{ config, lib, pkgs, ... }: let ghcCompiler = (import ../Bild/Constants.nix).ghcCompiler; ports = import ../Cloud/Ports.nix; in { networking = { nameservers = [ "1.1.1.1" ]; hostName = "lithium"; hosts = { "::1" = [ "localhost" "ipv6-localhost" "ipv6-loopback" ]; }; firewall = { allowedTCPPorts = [ ports.bitcoind ports.delugeWeb ports.et ports.gemini ports.git ports.http ports.https ports.jellyfin ports.jupyter ports.k3s ports.mpd ports.mpd-stream ports.murmur ports.radicale ports.sabten ports.ssh ports.tor ]; allowedTCPPortRanges = [ ports.torrents ports.httpdev ]; allowedUDPPorts = [ ports.murmur ports.et ]; allowedUDPPortRanges = [ ports.torrents ]; checkReversePath = false; }; # The global useDHCP flag is deprecated, therefore explicitly set to false here. # Per-interface useDHCP will be mandatory in the future, so this generated config # replicates the default behaviour. useDHCP = false; interfaces.enp1s0.useDHCP = true; interfaces.wlp0s20f0u4.useDHCP = true; }; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; boot.enableContainers = true; powerManagement.enable = false; time.timeZone = "America/New_York"; fonts.fonts = with pkgs; [ google-fonts mononoki source-code-pro fantasque-sans-mono hack-font fira fira-code fira-code-symbols ]; environment.systemPackages = [ pkgs.k3s pkgs.wemux pkgs.tmux pkgs.wireguard ]; nixpkgs = { config = { allowUnfree = true; allowBroken = true; }; }; hardware = { opengl.enable = true; pulseaudio = { enable = true; extraConfig = '' load-module module-loopback ''; }; }; programs = { bash.enableCompletion = true; command-not-found.enable = true; gnupg.agent = { enable = true; enableSSHSupport = true; }; mosh.enable = true; }; virtualisation = { docker = { enable = true; liveRestore = false; }; libvirtd.enable = true; virtualbox = { host = { enable = false; headless = false; addNetworkInterface = false; }; guest = { enable = false; x11 = false; }; }; }; services = { my-hoogle = { enable = true; port = ports.hoogle; home = "//hoogle.simatime.com"; packages = import ../Bild/Deps/Haskell.nix; haskellPackages = pkgs.haskell.packages.${ghcCompiler}; host = "0.0.0.0"; }; eternal-terminal = { enable = true; }; k3s = { enable = true; role = "server"; extraFlags = toString [ ]; }; tor = { enable = true; client.enable = true; relay = { enable = true; role = "bridge"; port = ports.tor; nickname = "ydeee3q1cjo83tsuqcz"; accountingMax = "10 GBytes"; accountingStart = "month 1 1:00"; contactInfo = "ContactInfo pgp:66A6AD150399D970DCA4C4E6C8218B7D0BFDECCD ciissversion:2"; }; }; bitcoind = { mainnet = { enable = true; dataDir = "/mnt/campbell/bitcoind-mainnet/data"; configFile = "/mnt/campbell/bitcoind-mainnet/bitcoin.conf"; prune = 10000; }; }; pcscd.enable = true; logind = { lidSwitch = "ignore"; extraConfig = "IdleAction=ignore"; }; deluge = { enable = true; openFilesLimit = 10240; web.enable = true; }; printing.enable = true; murmur = { enable = true; registerName = "simatime"; password = "simatime"; port = ports.murmur; }; xserver = { enable = true; autorun = true; layout = "us"; xkbOptions = "caps:ctrl_modifier"; serverFlagsSection = '' Option "BlankTime" "0" Option "StandbyTime" "0" Option "SuspendTime" "0" Option "OffTime" "0" ''; displayManager = { sddm = { enable = true; enableHidpi = true; }; #startx.enable = true; session = [ { manage = "desktop"; name = "home-manager"; start = '' ${pkgs.runtimeShell} $HOME/.hm-xsession & waitPID=$! ''; } ]; }; desktopManager = { #kodi.enable = false; #plasma5.enable = false; xterm.enable = true; }; windowManager = { xmonad.enable = true; }; libinput = { enable = true; tapping = true; }; modules = [ pkgs.xf86_input_wacom ]; wacom.enable = true; }; jupyter = { enable = true; port = ports.jupyter; ip = "*"; password = "'argon2:$argon2id$v=19$m=10240,t=10,p=8$nvQhgk+htbIYi961YYAf1w$ekpwiTT5L4+OAods0K7EDw'"; kernels = { python3 = let env = (pkgs.python3.withPackages (p: with p; [ ipykernel pandas scikitlearn numpy matplotlib sympy ipywidgets ])); in { displayName = "py3"; argv = [ "${env.interpreter}" "-m" "ipykernel_launcher" "-f" "{connection_file}" ]; language = "python"; # error: must be of type 'null or path' #logo32 = "${env.sitePackages}/ipykernel/resources/logo-32x32.png"; #logo64 = "${env.sitePackages}/ipykernel/resources/logo-64x64.png"; }; }; }; jellyfin = { # previously emby enable = true; user = "jellyfin"; group = "jellyfin"; }; minidlna = { enable = true; announceInterval = 60; friendlyName = "Sima Media"; mediaDirs = [ "V,/mnt/campbell/ben/youtube" "A,/mnt/campbell/ben/music" "V,/mnt/campbell/ben/torrents/done" ]; }; vnstat.enable = true; postgresql = { enable = true; package = pkgs.postgresql_10; authentication = '' local all pprjam md5 local all pprjam_test md5 ''; enableTCPIP = true; }; redis = { enable = true; }; }; documentation = { enable = true; dev.enable = true; doc.enable = true; info.enable = true; man.enable = true; nixos.enable = true; }; nix = { autoOptimiseStore = true; buildCores = 0; # use all available cores # Since this is the dev machine, we can turn these on at the expense # of extra disk space. extraOptions = '' keep-outputs = true keep-derivations = true ''; # 1 job * 2 cores = 2 maximum cores used at any one time maxJobs = 1; sshServe = { enable = true; keys = lib.trivial.pipe ../Keys/Ben.pub [ builtins.readFile (lib.strings.splitString "\n") (lib.filter (s: s != "")) ]; }; trustedUsers = [ "root" "ben" ]; }; # This value determines the NixOS release with which your system is to be # compatible, in order to avoid breaking some software such as database # servers. You should change this only after NixOS release notes say you # should. system.stateVersion = "20.09"; # Did you read the comment? # TODO: upstream this users.users.jupyter.isSystemUser = true; }