLxcmFhBHZ/iId/En7GPFEzI/gMu071J7pUI4OcW0UVZju3GNc6ZEz/a6AD2u79JiXEDHfPEdmMqAe36kkaK0KJWSQP3xsFRwJ+8F8HHbSwoCLL+GJhBgAWHQLGfKesNrDacNljNDU3CgkEnDmu8QKuSzH2k1vrr69q2u2iMSAdiStDBAWEjN5nCVrm2XB2vmFLMtXpX2n8JI+znOGzRRDc8dNXejQeDMZGyV6jfVidEIX7vdgSydGjTRKcCLVAsKY3z0gYBZ8u8EUNujgcFBnnAvytj ben@neb";
   ibbPort = "3000";
   fathomPort = "3030";
-
 in
 import "${nixpkgs}/nixos" {
   system = "x86_64-linux";
@@ -27,6 +25,9 @@ import "${nixpkgs}/nixos" {
       ./hardware-configuration.nix
       ./networking.nix
 
+      # common infra
+      ../users.nix
+
       # configured modules
       ./git.nix
       ./mail.nix
@@ -48,15 +49,6 @@ import "${nixpkgs}/nixos" {
 
     networking.firewall.allowedTCPPorts = [ 22 80 443 ];
 
-    virtualisation = {
-      libvirtd.enable = true;
-      docker.enable = true;
-      virtualbox.guest.enable = true;
-      virtualbox.host.enable = true;
-      virtualbox.host.headless = false;
-      virtualbox.host.addNetworkInterface = true;
-    };
-
     # our custom apps
     services = {
       ibb = {
@@ -90,6 +82,6 @@ import "${nixpkgs}/nixos" {
     networking.hostName = "simatime";
     networking.firewall.allowPing = true;
     services.openssh.enable = true;
-    users.users.root.openssh.authorizedKeys.keys = [ benKey ];
+    users.users.root.openssh.authorizedKeys.keys = [(builtins.readFile ../../keys/ben.pub)];
   };
 }
diff --git a/depo/users.nix b/depo/users.nix
new file mode 100644
index 0000000..80b7570
--- /dev/null
+++ b/depo/users.nix
@@ -0,0 +1,26 @@
+{ ... }:
+
+{
+  users = {
+    users = {
+      ben = {
+        isNormalUser = true;
+        home = "/home/ben";
+        openssh.authorizedKeys.keys = [(builtins.readFile ../keys/ben.pub)];
+        extraGroups = [ "wheel" "networkmanager" "docker" ];
+      };
+      nick = {
+        isNormalUser = true;
+        home = "/home/nick";
+        openssh.authorizedKeys.keys = [(builtins.readFile ../keys/nick.pub)];
+        extraGroups = [ "docker" ];
+      };
+      dre = {
+        isNormalUser = true;
+        home = "/home/dre";
+        openssh.authorizedKeys.keys = [(builtins.readFile ../keys/dre.pub)];
+        extraGroups = [ "docker" ];
+      };
+    };
+  };
+}