# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). { lib, inputs, config, pkgs, ... }: { imports = [ inputs.nixos-hardware.nixosModules.raspberry-pi-4 ./hardware-configuration.nix ../common/global ../common/users/julian # ../common/optional/openssh.nix # ../common/optional/greetd.nix ../common/optional/pipewire.nix ../common/optional/remote-builder.nix # ../common/optional/boot-efi.nix ../common/optional/pcmanfm.nix # ../common/optional/i3.nix # ../common/optional/gdm.nix ../common/optional/redshift.nix # ../common/optional/virtualbox.nix ../common/optional/xdg-portal.nix ../common/optional/polkit.nix # TODO: maybe not needed! ../common/optional/keyring.nix # TODO: maybe not needed! ]; # disko.devices.disk.main.device = "/dev/mmcblk1"; # networking.wireless.enable = true; # networking.wireless.environmentFile = config.sops.secrets."wifi/pianonix".path; # networking.wireless.networks = { # "@SSID@".psk = "@PSK@"; # }; networking.hostName = "pianonix"; sops.secrets."vnc-passwd" = { owner = config.users.users.julian.name; sopsFile = ./vnc-passwd; format = "binary"; }; sops.secrets."wifi/pianonix" = {}; sops.secrets."syncthing/pianonix/key" = {}; sops.secrets."syncthing/pianonix/cert" = {}; # sops.secrets."syncthing/public-keys/aspi-nix" = { }; # sops.secrets."syncthing/public-keys/pianonix" = { }; modules = { syncthing = { enable = true; overrideSettings = true; }; }; # Enable the Desktop Environment. # services.xserver.displayManager.lightdm.enable = true; services.displayManager.autoLogin = { enable = true; user = "julian"; }; systemd.services.x11vnc = { description = "Run x11vnc server"; after = ["display-manager.service"]; wantedBy = ["multi-user.target"]; serviceConfig = { ExecStart = "${pkgs.x11vnc}/bin/x11vnc -rfbauth ${ config.sops.secrets."vnc-passwd".path } -forever -loop -noxdamage -repeat -rfbport 5900 -shared"; User = config.users.users.julian.name; Restart = "on-failure"; Environment = "DISPLAY=:0"; }; }; boot.loader.timeout = 1; # Set boot loader timeout to 1s # De-facto disable network manager, which is enabled by gnome # networking.networkmanager.unmanaged = [ "*" ]; services.xserver.desktopManager = { xfce = { enable = true; }; }; services.xserver.displayManager.sessionCommands = '' # Prevent screen from going blank or turning off (values in min) ${pkgs.xfce.xfconf}/bin/xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/blank-on-ac -s 0 ${pkgs.xfce.xfconf}/bin/xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/dpms-on-ac-sleep -s 0 ${pkgs.xfce.xfconf}/bin/xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/dpms-on-ac-off -s 0 ''; services.xserver.xautolock.enable = false; services.xserver.desktopManager.xfce.enableScreensaver = false; # xdg.portal.lxqt.enable = true; services.openssh = { enable = true; # require public key authentication for better security settings.PasswordAuthentication = false; settings.KbdInteractiveAuthentication = false; settings.PermitRootLogin = "yes"; }; users.users."root".openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVk/m4ydcYXzHxTWeNw2MlwxKU+JirTVOeHsYR4wdTokwYyNWZ3/zPcU4+XekSRatwJW1LJYrZ1Y5IJkobzgnOvYVI7SXZ1Tbzb1kAcnChSt+Dp/pKdMPZ8yY3PTFZh+R5F3rWFA/YZqTRhh0vuxPIVbLl7zOPExWwYGn9crkZaYZvKHVvgE5660hXo9pxbUKsSs+DIy/AE7gfKiZLusY95nk9T/jZ7Vmhl0UsF0RiDsfxgE664/vEKe8b+82kKCDt5nJVe8THSrjaw4+NUhef6R8UoUO1/Pn4TKq3Gil3Z36wPEPdkw2lYzX+d1EFyaC3hZJedSUfdFliPOejIbNvvhPBBD1wAGxxyuJZB5KLwWN7/efwCgw45buLbVfUuwwug7K7GK84A3yzqClbZKKv8rYdO04UG64A+Taq2LeyxQIDjygTgGk/1j/0Neb1RO0FbjlbTeNMZ54P+u7BTEcikJCsbFeseWDtYzupQtLt96KMbcdRgHy0CTGqFHE+my8= julian@julian-aspi" ]; services.syncthing.key = config.sops.secrets."syncthing/pianonix/key".path; services.syncthing.cert = config.sops.secrets."syncthing/pianonix/cert".path; services.syncthing.settings = { devices = { "aspi-nix" = { id = "DM5QRYU-ILJ4XYB-4V6NZDG-RAMVOND-3RSDSYR-52TW6RW-3XIU333-T7FNAA3"; }; "pianonix" = { id = "FD3XSFW-7LQSCIQ-KHZPLNQ-7VZYGKH-RJ2ZKTJ-BG67NRH-36TQIZM-CXDYWAH"; }; }; folders = { "Klavier" = { path = "/home/julian/Klavier"; id = "flc3m-q4gp2"; devices = [ "aspi-nix" "pianonix" ]; }; }; }; # Packages needed as root environment.systemPackages = with pkgs; [ vim htop mc ]; networking.firewall.enable = true; networking.firewall.allowedTCPPorts = [ 5900 # for vnc ]; # Disable the GNOME3/GDM auto-suspend feature that cannot be disabled in GUI! # If no user is logged in, the machine will power down after 20 minutes. systemd.targets.sleep.enable = false; systemd.targets.suspend.enable = false; systemd.targets.hibernate.enable = false; systemd.targets.hybrid-sleep.enable = false; ## Raspberry pi specific config # hardware.raspberry-pi."4" = { # fkms-3d.enable = true; # touch-ft5406.enable = true; # }; # Prevent host becoming unreachable on wifi after some time (for raspberry pi) networking.networkmanager.wifi.powersave = false; # Enable audio devices on raspberry pi # boot.kernelParams = [ # "snd_bcm2835.enable_hdmi=1" # "snd_bcm2835.enable_headphones=1" # ]; # boot.loader.raspberryPi.firmwareConfig = '' # dtparam=audio=on # ''; # ======================== DO NOT CHANGE THIS ======================== system.stateVersion = "22.11"; # ======================== DO NOT CHANGE THIS ======================== }