1 files changed, 220 insertions, 0 deletions

diff --git a/Com/Simatime/dev/configuration.nix b/Com/Simatime/dev/configuration.nix
new file mode 100644
index 0000000..c096f85
--- /dev/null
+++ b/Com/Simatime/dev/configuration.nix
@@ -0,0 +1,220 @@
+{ config, lib, pkgs, ... }:
+
+{
+  networking = {
+    hostName = "lithium";
+    hosts = {
+      "::1" = [ "localhost" "ipv6-localhost" "ipv6-loopback" ];
+    };
+
+    firewall = {
+      allowedTCPPorts = [
+        22 8000 8443 443 8080 8081 # std
+        500 10000 # no idea
+        8096 # emby
+        8112 # deluge
+      ];
+      allowedTCPPortRanges = [
+        { from = 3000; to = 3100; } # dev stuff
+        { from = 6000; to = 6999; } # torrents
+      ];
+      allowedUDPPortRanges = [
+        { from = 6000; to = 6999; } # torrents
+      ];
+      checkReversePath = false;
+    };
+
+  };
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.enableContainers = true;
+
+  boot.initrd.luks.devices = [
+    {
+      name = "root";
+      device = "/dev/disk/by-uuid/a0160f25-e0e3-4af0-8236-3e298eac957a";
+      preLVM = true;
+    }
+  ];
+
+  powerManagement.enable = false;
+
+  time.timeZone = "America/Los_Angeles";
+
+  fonts.fonts = with pkgs; [
+    google-fonts mononoki source-code-pro fantasque-sans-mono hack-font
+    fira fira-code fira-code-symbols
+  ];
+
+  nixpkgs = {
+    config = {
+      allowUnfree = true;
+      allowBroken = true;
+    };
+  };
+
+  hardware = {
+    opengl.enable = true;
+    pulseaudio = {
+      enable = true;
+      extraConfig = ''
+        load-module module-loopback
+      '';
+    };
+  };
+
+  programs = {
+    bash.enableCompletion = true;
+    command-not-found.enable = true;
+    gnupg.agent = {
+      enable = true;
+      enableSSHSupport = true;
+    };
+    mosh.enable = true;
+  };
+
+  virtualisation = {
+    docker = {
+      enable = true;
+      liveRestore = false;
+    };
+    libvirtd.enable = true;
+    virtualbox = {
+      host = {
+        enable = false;
+        headless = false;
+        addNetworkInterface = false;
+      };
+      guest = {
+        enable = false;
+        x11 = false;
+      };
+    };
+  };
+
+  # https://github.com/NixOS/nixpkgs/issues/53985
+  systemd.services.gitlab-runner.path = ["/run/wrappers"];
+
+  services = {
+    pcscd.enable = true;
+    logind = {
+      lidSwitch = "ignore";
+      extraConfig = "IdleAction=ignore";
+    };
+
+    # runner for hero ci
+    gitlab-runner = {
+      packages = [ pkgs.bash pkgs.git pkgs.python3 ];
+      enable = true;
+      gracefulTimeout = "2min";
+      gracefulTermination = true;
+      configFile = "/home/ben/gitlab-runner.toml";
+    };
+
+    openssh = {
+      enable = true;
+      forwardX11 = true;
+    };
+
+    deluge = {
+      enable = true;
+      openFilesLimit = 10240;
+      web.enable = true;
+    };
+
+    printing.enable = true;
+
+    xserver = {
+      enable = true;
+      layout = "us";
+      xkbOptions = "caps:ctrl_modifier";
+      displayManager.sddm.enable = true;
+      desktopManager = {
+        kodi.enable = true;
+        plasma5.enable = true;
+        xterm.enable = true;
+      };
+    };
+
+    jupyter = {
+      enable = false;
+      port = 3099;
+      ip = "*";
+      password = "'sha1:4b14a407cabe:fbab8e5400f3f4f3ffbdb00e996190d6a84bf51e'";
+      kernels = {
+        python3 = let
+          env = (pkgs.python3.withPackages (p: with p; [
+            ipykernel pandas scikitlearn numpy matplotlib sympy ipywidgets
+          ]));
+        in {
+          displayName = "py3";
+          argv = [
+            "${env.interpreter}"
+            "-m"
+            "ipykernel_launcher"
+            "-f"
+            "{connection_file}"
+          ];
+          language = "python";
+          #logo32 = "${env.sitePackages}/lib/python3.6/site-packages/ipykernel/resources/logo-32x32.png";
+          #logo64 = "${env.sitePackages}/lib/python3.6/site-packages/ipykernel/resources/logo-64x64.png";
+        };
+      };
+    };
+
+    jellyfin = { # previously emby
+      enable = true;
+      user = "jellyfin";
+      group = "jellyfin";
+    };
+
+    vnstat.enable = true;
+
+    # security stuff
+    fail2ban.enable = true;
+    clamav = {
+      daemon.enable = true;
+      updater.enable = true;
+    };
+
+    postgresql = {
+      enable = true;
+      package = pkgs.postgresql_10;
+      authentication = ''
+        local all pprjam md5
+        local all pprjam_test md5
+      '';
+      enableTCPIP = true;
+    };
+    redis = {
+      enable = true;
+    };
+  };
+
+  nix = {
+    gc = {
+      automatic = true;
+      dates = "03:15";
+    };
+    binaryCaches =  [ "https://cache.nixos.org/" ];
+    nixPath = [
+      "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs"
+      "nixos-config=/etc/nixos/configuration.nix"
+      "/nix/var/nix/profiles/per-user/root/channels"
+    ];
+    extraOptions = ''
+      gc-keep-outputs = true
+      gc-keep-derivations = true
+    '';
+  };
+
+  # This value determines the NixOS release with which your system is to be
+  # compatible, in order to avoid breaking some software such as database
+  # servers. You should change this only after NixOS release notes say you
+  # should.
+  system.stateVersion = "17.09"; # Did you read the comment?
+  system.autoUpgrade.enable = true;
+
+}