# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). { lib, inputs, config, pkgs, ... }: { imports = [ ./hardware-configuration.nix ]; # disko.devices.disk.main.device = "/dev/mmcblk1"; networking.networkmanager.enable = true; # networking.wireless.enable = true; # networking.wireless.environmentFile = config.sops.secrets."wifi/pianonix".path; # networking.wireless.networks = { # "@SSID@".psk = "@PSK@"; # }; networking.hostName = "pianonix"; # Define your hostname. # Set your time zone. time.timeZone = "Europe/Berlin"; modules = { sops.enable = true; nix-settings.enable = true; xserver-defaults.enable = true; keymap.enable = true; builder.enable = false; # system.boot-efi.enable = true; sound.enable = true; locales.enable = true; pcmanfm.enable = true; # i3.enable = true; # gdm.enable = true; redshift.enable = true; # wayland.enable = true; # hyprland.enable = true; # tuigreet.enable = true; # virtualbox.enable = true; users-julian.enable = true; syncthing = { enable = true; overrideSettings = true; }; # xdg-portal.enable = true; polkit.enable = true; keyring.enable = true; }; users.mutableUsers = false; users.users.julian.hashedPasswordFile = config.sops.secrets."password/pianonix".path; # Enable the Desktop Environment. # services.xserver.displayManager.lightdm.enable = true; services.displayManager.autoLogin = { enable = true; user = "julian"; }; systemd.services.x11vnc = { description = "Run x11vnc server"; after = [ "display-manager.service" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { ExecStart = "${pkgs.x11vnc}/bin/x11vnc -rfbauth ${ config.sops.secrets."vnc-passwd".path } -forever -loop -noxdamage -repeat -rfbport 5900 -shared"; User = config.users.users.julian.name; Restart = "on-failure"; Environment = "DISPLAY=:0"; }; }; boot.loader.timeout = 1; # Set boot loader timeout to 1s programs.dconf.enable = true; # De-facto disable network manager, which is enabled by gnome # networking.networkmanager.unmanaged = [ "*" ]; services.xserver.desktopManager = { xfce = { enable = true; extraSessionCommands = '' # Prevent screen from going blank or turning off (values in min) ${pkgs.xfce.xfconf}/bin/xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/blank-on-ac -s 0 ${pkgs.xfce.xfconf}/bin/xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/dpms-on-ac-sleep -s 0 ${pkgs.xfce.xfconf}/bin/xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/dpms-on-ac-off -s 0 ''; }; }; services.xserver.xautolock.enable = false; services.xserver.desktopManager.xfce.enableScreensaver = false; # xdg.portal.lxqt.enable = true; services.openssh = { enable = true; # require public key authentication for better security settings.PasswordAuthentication = false; settings.KbdInteractiveAuthentication = false; settings.PermitRootLogin = "yes"; }; users.users."root".openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVk/m4ydcYXzHxTWeNw2MlwxKU+JirTVOeHsYR4wdTokwYyNWZ3/zPcU4+XekSRatwJW1LJYrZ1Y5IJkobzgnOvYVI7SXZ1Tbzb1kAcnChSt+Dp/pKdMPZ8yY3PTFZh+R5F3rWFA/YZqTRhh0vuxPIVbLl7zOPExWwYGn9crkZaYZvKHVvgE5660hXo9pxbUKsSs+DIy/AE7gfKiZLusY95nk9T/jZ7Vmhl0UsF0RiDsfxgE664/vEKe8b+82kKCDt5nJVe8THSrjaw4+NUhef6R8UoUO1/Pn4TKq3Gil3Z36wPEPdkw2lYzX+d1EFyaC3hZJedSUfdFliPOejIbNvvhPBBD1wAGxxyuJZB5KLwWN7/efwCgw45buLbVfUuwwug7K7GK84A3yzqClbZKKv8rYdO04UG64A+Taq2LeyxQIDjygTgGk/1j/0Neb1RO0FbjlbTeNMZ54P+u7BTEcikJCsbFeseWDtYzupQtLt96KMbcdRgHy0CTGqFHE+my8= julian@julian-aspi" ]; # Do not alway generate man-cache, making builds much faster documentation.man.generateCaches = false; # MDNS on local network services.avahi = { enable = true; nssmdns4 = true; publish.enable = true; publish.addresses = true; }; services.syncthing.key = config.sops.secrets."syncthing/pianonix/key".path; services.syncthing.cert = config.sops.secrets."syncthing/pianonix/cert".path; services.syncthing.settings = { devices = { "aspi-nix" = { id = "DM5QRYU-ILJ4XYB-4V6NZDG-RAMVOND-3RSDSYR-52TW6RW-3XIU333-T7FNAA3"; }; "pianonix" = { id = "FD3XSFW-7LQSCIQ-KHZPLNQ-7VZYGKH-RJ2ZKTJ-BG67NRH-36TQIZM-CXDYWAH"; }; }; folders = { "Klavier" = { path = "/home/julian/Klavier"; id = "flc3m-q4gp2"; devices = [ "aspi-nix" "pianonix" ]; }; }; }; # Packages needed as root environment.systemPackages = with pkgs; [ vim htop mc ]; networking.firewall.enable = true; networking.firewall.allowedTCPPorts = [ 5900 # for vnc ]; # Disable the GNOME3/GDM auto-suspend feature that cannot be disabled in GUI! # If no user is logged in, the machine will power down after 20 minutes. systemd.targets.sleep.enable = false; systemd.targets.suspend.enable = false; systemd.targets.hibernate.enable = false; systemd.targets.hybrid-sleep.enable = false; ## Raspberry pi specific config # hardware.raspberry-pi."4" = { # fkms-3d.enable = true; # touch-ft5406.enable = true; # }; # Prevent host becoming unreachable on wifi after some time (for raspberry pi) networking.networkmanager.wifi.powersave = false; # Enable audio devices on raspberry pi # boot.kernelParams = [ # "snd_bcm2835.enable_hdmi=1" # "snd_bcm2835.enable_headphones=1" # ]; # boot.loader.raspberryPi.firmwareConfig = '' # dtparam=audio=on # ''; # ======================== DO NOT CHANGE THIS ======================== system.stateVersion = "22.11"; # ======================== DO NOT CHANGE THIS ======================== }