197 lines
6.3 KiB
Nix
197 lines
6.3 KiB
Nix
# Edit this configuration file to define what should be installed on
|
||
# your system. Help is available in the configuration.nix(5) man page
|
||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||
{
|
||
lib,
|
||
inputs,
|
||
config,
|
||
pkgs,
|
||
...
|
||
}: {
|
||
imports = [
|
||
inputs.nixos-hardware.nixosModules.raspberry-pi-4
|
||
|
||
./hardware-configuration.nix
|
||
|
||
../common/global
|
||
../common/users/julian
|
||
../common/optional/binarycaches.nix
|
||
|
||
../common/optional/pipewire.nix
|
||
../common/optional/remote-builder.nix
|
||
../common/optional/pcmanfm.nix
|
||
../common/optional/redshift.nix
|
||
../common/optional/authentication.nix
|
||
|
||
../common/optional/avahi.nix
|
||
];
|
||
|
||
# disko.devices.disk.main.device = "/dev/mmcblk1";
|
||
|
||
# enabled by fish, disabling speeds up builds
|
||
documentation.man.generateCaches = false;
|
||
|
||
networking.enableIPv6 = false; # This only leads to issues with avahi
|
||
|
||
hardware.bluetooth.enable = true;
|
||
services.blueman.enable = true; # bluetooth gui
|
||
# raspberry pi specific
|
||
# systemd.services.btattach = {
|
||
# before = [ "bluetooth.service" ];
|
||
# after = [ "dev-ttyAMA0.device" ];
|
||
# wantedBy = [ "multi-user.target" ];
|
||
# serviceConfig = {
|
||
# ExecStart = "${pkgs.bluez}/bin/btattach -B /dev/ttyAMA0 -P bcm -S 3000000";
|
||
# };
|
||
# };
|
||
# networking.wireless.enable = true;
|
||
# networking.wireless.secretsFile = config.sops.secrets."wifi/pianonix".path;
|
||
# networking.wireless.networks = {
|
||
# "SMARTments".pskRaw = "ext:PSK";
|
||
# };
|
||
|
||
# networking.networkmanager.enable = lib.mkForce false;
|
||
|
||
services.gnome.at-spi2-core.enable = true; # for onboard
|
||
|
||
networking.hostName = "pianonix";
|
||
system.stateVersion = "22.11";
|
||
|
||
sops.secrets."vnc-passwd" = {
|
||
owner = config.users.users.julian.name;
|
||
sopsFile = ./secrets-vnc-passwd.bin;
|
||
format = "binary";
|
||
};
|
||
sops.secrets."wifi/pianonix" = {};
|
||
sops.secrets."syncthing/pianonix/key" = {};
|
||
sops.secrets."syncthing/pianonix/cert" = {};
|
||
# sops.secrets."syncthing/public-keys/aspi-nix" = { };
|
||
# sops.secrets."syncthing/public-keys/pianonix" = { };
|
||
|
||
sops.secrets."wg-config" = {
|
||
sopsFile = ./secrets-wg-config.bin;
|
||
format = "binary";
|
||
};
|
||
|
||
networking.wg-quick.interfaces = {
|
||
home = {
|
||
configFile = config.sops.secrets."wg-config".path;
|
||
autostart = true; # This interface is started on boot
|
||
};
|
||
};
|
||
|
||
modules = {
|
||
syncthing = {
|
||
enable = true;
|
||
overrideSettings = true;
|
||
};
|
||
};
|
||
|
||
# Enable the Desktop Environment.
|
||
# services.xserver.displayManager.lightdm.enable = true;
|
||
services.displayManager.defaultSession = "xfce";
|
||
services.displayManager.autoLogin = {
|
||
enable = true;
|
||
user = "julian";
|
||
};
|
||
|
||
systemd.services.x11vnc = {
|
||
description = "Run x11vnc server";
|
||
after = ["display-manager.service"];
|
||
wantedBy = ["multi-user.target"];
|
||
serviceConfig = {
|
||
ExecStart = "${pkgs.x11vnc}/bin/x11vnc -rfbauth ${
|
||
config.sops.secrets."vnc-passwd".path
|
||
} -forever -loop -noxdamage -repeat -rfbport 5900 -shared";
|
||
User = config.users.users.julian.name;
|
||
Restart = "on-failure";
|
||
Environment = "DISPLAY=:0";
|
||
};
|
||
};
|
||
|
||
boot.loader.timeout = lib.mkForce 1; # Set boot loader timeout to 1s
|
||
|
||
# De-facto disable network manager, which is enabled by gnome
|
||
# networking.networkmanager.unmanaged = [ "*" ];
|
||
services.xserver.enable = true;
|
||
services.xserver.desktopManager = {
|
||
xfce = {
|
||
enable = true;
|
||
};
|
||
};
|
||
|
||
services.xserver.displayManager.sessionCommands = ''
|
||
# Prevent screen from going blank or turning off (values in min)
|
||
${pkgs.xfce.xfconf}/bin/xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/blank-on-ac -s 0
|
||
${pkgs.xfce.xfconf}/bin/xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/dpms-on-ac-sleep -s 0
|
||
${pkgs.xfce.xfconf}/bin/xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/dpms-on-ac-off -s 0
|
||
'';
|
||
|
||
services.xserver.xautolock.enable = false;
|
||
services.xserver.desktopManager.xfce.enableScreensaver = false;
|
||
|
||
# xdg.portal.lxqt.enable = true;
|
||
|
||
services.openssh = {
|
||
enable = true;
|
||
# require public key authentication for better security
|
||
settings.PasswordAuthentication = false;
|
||
settings.KbdInteractiveAuthentication = false;
|
||
settings.PermitRootLogin = "yes";
|
||
};
|
||
users.users."root".openssh.authorizedKeys.keys = [
|
||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVk/m4ydcYXzHxTWeNw2MlwxKU+JirTVOeHsYR4wdTokwYyNWZ3/zPcU4+XekSRatwJW1LJYrZ1Y5IJkobzgnOvYVI7SXZ1Tbzb1kAcnChSt+Dp/pKdMPZ8yY3PTFZh+R5F3rWFA/YZqTRhh0vuxPIVbLl7zOPExWwYGn9crkZaYZvKHVvgE5660hXo9pxbUKsSs+DIy/AE7gfKiZLusY95nk9T/jZ7Vmhl0UsF0RiDsfxgE664/vEKe8b+82kKCDt5nJVe8THSrjaw4+NUhef6R8UoUO1/Pn4TKq3Gil3Z36wPEPdkw2lYzX+d1EFyaC3hZJedSUfdFliPOejIbNvvhPBBD1wAGxxyuJZB5KLwWN7/efwCgw45buLbVfUuwwug7K7GK84A3yzqClbZKKv8rYdO04UG64A+Taq2LeyxQIDjygTgGk/1j/0Neb1RO0FbjlbTeNMZ54P+u7BTEcikJCsbFeseWDtYzupQtLt96KMbcdRgHy0CTGqFHE+my8= julian@julian-aspi"
|
||
];
|
||
|
||
services.syncthing.key = config.sops.secrets."syncthing/pianonix/key".path;
|
||
services.syncthing.cert = config.sops.secrets."syncthing/pianonix/cert".path;
|
||
services.syncthing.settings = {
|
||
devices = {
|
||
"aspi-nix" = {
|
||
id = "DM5QRYU-ILJ4XYB-4V6NZDG-RAMVOND-3RSDSYR-52TW6RW-3XIU333-T7FNAA3";
|
||
};
|
||
"pianonix" = {
|
||
id = "FD3XSFW-7LQSCIQ-KHZPLNQ-7VZYGKH-RJ2ZKTJ-BG67NRH-36TQIZM-CXDYWAH";
|
||
};
|
||
};
|
||
folders = {
|
||
"Klavier" = {
|
||
path = "/home/julian/Klavier";
|
||
id = "flc3m-q4gp2";
|
||
devices = [
|
||
"aspi-nix"
|
||
"pianonix"
|
||
];
|
||
};
|
||
};
|
||
};
|
||
|
||
networking.firewall.enable = true;
|
||
networking.firewall.allowedTCPPorts = [
|
||
5900 # for vnc
|
||
];
|
||
|
||
# Disable the GNOME3/GDM auto-suspend feature that cannot be disabled in GUI!
|
||
# If no user is logged in, the machine will power down after 20 minutes.
|
||
systemd.targets.sleep.enable = false;
|
||
systemd.targets.suspend.enable = false;
|
||
systemd.targets.hibernate.enable = false;
|
||
systemd.targets.hybrid-sleep.enable = false;
|
||
|
||
## Raspberry pi specific config
|
||
# hardware.raspberry-pi."4" = {
|
||
# fkms-3d.enable = true;
|
||
# touch-ft5406.enable = true;
|
||
# };
|
||
# Prevent host becoming unreachable on wifi after some time (for raspberry pi)
|
||
networking.networkmanager.wifi.powersave = false;
|
||
# Enable audio devices on raspberry pi
|
||
# boot.kernelParams = [
|
||
# "snd_bcm2835.enable_hdmi=1"
|
||
# "snd_bcm2835.enable_headphones=1"
|
||
# ];
|
||
# boot.loader.raspberryPi.firmwareConfig = ''
|
||
# dtparam=audio=on
|
||
# '';
|
||
}
|