oscarcarlsson/gist:73272fb6865e00f478ff0cf18221a9ec Secret

## gistfile1.txt
{ config, pkgs, options, ... }:
let
  unstable = import <nixpkgs-unstable> {};
in
{
  imports =
    [ ./hardware-configuration.nix
    ];

  boot.loader.grub.enable = true;
  boot.loader.grub.version = 2;
  boot.loader.grub.device = "/dev/sda";

  boot.kernelPackages = pkgs.linuxPackages_latest;

  boot.kernel.sysctl = {
    # Note that inotify watches consume 1kB on 64-bit machines.
    "fs.inotify.max_user_watches"   = 1048576;   # default:  8192
    "fs.inotify.max_user_instances" =    1024;   # default:   128
    "fs.inotify.max_queued_events"  =   32768;   # default: 16384
  };

  # udev for rfxcom device
  services.udev.extraRules = ''
# http://hintshop.ludvig.co.nz/show/persistent-names-usb-serial-devices/
SUBSYSTEM=="tty", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6001", ATTRS{serial}=="A121J9PS", SYMLINK+="rfxtrx433e", MODE="0660", GROUP="dialout"
SUBSYSTEM=="tty", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6015", ATTRS{serial}=="DO00KFUD", SYMLINK+="conbee", MODE="0660", GROUP="dialout"
  '';

  # scrubz please
  services.btrfs.autoScrub = {
    enable = true;
    fileSystems = ["/storage/warez" "/storage/backup"];
    interval = "weekly";
  };

  services.mysql = {
    enable = true;
    package = pkgs.mariadb;
    ensureDatabases = ["homeassistant"];
    rootPassword = "/root/mysql-passwd";
  };

  networking.hostName = "amarillo"; # Define your hostname.
  networking.hostId = "cf6c2869";

  i18n.defaultLocale = "en_US.UTF-8";
  time.timeZone = "Europe/Stockholm";

  # stolen from nixos.wiki
  nix.nixPath = options.nix.nixPath.default ++ [ "nixpkgs-overlays=/etc/nixos/overlays-compat/" ];

  nixpkgs.overlays =
    [
      (self: super:
      {
        # oragono = super.callPackage /etc/nixos/pkgs/oragono/default.nix {};
        # home-assistant = unstable.home-assistant;
        syncthing = unstable.syncthing;
      })
    ];

  environment.systemPackages = with pkgs; [
    wget curl emacs26-nox btrfsProgs mosh rsync coreutils vim docker_compose gitMinimal
    file sqlite exa fd ripgrep
  ];

  programs.bash.enableCompletion = true;

  services.openssh = {
    enable = true;
    ports = [ 22 ];
    extraConfig = ''
    AllowUsers foobar
    '';
  };
  services.samba = {
    enable = true;
    syncPasswordsByPam = true;
    extraConfig = ''
      workgroup = HOME
      server string = amarillo
      netbios name = amarillo
      hosts allow = 0.0.0.0/0
      guest account = warez
      security = user
      map to guest = Bad User
    '';
    shares = {
      # lots here
    };
  };

  services.syncthing = {
    dataDir = "/storage/backup/syncthing";
    openDefaultPorts = true;
    enable = true;
  };

  virtualisation.docker.enable = true;

  fileSystems = {
    "/export/musik" = {
      device = "/storage/warez/Musik";
      options = ["bind"];
    };
    "/export/vorbis" = {
      device = "/storage/warez/vorbis";
      options = ["bind"];
    };
    "/export/warez" = {
      device = "/storage/warez";
      options = ["bind"];
    };
    "/export/misc" = {
      device = "/storage/misc";
      options = ["bind"];
      };
  };

  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    recommendedOptimisation = true;
    recommendedGzipSettings = true;
    resolver.addresses = ["192.168.0.1"];
    virtualHosts =
    let
      defaultProxySettings = ''
        proxy_set_header X-Real-IP $remote_addr;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
      '';
    in {
      # even more
    };
  };

  security.acme.certs = {
    # stuff
  };

  services.ddclient = {
    # sicrits
  };

  users.mutableUsers = false;
  users.extraUsers = {
    oscar = {
      isNormalUser = true;
      extraGroups = [ "wheel" "docker" "www" ];
      hashedPassword = "asdfasdfasdfasdf";
      openssh.authorizedKeys.keys = ["asdfasdfasdfasdf"];
      uid = 1000;
    };
    warez = {
      isNormalUser = false;
      uid = 2000;
      extraGroups = ["warez"];
    };
    hass.extraGroups = ["dialout"];
  };

  users.groups = {
    warez = {
      members = ["oscar" "warez"];
      gid = 2000;
    };
  };

  system.stateVersion = "18.03"; # Did you read the comment?
  # system.autoUpgrade.enable = true;
}
	{ config, pkgs, options, ... }:
	let
	unstable = import <nixpkgs-unstable> {};
	in
	{
	imports =
	[ ./hardware-configuration.nix
	];

	boot.loader.grub.enable = true;
	boot.loader.grub.version = 2;
	boot.loader.grub.device = "/dev/sda";

	boot.kernelPackages = pkgs.linuxPackages_latest;

	boot.kernel.sysctl = {
	# Note that inotify watches consume 1kB on 64-bit machines.
	"fs.inotify.max_user_watches" = 1048576; # default: 8192
	"fs.inotify.max_user_instances" = 1024; # default: 128
	"fs.inotify.max_queued_events" = 32768; # default: 16384
	};

	# udev for rfxcom device
	services.udev.extraRules = ''
	# http://hintshop.ludvig.co.nz/show/persistent-names-usb-serial-devices/
	SUBSYSTEM=="tty", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6001", ATTRS{serial}=="A121J9PS", SYMLINK+="rfxtrx433e", MODE="0660", GROUP="dialout"
	SUBSYSTEM=="tty", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6015", ATTRS{serial}=="DO00KFUD", SYMLINK+="conbee", MODE="0660", GROUP="dialout"
	'';

	# scrubz please
	services.btrfs.autoScrub = {
	enable = true;
	fileSystems = ["/storage/warez" "/storage/backup"];
	interval = "weekly";
	};

	services.mysql = {
	enable = true;
	package = pkgs.mariadb;
	ensureDatabases = ["homeassistant"];
	rootPassword = "/root/mysql-passwd";
	};

	networking.hostName = "amarillo"; # Define your hostname.
	networking.hostId = "cf6c2869";

	i18n.defaultLocale = "en_US.UTF-8";
	time.timeZone = "Europe/Stockholm";

	# stolen from nixos.wiki
	nix.nixPath = options.nix.nixPath.default ++ [ "nixpkgs-overlays=/etc/nixos/overlays-compat/" ];

	nixpkgs.overlays =
	[
	(self: super:
	{
	# oragono = super.callPackage /etc/nixos/pkgs/oragono/default.nix {};
	# home-assistant = unstable.home-assistant;
	syncthing = unstable.syncthing;
	})
	];

	environment.systemPackages = with pkgs; [
	wget curl emacs26-nox btrfsProgs mosh rsync coreutils vim docker_compose gitMinimal
	file sqlite exa fd ripgrep
	];

	programs.bash.enableCompletion = true;

	services.openssh = {
	enable = true;
	ports = [ 22 ];
	extraConfig = ''
	AllowUsers foobar
	'';
	};
	services.samba = {
	enable = true;
	syncPasswordsByPam = true;
	extraConfig = ''
	workgroup = HOME
	server string = amarillo
	netbios name = amarillo
	hosts allow = 0.0.0.0/0
	guest account = warez
	security = user
	map to guest = Bad User
	'';
	shares = {
	# lots here
	};
	};

	services.syncthing = {
	dataDir = "/storage/backup/syncthing";
	openDefaultPorts = true;
	enable = true;
	};

	virtualisation.docker.enable = true;

	fileSystems = {
	"/export/musik" = {
	device = "/storage/warez/Musik";
	options = ["bind"];
	};
	"/export/vorbis" = {
	device = "/storage/warez/vorbis";
	options = ["bind"];
	};
	"/export/warez" = {
	device = "/storage/warez";
	options = ["bind"];
	};
	"/export/misc" = {
	device = "/storage/misc";
	options = ["bind"];
	};
	};

	services.nginx = {
	enable = true;
	recommendedProxySettings = true;
	recommendedTlsSettings = true;
	recommendedOptimisation = true;
	recommendedGzipSettings = true;
	resolver.addresses = ["192.168.0.1"];
	virtualHosts =
	let
	defaultProxySettings = ''
	proxy_set_header X-Real-IP $remote_addr;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	'';
	in {
	# even more
	};
	};

	security.acme.certs = {
	# stuff
	};

	services.ddclient = {
	# sicrits
	};

	users.mutableUsers = false;
	users.extraUsers = {
	oscar = {
	isNormalUser = true;
	extraGroups = [ "wheel" "docker" "www" ];
	hashedPassword = "asdfasdfasdfasdf";
	openssh.authorizedKeys.keys = ["asdfasdfasdfasdf"];
	uid = 1000;
	};
	warez = {
	isNormalUser = false;
	uid = 2000;
	extraGroups = ["warez"];
	};
	hass.extraGroups = ["dialout"];
	};

	users.groups = {
	warez = {
	members = ["oscar" "warez"];
	gid = 2000;
	};
	};

	system.stateVersion = "18.03"; # Did you read the comment?
	# system.autoUpgrade.enable = true;
	}