diff --git a/base.nix b/base.nix index b7a8405..2fd55d0 100644 --- a/base.nix +++ b/base.nix @@ -10,6 +10,8 @@ # STOP TRYING TO GIVE IT TO ME boot.supportedFilesystems.zfs = lib.mkForce false; + boot.tmp.useTmpfs = true; + # Set root password to a secure password users.users.root.password = "asecurepassword"; diff --git a/kiosk.nix b/kiosk.nix index 0ff05e6..690e127 100644 --- a/kiosk.nix +++ b/kiosk.nix @@ -5,35 +5,24 @@ in { # Create user to host kiosk users.users.kiosk = { - isSystemUser = true; + isNormalUser = true; group = "kiosk"; + home = "/tmp/kiosk"; }; users.groups.kiosk = { }; # Setup caged kiosk, with kiosk firefox - # Use a temporary directory for the firefox profile - # This removes the need for a home directory at all - # Using a private window removes most effects of a profile anyways services.cage = { enable = true; user = "kiosk"; program = '' ${lib.getExe pkgs.firefox} \ - --profile /tmp/firefox-profile \ --kiosk \ --private-window "${dashboardUrl}" ''; extraArguments = [ "-d" ]; }; - # Create temporary directory for firefox profile - systemd.tmpfiles.settings."10-kiosk" = { - "/tmp/firefox-profile".d = { - user = "kiosk"; - group = "kiosk"; - }; - }; - # Set firefox autoplay policy to always allow autoplay for dashboard programs.firefox.policies = { Permissions.Autoplay.Allow = [ dashboardUrl ];