nixos/stube-pc/system.nix

130 lines
3.3 KiB
Nix

{ self, config, pkgs, lib, ...}: {
imports = [ ./hardware-configuration.nix ];
# allow spotify
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "spotify" ];
# boot
boot.loader.grub = {
enable = true;
device = "/dev/sda";
};
boot.loader.timeout = 1;
# network
networking.hostName = "stube-pc";
networking.networkmanager.enable = true;
networking.firewall.enable = true;
# timezone
time.timeZone = "Europe/Berlin";
# configure users
users.mutableUsers = false;
users.users.admin = {
isNormalUser = true;
hashedPassword = "$y$j9T$sYhrjA6IDTFVsUTVrw6aY/$c4qBwMc6SBMip4BWIpHPwzkyVgnOaHdvYxJDUIyw7q1";
extraGroups = [ "wheel" "networkmanager" ];
createHome = true;
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDbsWgnT1W25H5fDCekspaXzlIwvKh+rHygTId8xHotU admin" ];
};
users.users.stube = {
isNormalUser = true;
extraGroups = [ "networkmanager" ];
password = "stube";
};
# the display-manager starts the desktop environment instantaneously.
# this statement delays the display-manager until the home environment for the user is set up.
systemd.services."display-manager".after = [ "home-manager-stube.service" ];
console.keyMap = "de";
# audio configuration
services.pipewire = {
enable = true;
pulse.enable = true;
};
# gui configuration
services.xserver = {
enable = true;
xkb.layout = "de";
desktopManager.xfce.enable = true;
};
services.displayManager = {
enable = true;
defaultSession = "xfce";
autoLogin = {
enable = true;
user = "stube";
};
};
# remove all multi-user / displayManager functionality from lightDM (basically a kiosk setup)
services.xserver.displayManager.lightdm.greeter.enable = false;
services.xserver.displayManager.lightdm.autoLogin.timeout = 0;
services.xserver.desktopManager.xfce.enableScreensaver = false;
services.thekenlicht-daemon = {
enable = true;
serialPort = "/dev/serial/by-id/usb-1a86_USB2.0-Serial-if00-port0";
};
# enable gpu support
hardware.opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
# load additional applications
environment.systemPackages = with pkgs; [
vim # text editor
git # source code management for nixos-rebuild from flake
xfce.xfce4-pulseaudio-plugin # pulseaudio-plugin in top panel
pavucontrol # audio control panel
qlcplus
];
services.udev.packages = with pkgs; [
qlcplus
];
# link current system configuration to /etc/current-nixos
environment.etc."current-nixos".source = self;
# persistent files
environment.persistence."/persist" = {
enable = true;
hideMounts = true;
directories = [
"/var/log"
"/var/lib/nixos"
"/var/lib/systemd/coredump"
"/etc/NetworkManager/system-connections"
];
files = [
"/etc/machine-id"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
];
};
security.polkit.enable = true;
# enable ssh access for admin user
services.openssh = {
enable = true;
openFirewall = true;
settings = {
PasswordAuthentication = false;
AllowUsers = [ "admin" ];
};
};
system.stateVersion = "24.05";
}