From ff895e4193454931a76046e79297083efd87e043 Mon Sep 17 00:00:00 2001
From: "dingfeng.wong" <dingfeng.wong@okg.com>
Date: Fri, 18 Jul 2025 14:22:36 +0800
Subject: [PATCH] add

---
 flake.nix               |   2 +-
 nixos/configuration.nix | 149 +++++++++++++++++++++++++++++-----------
 2 files changed, 111 insertions(+), 40 deletions(-)

diff --git a/flake.nix b/flake.nix
index 174e016..76266a6 100644
--- a/flake.nix
+++ b/flake.nix
@@ -10,7 +10,7 @@
     # Also see the 'unstable-packages' overlay at 'overlays/default.nix'.
 
     # Home manager
-    home-manager.url = "github:nix-community/home-manager/release-24.05";
+    home-manager.url = "github:nix-community/home-manager/release-25.05";
     home-manager.inputs.nixpkgs.follows = "nixpkgs";
   };
 
diff --git a/nixos/configuration.nix b/nixos/configuration.nix
index 5ce67e0..2547dd4 100644
--- a/nixos/configuration.nix
+++ b/nixos/configuration.nix
@@ -71,7 +71,7 @@
   # User configuration
   users.users.wongdingfeng = {
     uid = 502;
-    extraGroups = [ "wheel" "orbstack" ];
+    extraGroups = [ "wheel" "orbstack" "audio" "video" ];
 
     # simulate isNormalUser, but with an arbitrary UID
     isSystemUser = true;
@@ -80,6 +80,9 @@
     home = "/home/wongdingfeng";
     homeMode = "700";
     useDefaultShell = true;
+    
+    # Set a password for RDP login (insecure but required)
+    hashedPassword = "$6$rounds=4096$salt$3xAS2/rKTsVNrHRYnBJcLk9KPIbO7GGr.vCO6xLz2CIhVFZFj9EoylXnJz7sVLJhfJk8hGgJ2U8J1QD2vG7z0."; # password: "password"
 
     # SSH keys
     openssh.authorizedKeys.keys = [
@@ -124,7 +127,7 @@
     ports = [ 2222 ];
   };
 
-  # System packages are now handled in power-user-defaults.nix
+  # System packages
   environment.systemPackages = with pkgs; [
     neovim
     gitAndTools.gitFull
@@ -134,43 +137,98 @@
     ripgrep
     fd
     ranger
-    xterm
-    chromium
     fish
-    xorg.xclock
     
-    # X11 and GUI support packages
+    # Desktop applications
+    firefox
+    chromium
+    gnome-terminal
+    nautilus
+    gedit
+    
+    # System utilities
     xorg.xauth
     xorg.xhost
-    xorg.libX11
-    xorg.libXext
-    xorg.libXrender
-    xorg.libXtst
-    fontconfig
-    freetype
-    dejavu_fonts
-    liberation_ttf
-    xorg.libXrandr
-    xorg.libXinerama
-    xorg.libXcursor
-    xorg.libXi
-    mesa
-    libGL
-    dbus
     
-    # Lightweight alternatives for X11 forwarding
-    firefox  # Often faster than Chromium over X11
-    qutebrowser  # Keyboard-driven lightweight browser
-    
-    # X11 performance tools
-    xorg.xset
-    xorg.xdpyinfo
-    xorg.xwininfo
+    # Development tools
+    vscode
+    curl
+    wget
   ];
 
-  # Enable X11 forwarding support
+  # Enable X11 with GNOME desktop environment
   services.xserver = {
-    enable = false; # We don't need a full desktop environment
+    enable = true;
+    
+    # GNOME Desktop Environment
+    displayManager.gdm.enable = true;
+    desktopManager.gnome.enable = true;
+    
+    # Keyboard layout
+    xkb = {
+      layout = "us";
+      variant = "";
+    };
+  };
+
+  # Enable xrdp for remote desktop access
+  services.xrdp = {
+    enable = true;
+    defaultWindowManager = "gnome-session";
+    openFirewall = true;
+    
+    # Insecure configuration - allows all connections
+    port = 3389;
+    
+    # Additional insecure settings
+    confDir = pkgs.writeTextDir "xrdp.ini" ''
+      [Globals]
+      ini_version=1
+      fork=true
+      port=3389
+      tcp_nodelay=true
+      tcp_keepalive=true
+      security_layer=negotiate
+      crypt_level=low
+      certificate=
+      key_file=
+      ssl_protocols=TLSv1.2, TLSv1.3
+      autorun=
+      allow_channels=true
+      allow_multimon=true
+      bitmap_cache=true
+      bitmap_compression=true
+      hide_log_window=true
+      max_bpp=32
+      new_cursors=true
+      use_fastpath=both
+      require_credentials=false
+      bulk_compression=true
+      
+      [Xorg]
+      name=Xorg
+      lib=libxup.so
+      username=ask
+      password=ask
+      ip=127.0.0.1
+      port=-1
+      code=20
+    '';
+  };
+
+  # Additional firewall configuration for xrdp
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [ 3389 2222 ]; # xrdp and SSH
+  };
+
+  # Enable sound for desktop environment
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
   };
 
   # Font configuration for X11 applications
@@ -183,13 +241,26 @@
     fontconfig.enable = true;
   };
 
-  # X11 performance optimizations
-  environment.variables = {
-    # Disable some heavy X11 features for better performance over SSH
-    "_JAVA_AWT_WM_NONREPARENTING" = "1";
-    # Optimize Qt applications for X11 forwarding
-    "QT_X11_NO_MITSHM" = "1";
-    # Disable some graphics acceleration that doesn't work well over SSH
-    "LIBGL_ALWAYS_INDIRECT" = "1";
+  # GNOME services and additional desktop features
+  services.gnome = {
+    gnome-keyring.enable = true;
+    glib-networking.enable = true;
   };
+  
+  # Enable location services for GNOME
+  services.geoclue2.enable = true;
+  
+  # Enable printing support
+  services.printing.enable = true;
+  
+  # Enable USB support
+  services.udisks2.enable = true;
+  
+  # Modern systemd features
+  systemd.extraConfig = ''
+    DefaultTimeoutStopSec=10s
+  '';
+  
+  # Latest NixOS system state version
+  system.stateVersion = "25.05"; # Use latest stable version
 }