From 2b4e0164beaf697332cebce9c9a088be1978ffc5 Mon Sep 17 00:00:00 2001 From: Ben Sima Date: Tue, 21 Dec 2021 11:00:53 -0500 Subject: Reorganize some nix code --- Biz/Dev.nix | 3 +- Biz/Dev/Configuration.nix | 417 ++++++++++++++++------------------------------ Biz/Dev/Networking.nix | 52 ++++++ 3 files changed, 200 insertions(+), 272 deletions(-) create mode 100644 Biz/Dev/Networking.nix (limited to 'Biz') diff --git a/Biz/Dev.nix b/Biz/Dev.nix index e0eb89a..80ca773 100644 --- a/Biz/Dev.nix +++ b/Biz/Dev.nix @@ -10,8 +10,9 @@ bild.os { ./Dev/Configuration.nix ./Dev/Hardware.nix ./Dev/Hoogle.nix - ./Dragons.nix + ./Dev/Networking.nix ./Dev/Wireguard.nix + ./Dragons.nix # ./Dev/Guix.nix # I need to package a bunch of guile libs first ]; networking.hostName = "lithium"; diff --git a/Biz/Dev/Configuration.nix b/Biz/Dev/Configuration.nix index 6c58ba4..a365d76 100644 --- a/Biz/Dev/Configuration.nix +++ b/Biz/Dev/Configuration.nix @@ -4,52 +4,6 @@ let ghcCompiler = (import ../Bild/Constants.nix).ghcCompiler; ports = import ../Cloud/Ports.nix; in { - networking = { - nameservers = [ "1.1.1.1" ]; - hostName = "lithium"; - hosts = { - "::1" = [ "localhost" "ipv6-localhost" "ipv6-loopback" ]; - }; - - firewall = { - allowedTCPPorts = [ - ports.bitcoind - ports.delugeWeb - ports.et - ports.gemini - ports.git - ports.http - ports.https - ports.jellyfin - ports.jupyter - ports.k3s - ports.mpd - ports.mpd-stream - ports.murmur - ports.radicale - ports.sabten - ports.ssh - ports.tor - ]; - allowedTCPPortRanges = [ - ports.torrents - ports.httpdev - ]; - allowedUDPPorts = [ ports.murmur ports.et ]; - allowedUDPPortRanges = [ - ports.torrents - ]; - checkReversePath = false; - }; - - # The global useDHCP flag is deprecated, therefore explicitly set to false here. - # Per-interface useDHCP will be mandatory in the future, so this generated config - # replicates the default behaviour. - useDHCP = false; - interfaces.enp1s0.useDHCP = true; - interfaces.wlp0s20f0u4.useDHCP = true; - }; - # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; @@ -88,234 +42,155 @@ in { }; }; - programs = { - bash.enableCompletion = true; - command-not-found.enable = true; - gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - mosh.enable = true; - }; - - virtualisation = { - docker = { - enable = true; - liveRestore = false; - }; - libvirtd.enable = true; - virtualbox = { - host = { - enable = false; - headless = false; - addNetworkInterface = false; - }; - guest = { - enable = false; - x11 = false; - }; - }; + programs.bash.enableCompletion = true; + programs.command-not-found.enable = true; + programs.gnupg.agent.enable = true; + programs.gnupg.agent.enableSSHSupport = true; + programs.mosh.enable = true; + + virtualisation.docker.enable = true; + virtualisation.docker.liveRestore = false; + virtualisation.libvirtd.enable = true; + virtualisation.virtualbox.host.enable = false; + virtualisation.virtualbox.host.headless = false; + virtualisation.virtualbox.host.addNetworkInterface = false; + virtualisation.virtualbox.guest.enable = false; + virtualisation.virtualbox.guest.x11 = false; + + services.my-hoogle.enable = true; + services.my-hoogle.port = ports.hoogle; + services.my-hoogle.home = "//hoogle.simatime.com"; + services.my-hoogle.packages = import ../Bild/Deps/Haskell.nix; + services.my-hoogle.haskellPackages = pkgs.haskell.packages.${ghcCompiler}; + services.my-hoogle.host = "0.0.0.0"; + + services.eternal-terminal.enable = true; + + services.k3s.enable = true; + services.k3s.role = "server"; + + services.tor.enable = true; + services.tor.client.enable = true; + services.tor.settings.enable = true; + services.tor.settings.role = "bridge"; + services.tor.settings.ORPort = ports.tor; + services.tor.settings.Nickname = "ydeee3q1cjo83tsuqcz"; + services.tor.settings.AccountingMax = "10 GBytes"; + services.tor.settings.AccountingStart = "month 1 1:00"; + services.tor.settings.ContactInfo = "ContactInfo pgp:66A6AD150399D970DCA4C4E6C8218B7D0BFDECCD ciissversion:2"; + + services.bitcoind.mainnet.enable = true; + services.bitcoind.mainnet.dataDir = "/mnt/campbell/bitcoind-mainnet/data"; + services.bitcoind.mainnet.configFile = "/mnt/campbell/bitcoind-mainnet/bitcoin.conf"; + services.bitcoind.mainnet.prune = 10000; + + services.pcscd.enable = true; + services.logind.lidSwitch = "ignore"; + services.logind.extraConfig = "IdleAction=ignore"; + + services.deluge.enable = true; + services.deluge.openFilesLimit = 10240; + services.deluge.web.enable = true; + + services.printing.enable = true; + + services.murmur.enable = true; + services.murmur.registerName = "simatime"; + services.murmur.password = "simatime"; + services.murmur.port = ports.murmur; + + services.xserver.enable = true; + services.xserver.autorun = true; + services.xserver.layout = "us"; + services.xserver.xkbOptions = "caps:ctrl_modifier"; + services.xserver.serverFlagsSection = '' + Option "BlankTime" "0" + Option "StandbyTime" "0" + Option "SuspendTime" "0" + Option "OffTime" "0" + ''; + services.xserver.displayManager.sddm.enable = true; + services.xserver.displayManager.sddm.enableHidpi = true; + # Some of these have conflicting definitions, which might be the source of my + # problems with the display. Start here for debugging. + #services.xserver.displayManager.session.manage = "desktop"; + #services.xserver.displayManager.session.name = "home-manager"; + #services.xserver.displayManager.session.start = '' + # ${pkgs.runtimeShell} $HOME/.hm-xsession & + # waitPID=$! + #''; + #services.xserver.desktopManager.kodi.enable = false; + #services.xserver.desktopManager.plasma5.enable = false; + services.xserver.desktopManager.xterm.enable = true; + services.xserver.windowManager.xmonad.enable = true; + services.xserver.libinput.enable = true; + services.xserver.libinput.touchpad.tapping = true; + services.xserver.modules = [ pkgs.xf86_input_wacom ]; + services.xserver.wacom.enable = true; + + services.jupyter.enable = true; + services.jupyter.port = ports.jupyter; + services.jupyter.ip = "*"; + services.jupyter.password = "'argon2:$argon2id$v=19$m=10240,t=10,p=8$nvQhgk+htbIYi961YYAf1w$ekpwiTT5L4+OAods0K7EDw'"; + services.jupyter.kernels.python3 = let + env = (pkgs.python3.withPackages (p: with p; [ + ipykernel pandas scikitlearn numpy matplotlib sympy ipywidgets + ])); + in { + displayName = "py3"; + argv = [ + "${env.interpreter}" + "-m" + "ipykernel_launcher" + "-f" + "{connection_file}" + ]; + language = "python"; + # error: must be of type 'null or path' + #logo32 = "${env.sitePackages}/ipykernel/resources/logo-32x32.png"; + #logo64 = "${env.sitePackages}/ipykernel/resources/logo-64x64.png"; }; - services = { - my-hoogle = { - enable = true; - port = ports.hoogle; - home = "//hoogle.simatime.com"; - packages = import ../Bild/Deps/Haskell.nix; - haskellPackages = pkgs.haskell.packages.${ghcCompiler}; - host = "0.0.0.0"; - }; - - eternal-terminal = { - enable = true; - }; - - k3s = { - enable = true; - role = "server"; - extraFlags = toString [ - ]; - }; - - tor = { - enable = true; - client.enable = true; - relay = { - enable = true; - role = "bridge"; - port = ports.tor; - nickname = "ydeee3q1cjo83tsuqcz"; - accountingMax = "10 GBytes"; - accountingStart = "month 1 1:00"; - contactInfo = "ContactInfo pgp:66A6AD150399D970DCA4C4E6C8218B7D0BFDECCD ciissversion:2"; - }; - }; - - bitcoind = { - mainnet = { - enable = true; - dataDir = "/mnt/campbell/bitcoind-mainnet/data"; - configFile = "/mnt/campbell/bitcoind-mainnet/bitcoin.conf"; - prune = 10000; - }; - }; - - pcscd.enable = true; - logind = { - lidSwitch = "ignore"; - extraConfig = "IdleAction=ignore"; - }; - - deluge = { - enable = true; - openFilesLimit = 10240; - web.enable = true; - }; - - printing.enable = true; - - murmur = { - enable = true; - registerName = "simatime"; - password = "simatime"; - port = ports.murmur; - }; - - xserver = { - enable = true; - autorun = true; - layout = "us"; - xkbOptions = "caps:ctrl_modifier"; - serverFlagsSection = '' - Option "BlankTime" "0" - Option "StandbyTime" "0" - Option "SuspendTime" "0" - Option "OffTime" "0" - ''; - displayManager = { - sddm = { - enable = true; - enableHidpi = true; - }; - #startx.enable = true; - session = [ - { - manage = "desktop"; - name = "home-manager"; - start = '' - ${pkgs.runtimeShell} $HOME/.hm-xsession & - waitPID=$! - ''; - } - ]; - }; - desktopManager = { - #kodi.enable = false; - #plasma5.enable = false; - xterm.enable = true; - }; - windowManager = { - xmonad.enable = true; - }; - libinput = { - enable = true; - tapping = true; - }; - modules = [ pkgs.xf86_input_wacom ]; - wacom.enable = true; - }; - - jupyter = { - enable = true; - port = ports.jupyter; - ip = "*"; - password = "'argon2:$argon2id$v=19$m=10240,t=10,p=8$nvQhgk+htbIYi961YYAf1w$ekpwiTT5L4+OAods0K7EDw'"; - kernels = { - python3 = let - env = (pkgs.python3.withPackages (p: with p; [ - ipykernel pandas scikitlearn numpy matplotlib sympy ipywidgets - ])); - in { - displayName = "py3"; - argv = [ - "${env.interpreter}" - "-m" - "ipykernel_launcher" - "-f" - "{connection_file}" - ]; - language = "python"; - # error: must be of type 'null or path' - #logo32 = "${env.sitePackages}/ipykernel/resources/logo-32x32.png"; - #logo64 = "${env.sitePackages}/ipykernel/resources/logo-64x64.png"; - }; - }; - }; - - jellyfin = { # previously emby - enable = true; - user = "jellyfin"; - group = "jellyfin"; - }; - - minidlna = { - enable = true; - announceInterval = 60; - friendlyName = "Sima Media"; - mediaDirs = [ - "V,/mnt/campbell/ben/youtube" - "A,/mnt/campbell/ben/music" - "V,/mnt/campbell/ben/torrents/done" - ]; - }; - - vnstat.enable = true; - - postgresql = { - enable = true; - package = pkgs.postgresql_10; - authentication = '' - local all pprjam md5 - local all pprjam_test md5 - ''; - enableTCPIP = true; - }; - redis = { - enable = true; - }; - }; - - documentation = { - enable = true; - dev.enable = true; - doc.enable = true; - info.enable = true; - man.enable = true; - nixos.enable = true; - }; + # previously emby + services.jellyfin.enable = true; + services.jellyfin.user = "jellyfin"; + services.jellyfin.group = "jellyfin"; + + services.minidlna.enable = true; + services.minidlna.announceInterval = 60; + services.minidlna.friendlyName = "Sima Media"; + services.minidlna.mediaDirs = [ + "V,/mnt/campbell/ben/youtube" + "A,/mnt/campbell/ben/music" + "V,/mnt/campbell/ben/torrents/done" + ]; - nix = { - autoOptimiseStore = true; - buildCores = 0; # use all available cores - # Since this is the dev machine, we can turn these on at the expense - # of extra disk space. - extraOptions = '' - keep-outputs = true - keep-derivations = true - ''; - # 1 job * 2 cores = 2 maximum cores used at any one time - maxJobs = 1; - sshServe = { - enable = true; - keys = lib.trivial.pipe ../Keys/Ben.pub [ - builtins.readFile - (lib.strings.splitString "\n") - (lib.filter (s: s != "")) - ]; - }; - trustedUsers = [ "root" "ben" ]; - }; + services.vnstat.enable = true; + + documentation.enable = true; + documentation.dev.enable = true; + documentation.doc.enable = true; + documentation.info.enable = true; + documentation.man.enable = true; + documentation.nixos.enable = true; + + nix.autoOptimiseStore = true; + nix.buildCores = 0; # use all available cores + # Since this is the dev machine, we can turn these on at the expense + # of extra disk space. + nix.extraOptions = '' + keep-outputs = true + keep-derivations = true + ''; + # 1 job * 2 cores = 2 maximum cores used at any one time + nix.maxJobs = 1; + nix.sshServe.enable = true; + nix.sshServe.keys = lib.trivial.pipe ../Keys/Ben.pub [ + builtins.readFile + (lib.strings.splitString "\n") + (lib.filter (s: s != "")) + ]; + nix.trustedUsers = [ "root" "ben" ]; # This value determines the NixOS release with which your system is to be # compatible, in order to avoid breaking some software such as database diff --git a/Biz/Dev/Networking.nix b/Biz/Dev/Networking.nix new file mode 100644 index 0000000..150b098 --- /dev/null +++ b/Biz/Dev/Networking.nix @@ -0,0 +1,52 @@ +{ config, lib, pkgs, ... }: + +let + ports = import ../Cloud/Ports.nix; +in { + networking = { + nameservers = [ "1.1.1.1" ]; + hostName = "lithium"; + hosts = { + "::1" = [ "localhost" "ipv6-localhost" "ipv6-loopback" ]; + }; + + firewall = { + allowedTCPPorts = [ + ports.bitcoind + ports.delugeWeb + ports.et + ports.gemini + ports.git + ports.http + ports.https + ports.jellyfin + ports.jupyter + ports.k3s + ports.mpd + ports.mpd-stream + ports.murmur + ports.radicale + ports.sabten + ports.ssh + ports.tor + ]; + allowedTCPPortRanges = [ + ports.torrents + ports.httpdev + ]; + allowedUDPPorts = [ ports.murmur ports.et ]; + allowedUDPPortRanges = [ + ports.torrents + ]; + checkReversePath = false; + }; + + # The global useDHCP flag is deprecated, therefore explicitly set to false here. + # Per-interface useDHCP will be mandatory in the future, so this generated config + # replicates the default behaviour. + useDHCP = false; + interfaces.enp1s0.useDHCP = true; + interfaces.wlp0s20f0u4.useDHCP = true; + }; + +} -- cgit v1.2.3