jcbrand/gist:be8335bb43af4c7337046f871dc3a77a

## gistfile1.txt
{ config, pkgs, ... }: {

containers.mind = {
    privateNetwork = true;
    hostAddress = "10.233.1.1";
    localAddress = "10.233.1.4";
    config =
      { config, pkgs, ... }:

      {

      imports = [
        /home/jc/.hosts.nix
        /home/jc/.bash.nix
      ];

      boot.isContainer = true;
      security.initialRootPassword = pkgs.lib.mkDefault "!";
      networking = {
        # hostName = pkgs.lib.mkDefault "";
        useDHCP = false;
        firewall.enable = false;
        nameservers = [ "8.8.4.4" "208.67.220.220" "208.67.222.222"];
      };

      programs = {
        bash = {
          shellAliases.bbj = "python2.7 bootstrap.py && bin/buildout -c jenkins.cfg && bin/jenkinsjob-push && bin/jenkinsjob-trigger-build";
        };
      };

      services = {
        clamav.daemon.enable = true;
        clamav.updater.enable = true;
        clamav.updater.frequency = 2;

        xserver.enable = true;
        xserver.layout = "us";
        xserver.xkbOptions = "eurosign:e";

        redis.enable = true;
        redis.extraConfig = ''
          maxclients 1000
        '';

        openssh = {
          enable = true;
          forwardX11 = true;
        };

        varnish = {
          enable = true;
          http_address = "*:8082";
          # XXX Can't get this to work... :(
          # config = ''
          #   include "/home/jc/maas.minddistrict.com/parts/etc/varnish.vcl";
          # '';
          config = ''
vcl 4.0;
import std;

backend  default {
   .host = "127.0.0.1";
   .port = "8080";
   .connect_timeout = 30s;
   .first_byte_timeout = 300s;
   .between_bytes_timeout = 300s;
}

sub vcl_recv {
   # Fanstatic, logo and favicon get cached.
   if (req.url ~ "^/fanstatic/" ||
       req.url ~ "^/(\+\+skin\+\+backend/)?[a-z0-9-]+/configuration/layout/(logo|favicon)") {
      unset req.http.cache-control;
      unset req.http.cookie;
      unset req.http.authorization;
      return (hash);
   }
   # The other not.
   return (pass);
}

sub vcl_backend_response {
   # Always store in cache what we get.
   return (deliver);
}

sub vcl_backend_error {
   set beresp.http.Content-Type = "text/html; charset=utf-8";
   synthetic(std.fileread("/home/jc/maas.minddistrict.com/www/5xx.html"));
   return(deliver);
}
          '';
        };

        nginx = {
            enable = true;
            httpConfig = ''
              server_tokens off;
              ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
              ssl_prefer_server_ciphers on;
              ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
              ssl_session_cache shared:SSL:10m;
              ssl_session_timeout 10m;

              access_log /tmp/nginx-access.log;
              error_log /tmp/nginx-error.log;

              # Virtual Host Config for app.minddistrict.com
              include /home/jc/maas.minddistrict.com/parts/etc/nginx.conf;
              '';
        };
      };

      users.extraUsers.jc = {
        createHome = true;
        home = "/home/jc";
        description = "Dev Account";
        extraGroups = [ "wheel" ];
        uid = 1000;
        useDefaultShell = true;
        openssh.authorizedKeys.keys = [
          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCVdk2/Y4lxoHkwQOwtVEX4N5GHZQDTWAWXS8bcg6j87/2DklE7L2W3fFTiW7gfUV5DeoqjIkeailqEvHDyS44cuW6fJmFoxfjbF/2VZwKgndZf2ZJYKvQRCp+o/qMDaFARaVgl9/iy9pCh8mJcLiH0mn+ZbPMG11kqYmlbjB7ngv3RALQFQzuPv2G4sdXXwaGoYyzQh/IGQmo2UCPvUt5wVVHVKxwpfcSDNaMIRQRl3UKiMDPAZV1v+BDjn0xqe63bRem6HauvKBSn4DyTKkSUpalrX405bFX5sFQs3gZHtbUlKZ3sIc5fhWwI8AH0nwGQF0xQUDAqaicgJzCgaaud jc@sundew"
          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5+z1BrazjD/mIS5s2POYQgahQRhBj0hq9N7hHVl/VQzmXT0ZZPs04GXyBvnx0bq8R2DTetBTlpIwici5bbdvY0aPef3I54AxLqNPAzKMOcu3aQPMcR42gsoNNDrp6amukcogweBMcSWmmtmWJRCex0RJXH4635M24Ki1vOteKQjfTCNI2PuV/TmS9dvUuZmMS0XgmLXhp873GaYHYoAB7MTHygb8rPtH4HqAU3YPU1OnLuYTDYXiegWXYY7PNdNZvNchxiT6VVr3qwK88ihG4nDpliKnLEfxJT7xpgS1gXv0Vvshnb1UesiXbMeJ6xTuTcjFeDyU+gQElEN9Nr/2J jc@devbox"
        ];
      };

      environment = {
        systemPackages = with pkgs; [
            aespipe
            autoconf
            automake
            ctags
            curl
            elinks
            erlangR17
            expat
            file
            firefox
            gcc
            gettext
            gitAndTools.gitFull
            gitAndTools.gitflow
            gnumake
            gnupg1orig
            graphviz
            htop
            jre7
            # Prosody deps
            lua51Packages.lua
            lua51Packages.luarocks
            lua51Packages.luabitop
            lua51Packages.luaevent
            lua51Packages.luaexpat
            lua51Packages.luafilesystem
            lua51Packages.luasec
            lua51Packages.luasocket
            libidn
            libevent
            # until here
            libedit
            libffi
            libjpeg62
            libmemcached
            libsass
            libtiff
            libxml2
            libxml2Python
            libxslt
            libyaml
            libzip
            lsof
            mediainfo
            memcached
            mercurial
            multitail
            nodePackages.bower
            nodePackages.jshint
            nodejs
            openssl
            pandoc
            pcre
            phantomjs
            pkgconfig
            postgresql91
            python27Full
            python27Packages.ipython
            python27Packages.psycopg2
            python27Packages.pycurl
            python27Packages.pyopenssl
            python27Packages.pysqlite
            python27Packages.python_magic
            python27Packages.readline
            python27Packages.selenium
            python27Packages.tkinter
            python27Packages.virtualenv
            python27Packages.pillow
            python3
            python34Packages.ipython
            python34Packages.python_magic
            python34Packages.setuptools
            readline
            ruby_2_1
            sassc
            sqlite
            stdenv
            tree
            unzipNLS
            varnish
            vimHugeX
            wget
            which
            xvfb_run
            zeromq
            zip
            zlib
        ];

        # pathsToLink = [ "/include" "/include/libxml2" "/include/uuid" ];
        pathsToLink = [ "/include" "/include/openssl" "/include/libxml2" ];
        shellInit = ''
            export DISPLAY=:10.0 # This is for selenium testing... so that firefox is displayed in the VirtualBox instance (where X11 is running)
            export C_INCLUDE_PATH=/var/run/current-system/sw/include:${pkgs.libxml2}/include/libxml2:${pkgs.libxslt}/include:var/run/current-system/sw/include:${pkgs.openssl}/include/openssl:${pkgs.graphviz}/lib/:${pkgs.file}/lib:${pkgs.libevent}/include:${pkgs.expat}/include
            export EVENT_DIR=${pkgs.libevent}
            export EXPAT_DIR=${pkgs.expat}
            export OPENSSL_DIR=${pkgs.openssl}
            export LIBRARY_PATH=/var/run/current-system/sw/lib:${pkgs.graphviz}/lib/:${pkgs.file}/lib:${pkgs.lua51Packages.lua}/lib:${pkgs.zlib}/lib
            export ZLIB_DIR=${pkgs.zlib}
            export SQLITE_DIR=${pkgs.sqlite}
            export CPLUS_INCLUDE_PATH=/var/run/current-system/sw/include:${pkgs.file}/lib
            export LD_LIBRARY_PATH=${pkgs.file}/lib:${pkgs.python27Packages.selenium}/selenium/webdriver/firefox/amd64/
            export PHANTOMJS_BIN=${pkgs.phantomjs}/bin/phantomjs
            export PYCURL_SSL_LIBRARY=openssl
            export PATH="$PATH:/home/jc/.luarocks/bin:/home/jc/devtools/bin:/home/jc/xmpp.minddistrict.com/bin:/home/jc/maas.minddistrict.com/parts/md.prosody/bin:/home/jc/bin:${pkgs.libxslt}/bin:${pkgs.curl}/bin"
            export PYTHONPATH=$PYTHONPATH:${pkgs.python27Packages.selenium}/lib/python2.7/site-packages
        '';
      };
    };
  };
}
	{ config, pkgs, ... }: {

	containers.mind = {
	privateNetwork = true;
	hostAddress = "10.233.1.1";
	localAddress = "10.233.1.4";
	config =
	{ config, pkgs, ... }:

	{

	imports = [
	/home/jc/.hosts.nix
	/home/jc/.bash.nix
	];

	boot.isContainer = true;
	security.initialRootPassword = pkgs.lib.mkDefault "!";
	networking = {
	# hostName = pkgs.lib.mkDefault "";
	useDHCP = false;
	firewall.enable = false;
	nameservers = [ "8.8.4.4" "208.67.220.220" "208.67.222.222"];
	};

	programs = {
	bash = {
	shellAliases.bbj = "python2.7 bootstrap.py && bin/buildout -c jenkins.cfg && bin/jenkinsjob-push && bin/jenkinsjob-trigger-build";
	};
	};

	services = {
	clamav.daemon.enable = true;
	clamav.updater.enable = true;
	clamav.updater.frequency = 2;

	xserver.enable = true;
	xserver.layout = "us";
	xserver.xkbOptions = "eurosign:e";

	redis.enable = true;
	redis.extraConfig = ''
	maxclients 1000
	'';

	openssh = {
	enable = true;
	forwardX11 = true;
	};

	varnish = {
	enable = true;
	http_address = "*:8082";
	# XXX Can't get this to work... :(
	# config = ''
	# include "/home/jc/maas.minddistrict.com/parts/etc/varnish.vcl";
	# '';
	config = ''
	vcl 4.0;
	import std;

	backend default {
	.host = "127.0.0.1";
	.port = "8080";
	.connect_timeout = 30s;
	.first_byte_timeout = 300s;
	.between_bytes_timeout = 300s;
	}

	sub vcl_recv {
	# Fanstatic, logo and favicon get cached.
	if (req.url ~ "^/fanstatic/" \|\|
	req.url ~ "^/(\+\+skin\+\+backend/)?[a-z0-9-]+/configuration/layout/(logo\|favicon)") {
	unset req.http.cache-control;
	unset req.http.cookie;
	unset req.http.authorization;
	return (hash);
	}
	# The other not.
	return (pass);
	}

	sub vcl_backend_response {
	# Always store in cache what we get.
	return (deliver);
	}

	sub vcl_backend_error {
	set beresp.http.Content-Type = "text/html; charset=utf-8";
	synthetic(std.fileread("/home/jc/maas.minddistrict.com/www/5xx.html"));
	return(deliver);
	}
	'';
	};

	nginx = {
	enable = true;
	httpConfig = ''
	server_tokens off;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 10m;

	access_log /tmp/nginx-access.log;
	error_log /tmp/nginx-error.log;

	# Virtual Host Config for app.minddistrict.com
	include /home/jc/maas.minddistrict.com/parts/etc/nginx.conf;
	'';
	};
	};

	users.extraUsers.jc = {
	createHome = true;
	home = "/home/jc";
	description = "Dev Account";
	extraGroups = [ "wheel" ];
	uid = 1000;
	useDefaultShell = true;
	openssh.authorizedKeys.keys = [
	"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCVdk2/Y4lxoHkwQOwtVEX4N5GHZQDTWAWXS8bcg6j87/2DklE7L2W3fFTiW7gfUV5DeoqjIkeailqEvHDyS44cuW6fJmFoxfjbF/2VZwKgndZf2ZJYKvQRCp+o/qMDaFARaVgl9/iy9pCh8mJcLiH0mn+ZbPMG11kqYmlbjB7ngv3RALQFQzuPv2G4sdXXwaGoYyzQh/IGQmo2UCPvUt5wVVHVKxwpfcSDNaMIRQRl3UKiMDPAZV1v+BDjn0xqe63bRem6HauvKBSn4DyTKkSUpalrX405bFX5sFQs3gZHtbUlKZ3sIc5fhWwI8AH0nwGQF0xQUDAqaicgJzCgaaud jc@sundew"
	"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5+z1BrazjD/mIS5s2POYQgahQRhBj0hq9N7hHVl/VQzmXT0ZZPs04GXyBvnx0bq8R2DTetBTlpIwici5bbdvY0aPef3I54AxLqNPAzKMOcu3aQPMcR42gsoNNDrp6amukcogweBMcSWmmtmWJRCex0RJXH4635M24Ki1vOteKQjfTCNI2PuV/TmS9dvUuZmMS0XgmLXhp873GaYHYoAB7MTHygb8rPtH4HqAU3YPU1OnLuYTDYXiegWXYY7PNdNZvNchxiT6VVr3qwK88ihG4nDpliKnLEfxJT7xpgS1gXv0Vvshnb1UesiXbMeJ6xTuTcjFeDyU+gQElEN9Nr/2J jc@devbox"
	];
	};

	environment = {
	systemPackages = with pkgs; [
	aespipe
	autoconf
	automake
	ctags
	curl
	elinks
	erlangR17
	expat
	file
	firefox
	gcc
	gettext
	gitAndTools.gitFull
	gitAndTools.gitflow
	gnumake
	gnupg1orig
	graphviz
	htop
	jre7
	# Prosody deps
	lua51Packages.lua
	lua51Packages.luarocks
	lua51Packages.luabitop
	lua51Packages.luaevent
	lua51Packages.luaexpat
	lua51Packages.luafilesystem
	lua51Packages.luasec
	lua51Packages.luasocket
	libidn
	libevent
	# until here
	libedit
	libffi
	libjpeg62
	libmemcached
	libsass
	libtiff
	libxml2
	libxml2Python
	libxslt
	libyaml
	libzip
	lsof
	mediainfo
	memcached
	mercurial
	multitail
	nodePackages.bower
	nodePackages.jshint
	nodejs
	openssl
	pandoc
	pcre
	phantomjs
	pkgconfig
	postgresql91
	python27Full
	python27Packages.ipython
	python27Packages.psycopg2
	python27Packages.pycurl
	python27Packages.pyopenssl
	python27Packages.pysqlite
	python27Packages.python_magic
	python27Packages.readline
	python27Packages.selenium
	python27Packages.tkinter
	python27Packages.virtualenv
	python27Packages.pillow
	python3
	python34Packages.ipython
	python34Packages.python_magic
	python34Packages.setuptools
	readline
	ruby_2_1
	sassc
	sqlite
	stdenv
	tree
	unzipNLS
	varnish
	vimHugeX
	wget
	which
	xvfb_run
	zeromq
	zip
	zlib
	];

	# pathsToLink = [ "/include" "/include/libxml2" "/include/uuid" ];
	pathsToLink = [ "/include" "/include/openssl" "/include/libxml2" ];
	shellInit = ''
	export DISPLAY=:10.0 # This is for selenium testing... so that firefox is displayed in the VirtualBox instance (where X11 is running)
	export C_INCLUDE_PATH=/var/run/current-system/sw/include:${pkgs.libxml2}/include/libxml2:${pkgs.libxslt}/include:var/run/current-system/sw/include:${pkgs.openssl}/include/openssl:${pkgs.graphviz}/lib/:${pkgs.file}/lib:${pkgs.libevent}/include:${pkgs.expat}/include
	export EVENT_DIR=${pkgs.libevent}
	export EXPAT_DIR=${pkgs.expat}
	export OPENSSL_DIR=${pkgs.openssl}
	export LIBRARY_PATH=/var/run/current-system/sw/lib:${pkgs.graphviz}/lib/:${pkgs.file}/lib:${pkgs.lua51Packages.lua}/lib:${pkgs.zlib}/lib
	export ZLIB_DIR=${pkgs.zlib}
	export SQLITE_DIR=${pkgs.sqlite}
	export CPLUS_INCLUDE_PATH=/var/run/current-system/sw/include:${pkgs.file}/lib
	export LD_LIBRARY_PATH=${pkgs.file}/lib:${pkgs.python27Packages.selenium}/selenium/webdriver/firefox/amd64/
	export PHANTOMJS_BIN=${pkgs.phantomjs}/bin/phantomjs
	export PYCURL_SSL_LIBRARY=openssl
	export PATH="$PATH:/home/jc/.luarocks/bin:/home/jc/devtools/bin:/home/jc/xmpp.minddistrict.com/bin:/home/jc/maas.minddistrict.com/parts/md.prosody/bin:/home/jc/bin:${pkgs.libxslt}/bin:${pkgs.curl}/bin"
	export PYTHONPATH=$PYTHONPATH:${pkgs.python27Packages.selenium}/lib/python2.7/site-packages
	'';
	};
	};
	};
	}