add
This commit is contained in:
dingfeng.wong
@@ -10,7 +10,7 @@
|
||||
# Also see the 'unstable-packages' overlay at 'overlays/default.nix'.
|
||||
|
||||
# Home manager
|
||||
home-manager.url = "github:nix-community/home-manager/release-24.05";
|
||||
home-manager.url = "github:nix-community/home-manager/release-25.05";
|
||||
home-manager.inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
|
||||
+110
-39
@@ -71,7 +71,7 @@
|
||||
# User configuration
|
||||
users.users.wongdingfeng = {
|
||||
uid = 502;
|
||||
extraGroups = [ "wheel" "orbstack" ];
|
||||
extraGroups = [ "wheel" "orbstack" "audio" "video" ];
|
||||
|
||||
# simulate isNormalUser, but with an arbitrary UID
|
||||
isSystemUser = true;
|
||||
@@ -81,6 +81,9 @@
|
||||
homeMode = "700";
|
||||
useDefaultShell = true;
|
||||
|
||||
# Set a password for RDP login (insecure but required)
|
||||
hashedPassword = "$6$rounds=4096$salt$3xAS2/rKTsVNrHRYnBJcLk9KPIbO7GGr.vCO6xLz2CIhVFZFj9EoylXnJz7sVLJhfJk8hGgJ2U8J1QD2vG7z0."; # password: "password"
|
||||
|
||||
# SSH keys
|
||||
openssh.authorizedKeys.keys = [
|
||||
# Add your SSH public keys here
|
||||
@@ -124,7 +127,7 @@
|
||||
ports = [ 2222 ];
|
||||
};
|
||||
|
||||
# System packages are now handled in power-user-defaults.nix
|
||||
# System packages
|
||||
environment.systemPackages = with pkgs; [
|
||||
neovim
|
||||
gitAndTools.gitFull
|
||||
@@ -134,43 +137,98 @@
|
||||
ripgrep
|
||||
fd
|
||||
ranger
|
||||
xterm
|
||||
chromium
|
||||
fish
|
||||
xorg.xclock
|
||||
|
||||
# X11 and GUI support packages
|
||||
# Desktop applications
|
||||
firefox
|
||||
chromium
|
||||
gnome-terminal
|
||||
nautilus
|
||||
gedit
|
||||
|
||||
# System utilities
|
||||
xorg.xauth
|
||||
xorg.xhost
|
||||
xorg.libX11
|
||||
xorg.libXext
|
||||
xorg.libXrender
|
||||
xorg.libXtst
|
||||
fontconfig
|
||||
freetype
|
||||
dejavu_fonts
|
||||
liberation_ttf
|
||||
xorg.libXrandr
|
||||
xorg.libXinerama
|
||||
xorg.libXcursor
|
||||
xorg.libXi
|
||||
mesa
|
||||
libGL
|
||||
dbus
|
||||
|
||||
# Lightweight alternatives for X11 forwarding
|
||||
firefox # Often faster than Chromium over X11
|
||||
qutebrowser # Keyboard-driven lightweight browser
|
||||
|
||||
# X11 performance tools
|
||||
xorg.xset
|
||||
xorg.xdpyinfo
|
||||
xorg.xwininfo
|
||||
# Development tools
|
||||
vscode
|
||||
curl
|
||||
wget
|
||||
];
|
||||
|
||||
# Enable X11 forwarding support
|
||||
# Enable X11 with GNOME desktop environment
|
||||
services.xserver = {
|
||||
enable = false; # We don't need a full desktop environment
|
||||
enable = true;
|
||||
|
||||
# GNOME Desktop Environment
|
||||
displayManager.gdm.enable = true;
|
||||
desktopManager.gnome.enable = true;
|
||||
|
||||
# Keyboard layout
|
||||
xkb = {
|
||||
layout = "us";
|
||||
variant = "";
|
||||
};
|
||||
};
|
||||
|
||||
# Enable xrdp for remote desktop access
|
||||
services.xrdp = {
|
||||
enable = true;
|
||||
defaultWindowManager = "gnome-session";
|
||||
openFirewall = true;
|
||||
|
||||
# Insecure configuration - allows all connections
|
||||
port = 3389;
|
||||
|
||||
# Additional insecure settings
|
||||
confDir = pkgs.writeTextDir "xrdp.ini" ''
|
||||
[Globals]
|
||||
ini_version=1
|
||||
fork=true
|
||||
port=3389
|
||||
tcp_nodelay=true
|
||||
tcp_keepalive=true
|
||||
security_layer=negotiate
|
||||
crypt_level=low
|
||||
certificate=
|
||||
key_file=
|
||||
ssl_protocols=TLSv1.2, TLSv1.3
|
||||
autorun=
|
||||
allow_channels=true
|
||||
allow_multimon=true
|
||||
bitmap_cache=true
|
||||
bitmap_compression=true
|
||||
hide_log_window=true
|
||||
max_bpp=32
|
||||
new_cursors=true
|
||||
use_fastpath=both
|
||||
require_credentials=false
|
||||
bulk_compression=true
|
||||
|
||||
[Xorg]
|
||||
name=Xorg
|
||||
lib=libxup.so
|
||||
username=ask
|
||||
password=ask
|
||||
ip=127.0.0.1
|
||||
port=-1
|
||||
code=20
|
||||
'';
|
||||
};
|
||||
|
||||
# Additional firewall configuration for xrdp
|
||||
networking.firewall = {
|
||||
enable = true;
|
||||
allowedTCPPorts = [ 3389 2222 ]; # xrdp and SSH
|
||||
};
|
||||
|
||||
# Enable sound for desktop environment
|
||||
security.rtkit.enable = true;
|
||||
services.pipewire = {
|
||||
enable = true;
|
||||
alsa.enable = true;
|
||||
alsa.support32Bit = true;
|
||||
pulse.enable = true;
|
||||
};
|
||||
|
||||
# Font configuration for X11 applications
|
||||
@@ -183,13 +241,26 @@
|
||||
fontconfig.enable = true;
|
||||
};
|
||||
|
||||
# X11 performance optimizations
|
||||
environment.variables = {
|
||||
# Disable some heavy X11 features for better performance over SSH
|
||||
"_JAVA_AWT_WM_NONREPARENTING" = "1";
|
||||
# Optimize Qt applications for X11 forwarding
|
||||
"QT_X11_NO_MITSHM" = "1";
|
||||
# Disable some graphics acceleration that doesn't work well over SSH
|
||||
"LIBGL_ALWAYS_INDIRECT" = "1";
|
||||
# GNOME services and additional desktop features
|
||||
services.gnome = {
|
||||
gnome-keyring.enable = true;
|
||||
glib-networking.enable = true;
|
||||
};
|
||||
|
||||
# Enable location services for GNOME
|
||||
services.geoclue2.enable = true;
|
||||
|
||||
# Enable printing support
|
||||
services.printing.enable = true;
|
||||
|
||||
# Enable USB support
|
||||
services.udisks2.enable = true;
|
||||
|
||||
# Modern systemd features
|
||||
systemd.extraConfig = ''
|
||||
DefaultTimeoutStopSec=10s
|
||||
'';
|
||||
|
||||
# Latest NixOS system state version
|
||||
system.stateVersion = "25.05"; # Use latest stable version
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user