2024-11-15 18:26:11 -05:00
|
|
|
{ pkgs, lib, ... }:
|
|
|
|
let
|
|
|
|
dashboardUrl = "https://night.purduehackers.com";
|
|
|
|
in
|
|
|
|
{
|
|
|
|
# Create user to host kiosk
|
|
|
|
users.users.kiosk = {
|
2024-11-15 18:39:35 -05:00
|
|
|
isNormalUser = true;
|
2024-11-15 18:26:11 -05:00
|
|
|
group = "kiosk";
|
2024-11-15 18:39:35 -05:00
|
|
|
home = "/tmp/kiosk";
|
2024-11-15 18:26:11 -05:00
|
|
|
};
|
|
|
|
users.groups.kiosk = { };
|
|
|
|
|
|
|
|
# Setup caged kiosk, with kiosk firefox
|
|
|
|
services.cage = {
|
|
|
|
enable = true;
|
|
|
|
user = "kiosk";
|
|
|
|
program = ''
|
|
|
|
${lib.getExe pkgs.firefox} \
|
|
|
|
--kiosk \
|
|
|
|
--private-window "${dashboardUrl}"
|
|
|
|
'';
|
|
|
|
extraArguments = [ "-d" ];
|
|
|
|
};
|
|
|
|
|
|
|
|
# Set firefox autoplay policy to always allow autoplay for dashboard
|
2024-12-07 18:55:10 -05:00
|
|
|
# and disable checking for default browser
|
2024-11-15 18:26:11 -05:00
|
|
|
programs.firefox.policies = {
|
2024-12-07 18:55:10 -05:00
|
|
|
Permissions.Autoplay.Default = "allow-audio-video";
|
|
|
|
Preferences."browser.shell.checkDefaultBrowser".Value = false;
|
2024-12-07 17:00:08 -05:00
|
|
|
DontCheckDefaultBrowser = true;
|
2024-11-15 18:26:11 -05:00
|
|
|
};
|
|
|
|
|
|
|
|
# Enable pipewire/pipewire-pulse for audio
|
|
|
|
security.rtkit.enable = true;
|
|
|
|
services.pipewire = {
|
|
|
|
enable = true;
|
|
|
|
pulse.enable = true;
|
|
|
|
};
|
2024-12-07 18:28:24 -05:00
|
|
|
|
2024-12-07 18:58:32 -05:00
|
|
|
systemd.services.cage-tty1.requires = [ "network-online.target" ];
|
|
|
|
|
2024-12-07 19:35:20 -05:00
|
|
|
systemd.services.clone-config = {
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
requires = [ "network-online.target" ];
|
|
|
|
path = with pkgs; [ git git-crypt ];
|
|
|
|
script = ''
|
2024-12-08 01:18:50 -05:00
|
|
|
git clone https://git.inx.moe/Infinidoge/kiosk.git /etc/nixos
|
2024-12-07 19:35:20 -05:00
|
|
|
cd /etc/nixos
|
|
|
|
git-crypt unlock /etc/decryption.key
|
|
|
|
'';
|
|
|
|
serviceConfig.Type = "oneshot";
|
|
|
|
};
|
|
|
|
|
|
|
|
environment.etc."decryption.key".source = ./decryption.key;
|
|
|
|
|
2024-12-07 18:28:24 -05:00
|
|
|
services.tailscale = {
|
|
|
|
enable = true;
|
|
|
|
extraUpFlags = [ "--advertise-tags" "tag:kiosk" ];
|
|
|
|
authKeyFile = ./tailscale-client-secret.key;
|
|
|
|
authKeyParameters.ephemeral = false;
|
|
|
|
openFirewall = true;
|
|
|
|
};
|
|
|
|
networking.firewall.trustedInterfaces = [ "tailscale0" ];
|
|
|
|
|
|
|
|
services.openssh = {
|
|
|
|
enable = true;
|
|
|
|
settings = {
|
|
|
|
PermitRootLogin = "yes";
|
|
|
|
};
|
|
|
|
};
|
2024-11-15 18:26:11 -05:00
|
|
|
}
|