{ config, lib, pkgs, ... }: let murmurPort = 64738; torrents = { from = 6000; to = 6999; }; in { networking = { hosts = { "::1" = [ "localhost" "ipv6-localhost" "ipv6-loopback" ]; }; firewall = { allowedTCPPorts = [ 22 8000 8443 443 # standard ports 8080 8081 8082 # mostly for urbit 500 10000 # no idea 8096 # emby/jellyfin 8112 # deluge murmurPort ]; allowedTCPPortRanges = [ { from = 3000; to = 3100; } # dev stuff torrents ]; allowedUDPPorts = [ murmurPort ]; allowedUDPPortRanges = [ torrents ]; checkReversePath = false; }; }; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; boot.enableContainers = true; boot.initrd.luks.devices = { root = { device = "/dev/disk/by-uuid/a0160f25-e0e3-4af0-8236-3e298eac957a"; preLVM = true; }; }; powerManagement.enable = false; time.timeZone = "America/Los_Angeles"; fonts.fonts = with pkgs; [ google-fonts mononoki source-code-pro fantasque-sans-mono hack-font fira fira-code fira-code-symbols ]; environment.systemPackages = [ pkgs.wemux pkgs.tmux ]; nixpkgs = { config = { allowUnfree = true; allowBroken = true; }; }; hardware = { opengl.enable = true; pulseaudio = { enable = true; extraConfig = '' load-module module-loopback ''; }; }; programs = { bash.enableCompletion = true; command-not-found.enable = true; gnupg.agent = { enable = true; enableSSHSupport = true; }; mosh.enable = true; }; virtualisation = { docker = { enable = true; liveRestore = false; }; libvirtd.enable = true; virtualbox = { host = { enable = false; headless = false; addNetworkInterface = false; }; guest = { enable = false; x11 = false; }; }; }; services = { pcscd.enable = true; logind = { lidSwitch = "ignore"; extraConfig = "IdleAction=ignore"; }; deluge = { enable = true; openFilesLimit = 10240; web.enable = true; }; printing.enable = true; murmur = { enable = true; registerName = "simatime"; password = "simatime"; port = murmurPort; }; xserver = { enable = true; layout = "us"; xkbOptions = "caps:ctrl_modifier"; displayManager.sddm.enable = true; desktopManager = { kodi.enable = true; plasma5.enable = true; xterm.enable = true; }; }; jupyter = { enable = false; port = 3099; ip = "*"; password = "'sha1:4b14a407cabe:fbab8e5400f3f4f3ffbdb00e996190d6a84bf51e'"; kernels = { python3 = let env = (pkgs.python3.withPackages (p: with p; [ ipykernel pandas scikitlearn numpy matplotlib sympy ipywidgets ])); in { displayName = "py3"; argv = [ "${env.interpreter}" "-m" "ipykernel_launcher" "-f" "{connection_file}" ]; language = "python"; #logo32 = "${env.sitePackages}/lib/python3.6/site-packages/ipykernel/resources/logo-32x32.png"; #logo64 = "${env.sitePackages}/lib/python3.6/site-packages/ipykernel/resources/logo-64x64.png"; }; }; }; jellyfin = { # previously emby enable = true; user = "jellyfin"; group = "jellyfin"; }; vnstat.enable = true; postgresql = { enable = true; package = pkgs.postgresql_10; authentication = '' local all pprjam md5 local all pprjam_test md5 ''; enableTCPIP = true; }; redis = { enable = true; }; }; documentation = { enable = true; dev.enable = true; doc.enable = true; info.enable = true; man.enable = true; nixos.enable = true; }; nix = { # 1 job * 2 cores = 2 maximum cores used at any one time maxJobs = 1; buildCores = 1; # Since this is the dev machine, we can turn these on at the expense # of extra disk space. extraOptions = '' keep-outputs = true keep-derivations = true ''; trustedUsers = [ "root" "ben" ]; }; # This value determines the NixOS release with which your system is to be # compatible, in order to avoid breaking some software such as database # servers. You should change this only after NixOS release notes say you # should. system.stateVersion = "17.09"; # Did you read the comment? }