nixos/stube-pc/system.nix

{ self, config, pkgs, lib, ...}: {
  imports = [ ./hardware-configuration.nix ];

  # allow spotify
  nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "spotify" ];

  # boot
  boot.loader.grub = {
    enable = true;
    device = "/dev/sda";
  };

  boot.loader.timeout = 1;

  # network
  networking.hostName = "stube-pc";
  networking.networkmanager.enable = true;
  networking.firewall.enable = true;

  # timezone
  time.timeZone = "Europe/Berlin";

  # configure users
  users.mutableUsers = false;
  users.users.admin = {
    isNormalUser = true;
    hashedPassword = "$y$j9T$sYhrjA6IDTFVsUTVrw6aY/$c4qBwMc6SBMip4BWIpHPwzkyVgnOaHdvYxJDUIyw7q1";
    extraGroups = [ "wheel" "networkmanager" ];
    createHome = true;
    openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDbsWgnT1W25H5fDCekspaXzlIwvKh+rHygTId8xHotU admin" ];
  };
  users.users.stube = {
    isNormalUser = true;
    extraGroups = [ "networkmanager" ];
    password = "stube";
  };

  # the display-manager starts the desktop environment instantaneously. 
  # this statement delays the display-manager until the home environment for the user is set up.
  systemd.services."display-manager".after = [ "home-manager-stube.service" ];

  console.keyMap = "de";

  # audio configuration
  services.pipewire = {
    enable = true;
    pulse.enable = true;
  };

  # gui configuration
  services.xserver = {
    enable = true;
    xkb.layout = "de";
    desktopManager.xfce.enable = true;
  };
  services.displayManager = {
    enable = true;
    defaultSession = "xfce";
    autoLogin = {
      enable = true;
      user = "stube";
    };
  };

  # remove all multi-user / displayManager functionality from lightDM (basically a kiosk setup)
  services.xserver.displayManager.lightdm.greeter.enable = false;
  services.xserver.displayManager.lightdm.autoLogin.timeout = 0;
  services.xserver.desktopManager.xfce.enableScreensaver = false;

  services.thekenlicht-daemon = {
    enable = true;
    serialPort = "/dev/serial/by-id/usb-1a86_USB2.0-Serial-if00-port0";
  };

  # enable gpu support
  hardware.opengl = {
    enable = true;
    driSupport = true;
    driSupport32Bit = true;
  };

  # load additional applications
  environment.systemPackages = with pkgs; [
    vim # text editor
    git # source code management for nixos-rebuild from flake 
    xfce.xfce4-pulseaudio-plugin # pulseaudio-plugin in top panel
    pavucontrol  # audio control panel
    qlcplus
  ];

  services.udev.packages = with pkgs; [
    qlcplus
  ];

  services.logind.extraConfig = "HandlePowerKey=poweroff";

  # link current system configuration to /etc/current-nixos
  environment.etc."current-nixos".source = self;

  # persistent files
  environment.persistence."/persist" = {
    enable = true;
    hideMounts = true;
    directories = [
      "/var/log"
      "/var/lib/nixos"
    ];
    files = [
      "/etc/machine-id"
      "/etc/ssh/ssh_host_rsa_key"
      "/etc/ssh/ssh_host_rsa_key.pub"
      "/etc/ssh/ssh_host_ed25519_key"
      "/etc/ssh/ssh_host_ed25519_key.pub"
    ];
  };

  security.polkit.enable = true;

  # enable ssh access for admin user
  services.openssh = {
    enable = true;
    openFirewall = true;
    settings = {
      PasswordAuthentication = false;
      AllowUsers = [ "admin" ];
    };
  };

  system.stateVersion = "24.05";
}
init 2024-08-28 11:39:24 +02:00			`{ self, config, pkgs, lib, ...}: {`
			`imports = [ ./hardware-configuration.nix ];`

documentation 2024-08-28 14:24:44 +02:00			`# allow spotify`
init 2024-08-28 11:39:24 +02:00			`nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "spotify" ];`

documentation 2024-08-28 14:24:44 +02:00			`# boot`
init 2024-08-28 11:39:24 +02:00			`boot.loader.grub = {`
			`enable = true;`
			`device = "/dev/sda";`
			`};`

			`boot.loader.timeout = 1;`

documentation 2024-08-28 14:24:44 +02:00			`# network`
init 2024-08-28 11:39:24 +02:00			`networking.hostName = "stube-pc";`
			`networking.networkmanager.enable = true;`
			`networking.firewall.enable = true;`

documentation 2024-08-28 14:24:44 +02:00			`# timezone`
init 2024-08-28 11:39:24 +02:00			`time.timeZone = "Europe/Berlin";`

documentation 2024-08-28 14:24:44 +02:00			`# configure users`
init 2024-08-28 11:39:24 +02:00			`users.mutableUsers = false;`
add admin user 2024-08-28 13:52:41 +02:00			`users.users.admin = {`
			`isNormalUser = true;`
			`hashedPassword = "$y$j9T$sYhrjA6IDTFVsUTVrw6aY/$c4qBwMc6SBMip4BWIpHPwzkyVgnOaHdvYxJDUIyw7q1";`
			`extraGroups = [ "wheel" "networkmanager" ];`
			`createHome = true;`
			`openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDbsWgnT1W25H5fDCekspaXzlIwvKh+rHygTId8xHotU admin" ];`
ssh + root password change 2024-08-28 11:43:25 +02:00			`};`
init 2024-08-28 11:39:24 +02:00			`users.users.stube = {`
			`isNormalUser = true;`
			`extraGroups = [ "networkmanager" ];`
			`password = "stube";`
			`};`

documentation 2024-08-28 14:24:44 +02:00			`# the display-manager starts the desktop environment instantaneously.`
			`# this statement delays the display-manager until the home environment for the user is set up.`
init 2024-08-28 11:39:24 +02:00			`systemd.services."display-manager".after = [ "home-manager-stube.service" ];`

			`console.keyMap = "de";`

documentation 2024-08-28 14:24:44 +02:00			`# audio configuration`
init 2024-08-28 11:39:24 +02:00			`services.pipewire = {`
			`enable = true;`
			`pulse.enable = true;`
			`};`

documentation 2024-08-28 14:24:44 +02:00			`# gui configuration`
init 2024-08-28 11:39:24 +02:00			`services.xserver = {`
			`enable = true;`
			`xkb.layout = "de";`
			`desktopManager.xfce.enable = true;`
			`};`
			`services.displayManager = {`
			`enable = true;`
			`defaultSession = "xfce";`
			`autoLogin = {`
			`enable = true;`
			`user = "stube";`
			`};`
			`};`
documentation 2024-08-28 14:24:44 +02:00
			`# remove all multi-user / displayManager functionality from lightDM (basically a kiosk setup)`
init 2024-08-28 11:39:24 +02:00			`services.xserver.displayManager.lightdm.greeter.enable = false;`
			`services.xserver.displayManager.lightdm.autoLogin.timeout = 0;`
			`services.xserver.desktopManager.xfce.enableScreensaver = false;`

thekenlicht daemon + dmx 2024-08-28 23:20:58 +02:00			`services.thekenlicht-daemon = {`
			`enable = true;`
			`serialPort = "/dev/serial/by-id/usb-1a86_USB2.0-Serial-if00-port0";`
			`};`

documentation 2024-08-28 14:24:44 +02:00			`# enable gpu support`
init 2024-08-28 11:39:24 +02:00			`hardware.opengl = {`
			`enable = true;`
			`driSupport = true;`
			`driSupport32Bit = true;`
			`};`

documentation 2024-08-28 14:24:44 +02:00			`# load additional applications`
init 2024-08-28 11:39:24 +02:00			`environment.systemPackages = with pkgs; [`
documentation 2024-08-28 14:24:44 +02:00			`vim # text editor`
			`git # source code management for nixos-rebuild from flake`
			`xfce.xfce4-pulseaudio-plugin # pulseaudio-plugin in top panel`
			`pavucontrol # audio control panel`
thekenlicht daemon + dmx 2024-08-28 23:20:58 +02:00			`qlcplus`
			`];`

			`services.udev.packages = with pkgs; [`
			`qlcplus`
init 2024-08-28 11:39:24 +02:00			`];`

dmx daemon and other changes 2024-08-29 09:45:23 +02:00			`services.logind.extraConfig = "HandlePowerKey=poweroff";`

documentation 2024-08-28 14:24:44 +02:00			`# link current system configuration to /etc/current-nixos`
init 2024-08-28 11:39:24 +02:00			`environment.etc."current-nixos".source = self;`

documentation 2024-08-28 14:24:44 +02:00			`# persistent files`
init 2024-08-28 11:39:24 +02:00			`environment.persistence."/persist" = {`
			`enable = true;`
			`hideMounts = true;`
			`directories = [`
			`"/var/log"`
			`"/var/lib/nixos"`
			`];`
			`files = [`
			`"/etc/machine-id"`
			`"/etc/ssh/ssh_host_rsa_key"`
			`"/etc/ssh/ssh_host_rsa_key.pub"`
			`"/etc/ssh/ssh_host_ed25519_key"`
			`"/etc/ssh/ssh_host_ed25519_key.pub"`
			`];`
			`};`

			`security.polkit.enable = true;`

documentation 2024-08-28 14:24:44 +02:00			`# enable ssh access for admin user`
ssh + root password change 2024-08-28 11:43:25 +02:00			`services.openssh = {`
			`enable = true;`
			`openFirewall = true;`
add admin user 2024-08-28 13:52:41 +02:00			`settings = {`
			`PasswordAuthentication = false;`
			`AllowUsers = [ "admin" ];`
			`};`
ssh + root password change 2024-08-28 11:43:25 +02:00			`};`

init 2024-08-28 11:39:24 +02:00			`system.stateVersion = "24.05";`
			`}`