Rename systems folder to hosts

hosts/pianonix/default.nix

@@ -0,0 +1,204 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{
+  lib,
+  inputs,
+  config,
+  pkgs,
+  ...
+}:
+{
+  imports = [ ./hardware-configuration.nix ];
+
+  # disko.devices.disk.main.device = "/dev/mmcblk1";
+
+  networking.networkmanager.enable = true;
+  # networking.wireless.enable = true;
+  # networking.wireless.environmentFile = config.sops.secrets."wifi/pianonix".path;
+  # networking.wireless.networks = {
+  #   "@SSID@".psk = "@PSK@";
+  # };
+  networking.hostName = "pianonix"; # Define your hostname.
+
+  # Set your time zone.
+  time.timeZone = "Europe/Berlin";
+
+  sops.secrets."vnc-passwd" = {
+    owner = config.users.users.julian.name;
+    sopsFile = ../../../secrets/vnc-passwd;
+    format = "binary";
+  };
+  sops.secrets."wifi/pianonix" = { };
+  sops.secrets."syncthing/pianonix/key" = { };
+  sops.secrets."syncthing/pianonix/cert" = { };
+  # sops.secrets."syncthing/public-keys/aspi-nix" = { };
+  # sops.secrets."syncthing/public-keys/pianonix" = { };
+  sops.secrets."password/pianonix" = {
+    neededForUsers = true; # necessary for setting password
+  };
+
+  modules = {
+    sops.enable = true;
+    nix-settings.enable = true;
+    xserver-defaults.enable = true;
+    keymap.enable = true;
+    builder.enable = false;
+    # system.boot-efi.enable = true;
+    sound.enable = true;
+
+    locales.enable = true;
+    pcmanfm.enable = true;
+
+    # i3.enable = true;
+    # gdm.enable = true;
+    redshift.enable = true;
+
+    # wayland.enable = true;
+    # hyprland.enable = true;
+    # tuigreet.enable = true;
+
+    # virtualbox.enable = true;
+    users-julian.enable = true;
+    syncthing = {
+      enable = true;
+      overrideSettings = true;
+    };
+    # xdg-portal.enable = true;
+    polkit.enable = true;
+    keyring.enable = true;
+  };
+
+  users.mutableUsers = false;
+  users.users.julian.hashedPasswordFile = config.sops.secrets."password/pianonix".path;
+
+  # Enable the Desktop Environment.
+  # services.xserver.displayManager.lightdm.enable = true;
+  services.displayManager.autoLogin = {
+    enable = true;
+    user = "julian";
+  };
+
+  systemd.services.x11vnc = {
+    description = "Run x11vnc server";
+    after = [ "display-manager.service" ];
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      ExecStart = "${pkgs.x11vnc}/bin/x11vnc -rfbauth ${
+        config.sops.secrets."vnc-passwd".path
+      } -forever -loop -noxdamage -repeat -rfbport 5900 -shared";
+      User = config.users.users.julian.name;
+      Restart = "on-failure";
+      Environment = "DISPLAY=:0";
+    };
+  };
+
+  boot.loader.timeout = 1; # Set boot loader timeout to 1s
+
+  programs.dconf.enable = true;
+  # De-facto disable network manager, which is enabled by gnome
+  # networking.networkmanager.unmanaged = [ "*" ];
+  services.xserver.desktopManager = {
+    xfce = {
+      enable = true;
+    };
+  };
+
+  services.xserver.displayManager.sessionCommands = ''
+    # Prevent screen from going blank or turning off (values in min)
+    ${pkgs.xfce.xfconf}/bin/xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/blank-on-ac -s 0
+    ${pkgs.xfce.xfconf}/bin/xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/dpms-on-ac-sleep -s 0
+    ${pkgs.xfce.xfconf}/bin/xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/dpms-on-ac-off -s 0
+  '';
+
+  services.xserver.xautolock.enable = false;
+  services.xserver.desktopManager.xfce.enableScreensaver = false;
+
+  # xdg.portal.lxqt.enable = true;
+
+  services.openssh = {
+    enable = true;
+    # require public key authentication for better security
+    settings.PasswordAuthentication = false;
+    settings.KbdInteractiveAuthentication = false;
+    settings.PermitRootLogin = "yes";
+  };
+  users.users."root".openssh.authorizedKeys.keys = [
+    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVk/m4ydcYXzHxTWeNw2MlwxKU+JirTVOeHsYR4wdTokwYyNWZ3/zPcU4+XekSRatwJW1LJYrZ1Y5IJkobzgnOvYVI7SXZ1Tbzb1kAcnChSt+Dp/pKdMPZ8yY3PTFZh+R5F3rWFA/YZqTRhh0vuxPIVbLl7zOPExWwYGn9crkZaYZvKHVvgE5660hXo9pxbUKsSs+DIy/AE7gfKiZLusY95nk9T/jZ7Vmhl0UsF0RiDsfxgE664/vEKe8b+82kKCDt5nJVe8THSrjaw4+NUhef6R8UoUO1/Pn4TKq3Gil3Z36wPEPdkw2lYzX+d1EFyaC3hZJedSUfdFliPOejIbNvvhPBBD1wAGxxyuJZB5KLwWN7/efwCgw45buLbVfUuwwug7K7GK84A3yzqClbZKKv8rYdO04UG64A+Taq2LeyxQIDjygTgGk/1j/0Neb1RO0FbjlbTeNMZ54P+u7BTEcikJCsbFeseWDtYzupQtLt96KMbcdRgHy0CTGqFHE+my8= julian@julian-aspi"
+  ];
+
+  # Do not alway generate man-cache, making builds much faster
+  documentation.man.generateCaches = false;
+
+  # MDNS on local network
+  services.avahi = {
+    enable = true;
+    nssmdns4 = true;
+    publish.enable = true;
+    publish.addresses = true;
+  };
+
+  services.syncthing.key = config.sops.secrets."syncthing/pianonix/key".path;
+  services.syncthing.cert = config.sops.secrets."syncthing/pianonix/cert".path;
+  services.syncthing.settings = {
+    devices = {
+      "aspi-nix" = {
+        id = "DM5QRYU-ILJ4XYB-4V6NZDG-RAMVOND-3RSDSYR-52TW6RW-3XIU333-T7FNAA3";
+      };
+      "pianonix" = {
+        id = "FD3XSFW-7LQSCIQ-KHZPLNQ-7VZYGKH-RJ2ZKTJ-BG67NRH-36TQIZM-CXDYWAH";
+      };
+    };
+    folders = {
+      "Klavier" = {
+        path = "/home/julian/Klavier";
+        id = "flc3m-q4gp2";
+        devices = [
+          "aspi-nix"
+          "pianonix"
+        ];
+      };
+    };
+  };
+
+  # Packages needed as root
+  environment.systemPackages = with pkgs; [
+    vim
+    htop
+    mc
+  ];
+
+  networking.firewall.enable = true;
+
+  networking.firewall.allowedTCPPorts = [
+    5900 # for vnc
+  ];
+
+  # Disable the GNOME3/GDM auto-suspend feature that cannot be disabled in GUI!
+  # If no user is logged in, the machine will power down after 20 minutes.
+  systemd.targets.sleep.enable = false;
+  systemd.targets.suspend.enable = false;
+  systemd.targets.hibernate.enable = false;
+  systemd.targets.hybrid-sleep.enable = false;
+
+  ## Raspberry pi specific config
+  # hardware.raspberry-pi."4" = {
+  #   fkms-3d.enable = true;
+  #   touch-ft5406.enable = true;
+  # };
+  # Prevent host becoming unreachable on wifi after some time (for raspberry pi)
+  networking.networkmanager.wifi.powersave = false;
+  # Enable audio devices on raspberry pi
+  # boot.kernelParams = [
+  #   "snd_bcm2835.enable_hdmi=1"
+  #   "snd_bcm2835.enable_headphones=1"
+  # ];
+  # boot.loader.raspberryPi.firmwareConfig = ''
+  #   dtparam=audio=on
+  # '';
+
+  # ======================== DO NOT CHANGE THIS ========================
+  system.stateVersion = "22.11";
+  # ======================== DO NOT CHANGE THIS ========================
+}

hosts/pianonix/hardware-configuration.nix

@@ -0,0 +1,36 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
+    fsType = "ext4";
+  };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.end0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+}