{ config, lib, pkgs, ... }:
{
networking = {
hostName = "lithium";
hosts = {
"::1" = [ "localhost" "ipv6-localhost" "ipv6-loopback" ];
};
firewall = {
allowedTCPPorts = [
22 8000 8443 443 8080 8081 # std
500 10000 # no idea
8096 # emby
8112 # deluge
];
allowedTCPPortRanges = [
{ from = 3000; to = 3100; } # dev stuff
{ from = 6000; to = 6999; } # torrents
];
allowedUDPPortRanges = [
{ from = 6000; to = 6999; } # torrents
];
checkReversePath = false;
};
};
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.enableContainers = true;
boot.initrd.luks.devices = [
{
name = "root";
device = "/dev/disk/by-uuid/a0160f25-e0e3-4af0-8236-3e298eac957a";
preLVM = true;
}
];
powerManagement.enable = false;
time.timeZone = "America/Los_Angeles";
fonts.fonts = with pkgs; [
google-fonts mononoki source-code-pro fantasque-sans-mono hack-font
fira fira-code fira-code-symbols
];
nixpkgs = {
config = {
allowUnfree = true;
allowBroken = true;
};
};
hardware = {
opengl.enable = true;
pulseaudio = {
enable = true;
extraConfig = ''
load-module module-loopback
'';
};
};
programs = {
bash.enableCompletion = true;
command-not-found.enable = true;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
mosh.enable = true;
};
virtualisation = {
docker = {
enable = true;
liveRestore = false;
};
libvirtd.enable = true;
virtualbox = {
host = {
enable = false;
headless = false;
addNetworkInterface = false;
};
guest = {
enable = false;
x11 = false;
};
};
};
# https://github.com/NixOS/nixpkgs/issues/53985
systemd.services.gitlab-runner.path = ["/run/wrappers"];
services = {
pcscd.enable = true;
logind = {
lidSwitch = "ignore";
extraConfig = "IdleAction=ignore";
};
# runner for hero ci
gitlab-runner = {
packages = [ pkgs.bash pkgs.git pkgs.python3 ];
enable = true;
gracefulTimeout = "2min";
gracefulTermination = true;
configFile = "/home/ben/gitlab-runner.toml";
};
deluge = {
enable = true;
openFilesLimit = 10240;
web.enable = true;
};
printing.enable = true;
xserver = {
enable = true;
layout = "us";
xkbOptions = "caps:ctrl_modifier";
displayManager.sddm.enable = true;
desktopManager = {
kodi.enable = true;
plasma5.enable = true;
xterm.enable = true;
};
};
jupyter = {
enable = false;
port = 3099;
ip = "*";
password = "'sha1:4b14a407cabe:fbab8e5400f3f4f3ffbdb00e996190d6a84bf51e'";
kernels = {
python3 = let
env = (pkgs.python3.withPackages (p: with p; [
ipykernel pandas scikitlearn numpy matplotlib sympy ipywidgets
]));
in {
displayName = "py3";
argv = [
"${env.interpreter}"
"-m"
"ipykernel_launcher"
"-f"
"{connection_file}"
];
language = "python";
#logo32 = "${env.sitePackages}/lib/python3.6/site-packages/ipykernel/resources/logo-32x32.png";
#logo64 = "${env.sitePackages}/lib/python3.6/site-packages/ipykernel/resources/logo-64x64.png";
};
};
};
emby = { # previously emby
enable = true;
user = "emby";
group = "emby";
};
vnstat.enable = true;
postgresql = {
enable = true;
package = pkgs.postgresql_10;
authentication = ''
local all pprjam md5
local all pprjam_test md5
'';
enableTCPIP = true;
};
redis = {
enable = true;
};
};
documentation = {
enable = true;
dev.enable = true;
doc.enable = true;
info.enable = true;
man.enable = true;
nixos.enable = true;
};
# Since this is the dev machine, we can turn these on at the expense of extra
# disk space.
nix.extraOptions = ''
keep-outputs = true
keep-derivations = true
'';
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "17.09"; # Did you read the comment?
}