{pkgs, ... }: { imports = [ ./melodies.nix ]; system.stateVersion = "23.05"; # Enables flakes and the updated `nix` command nix.settings.experimental-features = [ "nix-command" "flakes" ]; # Enables opengl support hardware.opengl.enable = true; sound.enable = true; services.jack.jackd.enable = true; services.jack.alsa.enable = true; # Includes packages needed for startx services.xserver = { enable = true; displayManager.autoLogin.user = "appuser"; windowManager.fluxbox.enable = true; }; networking.interfaces.wlan0 = { useDHCP = false; ipv4.addresses = [{ address = "192.168.24.1"; prefixLength = 24; }]; }; services.hostapd = { enable = true; interface = "wlan0"; ssid = "mmelodies"; wpaPassphrase = "myPhyzzySounds"; extraConfig = '' ignore_broadcast_ssid=0 ''; }; services.dnsmasq = { enable = true; settings = { interface = [ "wlan0" ]; dhcp-range = [ "192.168.24.100,192.168.24.200" ]; }; }; networking.firewall.allowedUDPPorts = [ 67 ]; environment.systemPackages = with pkgs; [ git btop tmux ]; users = { # No need to edit users on a single-purpose system. mutableUsers = false; users = { # My authorized keys are used for remote access # CHANGE THIS if forking geekygay = { shell = pkgs.fish; isNormalUser = true; extraGroups = [ "wheel" "dialout" "jackaudio" ]; password = ""; openssh.authorizedKeys.keyFiles = [ ./authorized_keys ]; }; # Unprivledged user for running the application. appuser = { isNormalUser = true; extraGroups = [ "jackaudio" ]; password = ""; packages = with pkgs; [ puredata websocat ]; }; }; }; programs.fish.enable = true; security.sudo.wheelNeedsPassword = false; # Needed for colmena. nix.settings.trusted-users = [ "root" "@wheel" ]; documentation.man.enable = false; # Takes way too long to build. # Allow SSH with authorized keys only! services.openssh = { enable = true; settings.PasswordAuthentication = false; }; }