MarcScott/gist:eef4966dd03b1d4e62da569fe4ac1018

## gistfile1.txt
{ config, pkgs, ... }:

{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
    ];

  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;


  services.xserver = {
  		    enable = true;
  		    windowManager.i3.enable = true;
  		    layout = "gb";
  		    synaptics.enable = true;
		    synaptics.twoFingerScroll = true;
		    synaptics.palmDetect = true;
		    synaptics.tapButtons = false;
		    };

  networking = {
    networkmanager.enable = true;
    hostName = "sulphur"; # Define your hostname.
    firewall = {
      ## Disabled for chromecast - not sure why these port numbers
      enable = true;
      allowedTCPPorts = [ 80 443 22 5556 ];
      allowedUDPPorts = [ 5556 ];
      };
    };


  # Set your time zone.
  time.timeZone = "Europe/London";
  hardware.pulseaudio.enable = true;
  system.autoUpgrade.enable = true;

  nixpkgs.config.allowUnfree = true;

  # List packages installed in system profile. To search by name, run:
  # $ nix-env -qaP | grep wget
  environment.systemPackages = with pkgs;
	[firefox
	google-chrome
	emacs
	pass
      	aspell
	aspellDicts.en
	git
	offlineimap
	gnupg
	konsole
	python3
	mu
	mumble
	pavucontrol
	wget
	openvpn
	imagemagick
	ffmpeg
	python36Packages.pip
	vlc
	twmn
	libnotify
	notify-osd
	slack
	mumble
	openvpn
	ntfs3g
	inkscape
	dropbox
	unzip
	];
  # Some programs need SUID wrappers, can be configured further or are

  # started in user sessions.
  programs.bash.enableCompletion = true;

  # programs.mtr.enable = true;
  programs.gnupg.agent = { enable = true; enableSSHSupport = true; };

  # Enable the OpenSSH daemon.
  services.openssh.enable = true;

  # Enable CUPS to print documents.
  services.printing.enable = true;

  # Set main user account
  users.extraUsers.mjs = {
    home = "/home/mjs";
    isNormalUser = true;
    extraGroups = [ "video" "wheel" "networkmanager" "audio" "nm-openvpn"];
    packages = with pkgs; [
	];
  };
services.openvpn.servers = {
    privateinternetaccess = {
      config = ''
      client
      dev tun
      proto udp
      remote nl.privateinternetaccess.com 1197
      resolv-retry infinite
      nobind
      persist-key
      persist-tun
      cipher aes-256-cbc
      auth sha256
      tls-client
      remote-cert-tls server
      auth-user-pass /root/.vpn/pia.txt
      comp-lzo
      verb 1
      reneg-sec 0
      crl-verify /root/.vpn/crl.rsa.4096.pem
      ca /root/.vpn/ca.rsa.4096.crt
      disable-occ
     '';
    };
    # Alternative servers
    # remote germany.privateinternetaccess.com 443
    # remote uk-london.privateinternetaccess.com 443
    # remote us-newyorkcity.privateinternetaccess.com 443
    # remote nl.privateinternetaccess.com 443
};

  # This value determines the NixOS release with which your system is to be
  # compatible, in order to avoid breaking some software such as database
  # servers. You should change this only after NixOS release notes say you
  # should.
  system.stateVersion = "17.09"; # Did you read the comment?

}
	{ config, pkgs, ... }:

	{
	imports =
	[ # Include the results of the hardware scan.
	./hardware-configuration.nix
	];

	# Use the systemd-boot EFI boot loader.
	boot.loader.systemd-boot.enable = true;
	boot.loader.efi.canTouchEfiVariables = true;


	services.xserver = {
	enable = true;
	windowManager.i3.enable = true;
	layout = "gb";
	synaptics.enable = true;
	synaptics.twoFingerScroll = true;
	synaptics.palmDetect = true;
	synaptics.tapButtons = false;
	};

	networking = {
	networkmanager.enable = true;
	hostName = "sulphur"; # Define your hostname.
	firewall = {
	## Disabled for chromecast - not sure why these port numbers
	enable = true;
	allowedTCPPorts = [ 80 443 22 5556 ];
	allowedUDPPorts = [ 5556 ];
	};
	};


	# Set your time zone.
	time.timeZone = "Europe/London";
	hardware.pulseaudio.enable = true;
	system.autoUpgrade.enable = true;

	nixpkgs.config.allowUnfree = true;

	# List packages installed in system profile. To search by name, run:
	# $ nix-env -qaP \| grep wget
	environment.systemPackages = with pkgs;
	[firefox
	google-chrome
	emacs
	pass
	aspell
	aspellDicts.en
	git
	offlineimap
	gnupg
	konsole
	python3
	mu
	mumble
	pavucontrol
	wget
	openvpn
	imagemagick
	ffmpeg
	python36Packages.pip
	vlc
	twmn
	libnotify
	notify-osd
	slack
	mumble
	openvpn
	ntfs3g
	inkscape
	dropbox
	unzip
	];
	# Some programs need SUID wrappers, can be configured further or are

	# started in user sessions.
	programs.bash.enableCompletion = true;

	# programs.mtr.enable = true;
	programs.gnupg.agent = { enable = true; enableSSHSupport = true; };

	# Enable the OpenSSH daemon.
	services.openssh.enable = true;

	# Enable CUPS to print documents.
	services.printing.enable = true;

	# Set main user account
	users.extraUsers.mjs = {
	home = "/home/mjs";
	isNormalUser = true;
	extraGroups = [ "video" "wheel" "networkmanager" "audio" "nm-openvpn"];
	packages = with pkgs; [
	];
	};
	services.openvpn.servers = {
	privateinternetaccess = {
	config = ''
	client
	dev tun
	proto udp
	remote nl.privateinternetaccess.com 1197
	resolv-retry infinite
	nobind
	persist-key
	persist-tun
	cipher aes-256-cbc
	auth sha256
	tls-client
	remote-cert-tls server
	auth-user-pass /root/.vpn/pia.txt
	comp-lzo
	verb 1
	reneg-sec 0
	crl-verify /root/.vpn/crl.rsa.4096.pem
	ca /root/.vpn/ca.rsa.4096.crt
	disable-occ
	'';
	};
	# Alternative servers
	# remote germany.privateinternetaccess.com 443
	# remote uk-london.privateinternetaccess.com 443
	# remote us-newyorkcity.privateinternetaccess.com 443
	# remote nl.privateinternetaccess.com 443
	};

	# This value determines the NixOS release with which your system is to be
	# compatible, in order to avoid breaking some software such as database
	# servers. You should change this only after NixOS release notes say you
	# should.
	system.stateVersion = "17.09"; # Did you read the comment?

	}