tomatocream/veeamm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ff895e4193454931a76046e79297083efd87e043
veeamm/nixos/configuration.nix
T
dingfeng.wong ff895e4193 add
2025-07-18 14:22:36 +08:00

267 lines
6.5 KiB
Nix
Raw Blame History

# This is your system's configuration file.
# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
{
inputs,
outputs,
lib,
config,
pkgs,
modulesPath,
...
}: {
# Import modules including LXC container support
imports = [
# Include the default lxd configuration.
"${modulesPath}/virtualisation/lxc-container.nix"
# Import your generated (nixos-generate-config) hardware configuration
./hardware-configuration.nix
# Import our custom modules
outputs.nixosModules.important-defaults
outputs.nixosModules.incus
outputs.nixosModules.orbstack
# outputs.nixosModules.power-user-defaults
];
nixpkgs = {
# You can add overlays here
overlays = [
# Add overlays your own flake exports (from overlays and pkgs dir):
outputs.overlays.additions
outputs.overlays.modifications
outputs.overlays.unstable-packages
# You can also add overlays exported from other flakes:
# neovim-nightly-overlay.overlays.default
# Or define it inline, for example:
# (final: prev: {
# hi = final.hello.overrideAttrs (oldAttrs: {
# patches = [ ./change-hello-to-hi.patch ];
# });
# })
];
# Configure your nixpkgs instance
config = {
# Disable if you don't want unfree packages
allowUnfree = true;
};
};
nix = let
flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs;
in {
settings = {
# Enable flakes and new 'nix' command
experimental-features = "nix-command flakes";
# Opinionated: disable global registry
flake-registry = "";
# Workaround for https://github.com/NixOS/nix/issues/9574
nix-path = config.nix.nixPath;
};
# Opinionated: disable channels
channel.enable = false;
# Opinionated: make flake registry and nix path match flake inputs
registry = lib.mapAttrs (_: flake: {inherit flake;}) flakeInputs;
nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
};
# User configuration
users.users.wongdingfeng = {
uid = 502;
extraGroups = [ "wheel" "orbstack" "audio" "video" ];
# simulate isNormalUser, but with an arbitrary UID
isSystemUser = true;
group = "users";
createHome = true;
home = "/home/wongdingfeng";
homeMode = "700";
useDefaultShell = true;
# Set a password for RDP login (insecure but required)
hashedPassword = "$6$rounds=4096$salt$3xAS2/rKTsVNrHRYnBJcLk9KPIbO7GGr.vCO6xLz2CIhVFZFj9EoylXnJz7sVLJhfJk8hGgJ2U8J1QD2vG7z0."; # password: "password"
# SSH keys
openssh.authorizedKeys.keys = [
# Add your SSH public keys here
# "ssh-rsa AAAAB3NzaC1yc2EAAAA... your-email@example.com"
# "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAA... your-email@example.com"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICA/3qb5Eg8NSFMHXZqFlWI9TxHZHQtFAjvcDfiTUtbv wongdingfeng@Wong-Ding-Fengs-MacBook-Pro.local-2024-01-23"
];
};
security.sudo.wheelNeedsPassword = false;
# This being `true` leads to a few nasty bugs, change at your own risk!
users.mutableUsers = false;
time.timeZone = "Asia/Singapore";
# SSH Server configuration
services.openssh = {
enable = true;
settings = {
# Better security defaults
PasswordAuthentication = true;
PermitRootLogin = "yes";
# Enable X11 forwarding
X11Forwarding = true;
X11DisplayOffset = 10;
X11UseLocalhost = true;
# Additional security settings
Protocol = 2;
MaxAuthTries = 3;
ClientAliveInterval = 300;
ClientAliveCountMax = 2;
# Allow only specific users (optional - uncomment if needed)
# AllowUsers = [ "wongdingfeng" ];
};
# Optional: Custom port (uncomment if you want to change from default 22)
ports = [ 2222 ];
};
# System packages
environment.systemPackages = with pkgs; [
neovim
gitAndTools.gitFull
tmux
htop
neofetch
ripgrep
fd
ranger
fish
# Desktop applications
firefox
chromium
gnome-terminal
nautilus
gedit
# System utilities
xorg.xauth
xorg.xhost
# Development tools
vscode
curl
wget
];
# Enable X11 with GNOME desktop environment
services.xserver = {
enable = true;
# GNOME Desktop Environment
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
# Keyboard layout
xkb = {
layout = "us";
variant = "";
};
};
# Enable xrdp for remote desktop access
services.xrdp = {
enable = true;
defaultWindowManager = "gnome-session";
openFirewall = true;
# Insecure configuration - allows all connections
port = 3389;
# Additional insecure settings
confDir = pkgs.writeTextDir "xrdp.ini" ''
[Globals]
ini_version=1
fork=true
port=3389
tcp_nodelay=true
tcp_keepalive=true
security_layer=negotiate
crypt_level=low
certificate=
key_file=
ssl_protocols=TLSv1.2, TLSv1.3
autorun=
allow_channels=true
allow_multimon=true
bitmap_cache=true
bitmap_compression=true
hide_log_window=true
max_bpp=32
new_cursors=true
use_fastpath=both
require_credentials=false
bulk_compression=true
[Xorg]
name=Xorg
lib=libxup.so
username=ask
password=ask
ip=127.0.0.1
port=-1
code=20
'';
};
# Additional firewall configuration for xrdp
networking.firewall = {
enable = true;
allowedTCPPorts = [ 3389 2222 ]; # xrdp and SSH
};
# Enable sound for desktop environment
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
# Font configuration for X11 applications
fonts = {
packages = with pkgs; [
dejavu_fonts
liberation_ttf
freetype
];
fontconfig.enable = true;
};
# GNOME services and additional desktop features
services.gnome = {
gnome-keyring.enable = true;
glib-networking.enable = true;
};
# Enable location services for GNOME
services.geoclue2.enable = true;
# Enable printing support
services.printing.enable = true;
# Enable USB support
services.udisks2.enable = true;
# Modern systemd features
systemd.extraConfig = ''
DefaultTimeoutStopSec=10s
'';
# Latest NixOS system state version
system.stateVersion = "25.05"; # Use latest stable version
}
Reference in New Issue View Git Blame Copy Permalink