{ config, lib, pkgs, ... }:
let
myIp = "68.107.97.20"; # hiddor-kahih
gitDir = "/srv/git";
in
{
networking = {
hostName = "lithium";
hosts = {
"192.168.56.104" = [ "pprjam.localhost" ];
"127.0.0.1" = [ "localhost" "news.bnet" ];
"::1" = [ "localhost" "ipv6-localhost" "ipv6-loopback" ];
};
firewall = {
allowedTCPPorts = [ 8096 22 8000 8443 443 500 10000 8080 8081];
allowedTCPPortRanges = [
{ from = 3000; to = 3100; } # dev
{ from = 49152; to = 65535; } # jupyter kernel
];
checkReversePath = false;
};
};
time.timeZone = "America/Los_Angeles";
environment.systemPackages = with pkgs; [
wget
vnstat
];
fonts.fonts = with pkgs; [
google-fonts mononoki source-code-pro fantasque-sans-mono hack-font
fira fira-code fira-code-symbols
];
nixpkgs = {
config = {
allowUnfree = true;
allowBroken = true;
};
};
hardware = {
opengl.enable = true;
pulseaudio = {
enable = true;
extraConfig = ''
load-module module-loopback
'';
};
};
programs = {
bash.enableCompletion = true;
command-not-found.enable = true;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
mosh.enable = true;
};
virtualisation = {
docker = {
enable = true;
liveRestore = false;
};
libvirtd.enable = true;
virtualbox = {
host = {
enable = true;
headless = false;
addNetworkInterface = true;
};
guest = {
enable = true;
x11 = false;
};
};
};
services = {
pcscd.enable = true;
logind = {
lidSwitch = "ignore";
extraConfig = "IdleAction=ignore";
};
openssh = {
enable = true;
forwardX11 = true;
};
deluge = {
enable = true;
openFilesLimit = 10240;
web.enable = true;
};
printing.enable = true;
xserver = {
enable = true;
layout = "us";
#displayManager.lightdm = {
# enable = false;
# background = "/home/ben/.background-image";
#};
desktopManager = {
kodi.enable = true;
gnome3 = {
enable = true;
extraGSettingsOverridePackages = with pkgs; [ gnome3.gnome_settings_daemon ];
extraGSettingsOverrides = ''
[org.gnome.desktop.screensaver]
lock-delay=3600
lock-enabled=true'
[org.gnome.desktop.session]
idle-delay=900
[org.gnome.settings-daemon.plugins.power]
power-button-action='nothing'
idle-dim=true
sleep-inactive-battery-type='nothing'
sleep-inactive-ac-timeout=3600
sleep-inactive-ac-type='nothing'
sleep-inactive-battery-timeout=1800
'';
};
#xrandrHeads = [
# {
# output = "HDMI1";
# primary = true;
# monitorConfig = ''
# DisplaySize 1920x1080
# '';
# }
# #{
# # output = "DP1";
# # monitorConfig = ''
# # DisplaySize 1920x1080
# # '';
# #}
#];
};
};
redshift = {
enable = true;
latitude = "33.044444";
longitude = "-117.271667";
temperature = {
day = 4000;
night = 3500;
};
};
jupyter = {
enable = true;
port = 3099;
ip = "*";
password = "'sha1:4b14a407cabe:fbab8e5400f3f4f3ffbdb00e996190d6a84bf51e'";
kernels = {
python3 = let
env = (pkgs.python3.withPackages (p: with p; [
ipykernel pandas scikitlearn numpy matplotlib sympy ipywidgets
]));
in {
displayName = "py3";
argv = [
"${env.interpreter}"
"-m"
"ipykernel_launcher"
"-f"
"{connection_file}"
];
language = "python";
#logo32 = "${env.sitePackages}/lib/python3.6/site-packages/ipykernel/resources/logo-32x32.png";
#logo64 = "${env.sitePackages}/lib/python3.6/site-packages/ipykernel/resources/logo-64x64.png";
};
};
};
emby = {
enable = true;
user = "emby";
};
# just for hero development
mysql = {
enable = true;
package = pkgs.mysql57;
};
vnstat.enable = true;
# security stuff
fail2ban.enable = false;
clamav = {
daemon.enable = false;
updater.enable = false;
};
gitolite = {
enable = true;
enableGitAnnex = true;
dataDir = "${gitDir}";
user = "git";
group = "git";
extraGitoliteRc = ''
$RC{UMASK} = 0022;
$RC{SITE_INFO} = 'a computer is a bicycle for the mind.';
$RC{GIT_CONFIG_KEYS} = 'gitweb\.(owner|description|category)';
'';
adminPubkey = "${benKey}";
};
lighttpd = {
enable = true;
port = 8000;
document-root = "${gitDir}";
mod_userdir = true;
mod_status = true;
collectd = {
enable = true;
};
cgit = {
enable = true;
configText = ''
cache-size=0
clone-url=git@buildmindful.com:$CGIT_REPO_URL
enable-index-owner=1
enable-http-clone=0
enable-index-links=1
enable-commit-graph=1
enable-log-filecount=1
enable-log-linecount=1
enable-git-config=1
remove-suffix=1
branch-sort=age
max-stats=week
mimetype.gif=image/gif
mimetype.html=text/html
mimetype.jpg=image/jpeg
mimetype.jpeg=image/jpeg
mimetype.pdf=application/pdf
mimetype.png=image/png
mimetype.svg=image/svg+xml
about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh
source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
readme=:README.md
root-title=buildmindful git repository
root-desc=a computer is a bicycle for the mind.
project-list=${gitDir}/projects.list
scan-path=${gitDir}/repositories
'';
};
};
postgresql = {
enable = true;
package = pkgs.postgresql_10;
authentication = ''
local all pprjam md5
local all pprjam_test md5
'';
enableTCPIP = true;
};
redis = {
enable = true;
};
};
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.initrd.luks.devices = [
{
name = "root";
device = "/dev/disk/by-uuid/a0160f25-e0e3-4af0-8236-3e298eac957a";
preLVM = true;
}
];
powerManagement.enable = false;
nix = {
gc = {
automatic = true;
dates = "03:15";
};
binaryCaches = [ "https://cache.nixos.org/" ];
nixPath = [
"nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs"
"nixos-config=/etc/nixos/configuration.nix"
"/nix/var/nix/profiles/per-user/root/channels"
];
extraOptions = ''
gc-keep-outputs = true
gc-keep-derivations = true
'';
};
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "17.09"; # Did you read the comment?
system.autoUpgrade.enable = true;
}