mtn/configuration.nix Secret

## configuration.nix
# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).

{ config, pkgs, lib, ... }:

let
  domainName = "trainingtheory.com";
in {
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
    ];

  nixpkgs.config.allowUnfree = true;

  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  # networking.hostName = "nixos"; # Define your hostname.
  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.

  # Configure network proxy if necessary
  # networking.proxy.default = "http://user:password@proxy:port/";
  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";

  # Select internationalisation properties.
  # i18n = {
  #   consoleFont = "Lat2-Terminus16";
  #   consoleKeyMap = "us";
  #   defaultLocale = "en_US.UTF-8";
  # };

  # Set your time zone.
  # time.timeZone = "Europe/Amsterdam";

  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
    file
    wget
    vim
    neovim
    firefox
    tmux
    git
    tree
    python3
    rustc
    cudatoolkit_10
    graphviz
    zathura
    gimp
    pandoc
    lm_sensors
    xclip
    imagemagick
    parallel
    uwsgi
  ];

  environment.variables.EDITOR = "nvim";

  hardware.opengl = {
    enable = true;
    driSupport32Bit = true;
    extraPackages32 = with pkgs.pkgsi686Linux; [ libva ];
    setLdLibraryPath = true;
  };

  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  # programs.gnupg.agent = { enable = true; enableSSHSupport = true; };

  # List services that you want to enable:
  services.logind.extraConfig = "RuntimeDirectorySize=15G";

  # Enable the OpenSSH daemon.
  services.openssh = {
    enable = true;
    passwordAuthentication = true;
    startWhenNeeded = true;
    forwardX11 = true;
    gatewayPorts = "yes";
    ports = [ 22 8037 ];
  };

  services.uwsgi.enable = true;
  services.uwsgi.plugins = [ "python3" ];
  services.uwsgi.user = "nginx";
  services.uwsgi.group = "nginx";
  services.uwsgi.instance = {
    type = "emperor";
    vassals.ttlabeler = {
      type = "normal";
      master = true;
      workers = 2;
      http = ":8000";
      module = "wsgi:app";
      chdir = /home/mtn/Documents/workspace/minimals/poetry2nix-service-dependencies/labeler;
      socket = "${config.services.uwsgi.runDir}/ttlabeler.sock";
      pythonPackages = let poetry2nixOverlay =
        builtins.fetchGit {
          ref = "master";
          rev = "e7c69a288c10e4d97816fdabda5ae3f38e21914e";
          url = "https://github.com/nix-community/poetry2nix";
        };

        pkgs = import <nixpkgs> { overlays = [ (import "${poetry2nixOverlay}/overlay.nix") ]; };

        inherit (pkgs.poetry2nix) mkPoetryApplication;

      in (self: (mkPoetryApplication {
        projectDir = /home/mtn/Documents/workspace/minimals/poetry2nix-service-dependencies;
      }).propagatedBuildInputs );
    };
  };

  services.nginx = {
    enable = true;

    virtualHosts."${domainName}" = {
      serverAliases = [ "www.${domainName}" ];
      enableACME = true;
      forceSSL = false;
      locations."/" = {
        extraConfig = ''
          uwsgi_pass unix://${config.services.uwsgi.instance.vassals.ttlabeler.socket};
          include ${pkgs.nginx}/conf/uwsgi_params;
        '';
      };
    };
  };

  # Open ports in the firewall.
  networking.hostName = "trainingtheory-server";
  networking.firewall.allowedTCPPorts = [ 22 80 443 8037 ];
  networking.firewall.allowedUDPPorts = [ 22 80 443 8037 ];
  # Or disable the firewall altogether.
  # networking.firewall.enable = false;

  # Enable CUPS to print documents.
  # services.printing.enable = true;

  # Enable sound.
  # sound.enable = true;
  # hardware.pulseaudio.enable = true;

  # Enable the X11 windowing system.
  services.xserver.enable = true;
  services.xserver.autorun = true;
  services.xserver.layout = "us";
  services.xserver.videoDrivers = ["nvidia"];
  # services.xserver.xkbOptions = "eurosign:e";

  # Enable touchpad support.
  # services.xserver.libinput.enable = true;

  # Enable the KDE Desktop Environment.
  services.xserver.displayManager.sddm.enable = true;
  services.xserver.desktopManager.plasma5.enable = true;

  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.mtn = {
    isNormalUser = true;
    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
    openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDcdWK04smt9NY7yWfzYGlSda6YZi2VNUgRrqn9U8JizuAN3fP5NYmNG5tCq5KiTrAJ/J2gb2z63LIN5Fk+J+ej7V/uEy/aF6pRsCjnO9EPhIc5NdQo9R0nAOaQ+ccAF1wAQnG2bAHib0LbAzemejYpdOboxy/W15PHvZr5su1jddTdiHGyRSKScvrJ+orQnyUKMd0ZfPhr8ejWOdp1RokQsgxB/v0FUpCrKI65WcUnaKn5utaFpZGE98Tc0nPt0/1/JlqKIG+mUiZw/YLm+sngJWMW5scivKyGEe20t6dD09QbN8v+pmB3yJV5n4cU2v6puKpAz8EGeXgk1wb4jxGdbHuyoyDnSMO11M6ACGwe+A9NkEsPT96Ok3wXHzr6ZmIhq00MTgKs+RXNCavouDvzQgJUmyq6LvjH5Sj6QPntAT4sexCk4kvRJYuMXBD7X6attQbSpwLXl3UdwB+AKF0yq/6Pp69P3ri5rrmjkBpjG+gp4IG/ktU48c+SJcIXxSFsnaJjATd9V5CwWiajXjAdRvDlSp5z01H8WhlNG+ecAejFmTDcnIpZFSV/nkj4SQI24LjW8SJSrdMvWLzBmbyw4fpWnetuyDvcq6xqxdPJr72fBpJeeYsJbCm6H9UGAK/yAFamxvFOceQhPl8pk55ineDHsROrQZ+IhOS4MRVXjQ== michaeltnoronha@gmail.com" ];
  };

  security.sudo.enable = true;

  security.acme.acceptTerms = true;
  security.acme.email = "michaeltnoronha@gmail.com";

  # This value determines the NixOS release with which your system is to be
  # compatible, in order to avoid breaking some software such as database
  # servers. You should change this only after NixOS release notes say you
  # should.
  system.stateVersion = "20.03"; # Did you read the comment?
  system.autoUpgrade.enable = true;
  system.autoUpgrade.channel = https://nixos.org/channels/nixos-20.03;
}
	# Edit this configuration file to define what should be installed on
	# your system. Help is available in the configuration.nix(5) man page
	# and in the NixOS manual (accessible by running ‘nixos-help’).

	{ config, pkgs, lib, ... }:

	let
	domainName = "trainingtheory.com";
	in {
	imports =
	[ # Include the results of the hardware scan.
	./hardware-configuration.nix
	];

	nixpkgs.config.allowUnfree = true;

	# Use the systemd-boot EFI boot loader.
	boot.loader.systemd-boot.enable = true;
	boot.loader.efi.canTouchEfiVariables = true;

	# networking.hostName = "nixos"; # Define your hostname.
	# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.

	# Configure network proxy if necessary
	# networking.proxy.default = "http://user:password@proxy:port/";
	# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";

	# Select internationalisation properties.
	# i18n = {
	# consoleFont = "Lat2-Terminus16";
	# consoleKeyMap = "us";
	# defaultLocale = "en_US.UTF-8";
	# };

	# Set your time zone.
	# time.timeZone = "Europe/Amsterdam";

	# List packages installed in system profile. To search, run:
	# $ nix search wget
	environment.systemPackages = with pkgs; [
	file
	wget
	vim
	neovim
	firefox
	tmux
	git
	tree
	python3
	rustc
	cudatoolkit_10
	graphviz
	zathura
	gimp
	pandoc
	lm_sensors
	xclip
	imagemagick
	parallel
	uwsgi
	];

	environment.variables.EDITOR = "nvim";

	hardware.opengl = {
	enable = true;
	driSupport32Bit = true;
	extraPackages32 = with pkgs.pkgsi686Linux; [ libva ];
	setLdLibraryPath = true;
	};

	# Some programs need SUID wrappers, can be configured further or are
	# started in user sessions.
	# programs.mtr.enable = true;
	# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };

	# List services that you want to enable:
	services.logind.extraConfig = "RuntimeDirectorySize=15G";

	# Enable the OpenSSH daemon.
	services.openssh = {
	enable = true;
	passwordAuthentication = true;
	startWhenNeeded = true;
	forwardX11 = true;
	gatewayPorts = "yes";
	ports = [ 22 8037 ];
	};

	services.uwsgi.enable = true;
	services.uwsgi.plugins = [ "python3" ];
	services.uwsgi.user = "nginx";
	services.uwsgi.group = "nginx";
	services.uwsgi.instance = {
	type = "emperor";
	vassals.ttlabeler = {
	type = "normal";
	master = true;
	workers = 2;
	http = ":8000";
	module = "wsgi:app";
	chdir = /home/mtn/Documents/workspace/minimals/poetry2nix-service-dependencies/labeler;
	socket = "${config.services.uwsgi.runDir}/ttlabeler.sock";
	pythonPackages = let poetry2nixOverlay =
	builtins.fetchGit {
	ref = "master";
	rev = "e7c69a288c10e4d97816fdabda5ae3f38e21914e";
	url = "https://github.com/nix-community/poetry2nix";
	};

	pkgs = import <nixpkgs> { overlays = [ (import "${poetry2nixOverlay}/overlay.nix") ]; };

	inherit (pkgs.poetry2nix) mkPoetryApplication;

	in (self: (mkPoetryApplication {
	projectDir = /home/mtn/Documents/workspace/minimals/poetry2nix-service-dependencies;
	}).propagatedBuildInputs );
	};
	};

	services.nginx = {
	enable = true;

	virtualHosts."${domainName}" = {
	serverAliases = [ "www.${domainName}" ];
	enableACME = true;
	forceSSL = false;
	locations."/" = {
	extraConfig = ''
	uwsgi_pass unix://${config.services.uwsgi.instance.vassals.ttlabeler.socket};
	include ${pkgs.nginx}/conf/uwsgi_params;
	'';
	};
	};
	};

	# Open ports in the firewall.
	networking.hostName = "trainingtheory-server";
	networking.firewall.allowedTCPPorts = [ 22 80 443 8037 ];
	networking.firewall.allowedUDPPorts = [ 22 80 443 8037 ];
	# Or disable the firewall altogether.
	# networking.firewall.enable = false;

	# Enable CUPS to print documents.
	# services.printing.enable = true;

	# Enable sound.
	# sound.enable = true;
	# hardware.pulseaudio.enable = true;

	# Enable the X11 windowing system.
	services.xserver.enable = true;
	services.xserver.autorun = true;
	services.xserver.layout = "us";
	services.xserver.videoDrivers = ["nvidia"];
	# services.xserver.xkbOptions = "eurosign:e";

	# Enable touchpad support.
	# services.xserver.libinput.enable = true;

	# Enable the KDE Desktop Environment.
	services.xserver.displayManager.sddm.enable = true;
	services.xserver.desktopManager.plasma5.enable = true;

	# Define a user account. Don't forget to set a password with ‘passwd’.
	users.users.mtn = {
	isNormalUser = true;
	extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
	openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDcdWK04smt9NY7yWfzYGlSda6YZi2VNUgRrqn9U8JizuAN3fP5NYmNG5tCq5KiTrAJ/J2gb2z63LIN5Fk+J+ej7V/uEy/aF6pRsCjnO9EPhIc5NdQo9R0nAOaQ+ccAF1wAQnG2bAHib0LbAzemejYpdOboxy/W15PHvZr5su1jddTdiHGyRSKScvrJ+orQnyUKMd0ZfPhr8ejWOdp1RokQsgxB/v0FUpCrKI65WcUnaKn5utaFpZGE98Tc0nPt0/1/JlqKIG+mUiZw/YLm+sngJWMW5scivKyGEe20t6dD09QbN8v+pmB3yJV5n4cU2v6puKpAz8EGeXgk1wb4jxGdbHuyoyDnSMO11M6ACGwe+A9NkEsPT96Ok3wXHzr6ZmIhq00MTgKs+RXNCavouDvzQgJUmyq6LvjH5Sj6QPntAT4sexCk4kvRJYuMXBD7X6attQbSpwLXl3UdwB+AKF0yq/6Pp69P3ri5rrmjkBpjG+gp4IG/ktU48c+SJcIXxSFsnaJjATd9V5CwWiajXjAdRvDlSp5z01H8WhlNG+ecAejFmTDcnIpZFSV/nkj4SQI24LjW8SJSrdMvWLzBmbyw4fpWnetuyDvcq6xqxdPJr72fBpJeeYsJbCm6H9UGAK/yAFamxvFOceQhPl8pk55ineDHsROrQZ+IhOS4MRVXjQ== michaeltnoronha@gmail.com" ];
	};

	security.sudo.enable = true;

	security.acme.acceptTerms = true;
	security.acme.email = "michaeltnoronha@gmail.com";

	# This value determines the NixOS release with which your system is to be
	# compatible, in order to avoid breaking some software such as database
	# servers. You should change this only after NixOS release notes say you
	# should.
	system.stateVersion = "20.03"; # Did you read the comment?
	system.autoUpgrade.enable = true;
	system.autoUpgrade.channel = https://nixos.org/channels/nixos-20.03;
	}