# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). { lib, inputs, config, pkgs, ... }: { imports = [ inputs.nixos-hardware.nixosModules.raspberry-pi-4 ./hardware-configuration.nix ../common/global ../common/users/julian ../common/optional/binarycaches.nix ../common/optional/pipewire.nix ../common/optional/remote-builder.nix ../common/optional/pcmanfm.nix ../common/optional/redshift.nix ../common/optional/authentication.nix ../common/optional/avahi.nix ]; # disko.devices.disk.main.device = "/dev/mmcblk1"; # enabled by fish, disabling speeds up builds documentation.man.generateCaches = false; networking.enableIPv6 = false; # This only leads to issues with avahi hardware.bluetooth.enable = true; services.blueman.enable = true; # bluetooth gui # raspberry pi specific # systemd.services.btattach = { # before = [ "bluetooth.service" ]; # after = [ "dev-ttyAMA0.device" ]; # wantedBy = [ "multi-user.target" ]; # serviceConfig = { # ExecStart = "${pkgs.bluez}/bin/btattach -B /dev/ttyAMA0 -P bcm -S 3000000"; # }; # }; # networking.wireless.enable = true; # networking.wireless.secretsFile = config.sops.secrets."wifi/pianonix".path; # networking.wireless.networks = { # "SMARTments".pskRaw = "ext:PSK"; # }; # networking.networkmanager.enable = lib.mkForce false; services.gnome.at-spi2-core.enable = true; # for onboard networking.hostName = "pianonix"; system.stateVersion = "22.11"; sops.secrets."vnc-passwd" = { owner = config.users.users.julian.name; sopsFile = ./secrets-vnc-passwd.bin; format = "binary"; }; sops.secrets."wifi/pianonix" = {}; sops.secrets."syncthing/pianonix/key" = {}; sops.secrets."syncthing/pianonix/cert" = {}; # sops.secrets."syncthing/public-keys/aspi-nix" = { }; # sops.secrets."syncthing/public-keys/pianonix" = { }; sops.secrets."wg-config" = { sopsFile = ./secrets-wg-config.bin; format = "binary"; }; networking.wg-quick.interfaces = { home = { configFile = config.sops.secrets."wg-config".path; autostart = true; # This interface is started on boot }; }; modules = { syncthing = { enable = true; overrideSettings = true; }; }; # Enable the Desktop Environment. # services.xserver.displayManager.lightdm.enable = true; services.displayManager.defaultSession = "xfce"; services.displayManager.autoLogin = { enable = true; user = "julian"; }; systemd.services.x11vnc = { description = "Run x11vnc server"; after = ["display-manager.service"]; wantedBy = ["multi-user.target"]; serviceConfig = { ExecStart = "${pkgs.x11vnc}/bin/x11vnc -rfbauth ${ config.sops.secrets."vnc-passwd".path } -forever -loop -noxdamage -repeat -rfbport 5900 -shared"; User = config.users.users.julian.name; Restart = "on-failure"; Environment = "DISPLAY=:0"; }; }; boot.loader.timeout = lib.mkForce 1; # Set boot loader timeout to 1s # De-facto disable network manager, which is enabled by gnome # networking.networkmanager.unmanaged = [ "*" ]; services.xserver.enable = true; services.xserver.desktopManager = { xfce = { enable = true; }; }; services.xserver.displayManager.sessionCommands = '' # Prevent screen from going blank or turning off (values in min) ${pkgs.xfce.xfconf}/bin/xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/blank-on-ac -s 0 ${pkgs.xfce.xfconf}/bin/xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/dpms-on-ac-sleep -s 0 ${pkgs.xfce.xfconf}/bin/xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/dpms-on-ac-off -s 0 ''; services.xserver.xautolock.enable = false; services.xserver.desktopManager.xfce.enableScreensaver = false; # xdg.portal.lxqt.enable = true; services.openssh = { enable = true; # require public key authentication for better security settings.PasswordAuthentication = false; settings.KbdInteractiveAuthentication = false; settings.PermitRootLogin = "yes"; }; users.users."root".openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVk/m4ydcYXzHxTWeNw2MlwxKU+JirTVOeHsYR4wdTokwYyNWZ3/zPcU4+XekSRatwJW1LJYrZ1Y5IJkobzgnOvYVI7SXZ1Tbzb1kAcnChSt+Dp/pKdMPZ8yY3PTFZh+R5F3rWFA/YZqTRhh0vuxPIVbLl7zOPExWwYGn9crkZaYZvKHVvgE5660hXo9pxbUKsSs+DIy/AE7gfKiZLusY95nk9T/jZ7Vmhl0UsF0RiDsfxgE664/vEKe8b+82kKCDt5nJVe8THSrjaw4+NUhef6R8UoUO1/Pn4TKq3Gil3Z36wPEPdkw2lYzX+d1EFyaC3hZJedSUfdFliPOejIbNvvhPBBD1wAGxxyuJZB5KLwWN7/efwCgw45buLbVfUuwwug7K7GK84A3yzqClbZKKv8rYdO04UG64A+Taq2LeyxQIDjygTgGk/1j/0Neb1RO0FbjlbTeNMZ54P+u7BTEcikJCsbFeseWDtYzupQtLt96KMbcdRgHy0CTGqFHE+my8= julian@julian-aspi" ]; services.syncthing.key = config.sops.secrets."syncthing/pianonix/key".path; services.syncthing.cert = config.sops.secrets."syncthing/pianonix/cert".path; services.syncthing.settings = { devices = { "aspi-nix" = { id = "DM5QRYU-ILJ4XYB-4V6NZDG-RAMVOND-3RSDSYR-52TW6RW-3XIU333-T7FNAA3"; }; "pianonix" = { id = "FD3XSFW-7LQSCIQ-KHZPLNQ-7VZYGKH-RJ2ZKTJ-BG67NRH-36TQIZM-CXDYWAH"; }; }; folders = { "Klavier" = { path = "/home/julian/Klavier"; id = "flc3m-q4gp2"; devices = [ "aspi-nix" "pianonix" ]; }; }; }; networking.firewall.enable = true; networking.firewall.allowedTCPPorts = [ 5900 # for vnc ]; # Disable the GNOME3/GDM auto-suspend feature that cannot be disabled in GUI! # If no user is logged in, the machine will power down after 20 minutes. systemd.targets.sleep.enable = false; systemd.targets.suspend.enable = false; systemd.targets.hibernate.enable = false; systemd.targets.hybrid-sleep.enable = false; ## Raspberry pi specific config # hardware.raspberry-pi."4" = { # fkms-3d.enable = true; # touch-ft5406.enable = true; # }; # Prevent host becoming unreachable on wifi after some time (for raspberry pi) networking.networkmanager.wifi.powersave = false; # Enable audio devices on raspberry pi # boot.kernelParams = [ # "snd_bcm2835.enable_hdmi=1" # "snd_bcm2835.enable_headphones=1" # ]; # boot.loader.raspberryPi.firmwareConfig = '' # dtparam=audio=on # ''; }