From 9103bfa337842232f85ee13b30500209d7a9bb71 Mon Sep 17 00:00:00 2001
From: Infinidoge <infinidoge@inx.moe>
Date: Fri, 15 Nov 2024 18:26:11 -0500
Subject: [PATCH] init

---
 base.nix   |  36 +++++++++
 flake.lock | 220 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 flake.nix  |  25 ++++++
 kiosk.nix  |  48 ++++++++++++
 4 files changed, 329 insertions(+)
 create mode 100644 base.nix
 create mode 100644 flake.lock
 create mode 100644 flake.nix
 create mode 100644 kiosk.nix

diff --git a/base.nix b/base.nix
new file mode 100644
index 0000000..b7a8405
--- /dev/null
+++ b/base.nix
@@ -0,0 +1,36 @@
+{ lib, ... }:
+
+{
+  system.stateVersion = "24.11";
+
+  # No need to change users at runtime
+  users.mutableUsers = false;
+
+  # I DON'T WANT IT
+  # STOP TRYING TO GIVE IT TO ME
+  boot.supportedFilesystems.zfs = lib.mkForce false;
+
+  # Set root password to a secure password
+  users.users.root.password = "asecurepassword";
+
+  # Add wifi credentials
+  networking.wireless = {
+    enable = true;
+    networks."PAL3.0".auth = ''
+      eap=PEAP
+      key_mgmt=WPA-EAP
+      pairwise=CCMP
+      auth_alg=OPEN
+      proto=RSN
+      identity="USERNAME@purdue.edu"
+      password="PASSWORD"
+      phase1="peaplabel=0"
+      phase2="auth=MSCHAPV2"
+    '';
+  };
+
+  networking.hostName = "kiosk";
+  time.timeZone = "America/New_York";
+
+  raspberry-pi-nix.board = "bcm2711";
+}
diff --git a/flake.lock b/flake.lock
new file mode 100644
index 0000000..d87bf0d
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,220 @@
+{
+  "nodes": {
+    "libcamera-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1725630279,
+        "narHash": "sha256-KH30jmHfxXq4j2CL7kv18DYECJRp9ECuWNPnqPZajPA=",
+        "owner": "raspberrypi",
+        "repo": "libcamera",
+        "rev": "69a894c4adad524d3063dd027f5c4774485cf9db",
+        "type": "github"
+      },
+      "original": {
+        "owner": "raspberrypi",
+        "repo": "libcamera",
+        "rev": "69a894c4adad524d3063dd027f5c4774485cf9db",
+        "type": "github"
+      }
+    },
+    "libpisp-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1724944683,
+        "narHash": "sha256-Fo2UJmQHS855YSSKKmGrsQnJzXog1cdpkIOO72yYAM4=",
+        "owner": "raspberrypi",
+        "repo": "libpisp",
+        "rev": "28196ed6edcfeda88d23cc5f213d51aa6fa17bb3",
+        "type": "github"
+      },
+      "original": {
+        "owner": "raspberrypi",
+        "ref": "v1.0.7",
+        "repo": "libpisp",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1731245184,
+        "narHash": "sha256-vmLS8+x+gHRv1yzj3n+GTAEObwmhxmkkukB2DwtJRdU=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "aebe249544837ce42588aa4b2e7972222ba12e8f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1728193676,
+        "narHash": "sha256-PbDWAIjKJdlVg+qQRhzdSor04bAPApDqIv2DofTyynk=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "ecbc1ca8ffd6aea8372ad16be9ebbb39889e55b6",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-24.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs",
+        "rpi-nix": "rpi-nix"
+      }
+    },
+    "rpi-bluez-firmware-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1708969706,
+        "narHash": "sha256-KakKnOBeWxh0exu44beZ7cbr5ni4RA9vkWYb9sGMb8Q=",
+        "owner": "RPi-Distro",
+        "repo": "bluez-firmware",
+        "rev": "78d6a07730e2d20c035899521ab67726dc028e1c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "RPi-Distro",
+        "ref": "bookworm",
+        "repo": "bluez-firmware",
+        "type": "github"
+      }
+    },
+    "rpi-firmware-nonfree-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1723266537,
+        "narHash": "sha256-T7eTKXqY9cxEMdab8Snda4CEOrEihy5uOhA6Fy+Mhnw=",
+        "owner": "RPi-Distro",
+        "repo": "firmware-nonfree",
+        "rev": "4b356e134e8333d073bd3802d767a825adec3807",
+        "type": "github"
+      },
+      "original": {
+        "owner": "RPi-Distro",
+        "ref": "bookworm",
+        "repo": "firmware-nonfree",
+        "type": "github"
+      }
+    },
+    "rpi-firmware-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1727798811,
+        "narHash": "sha256-eavbshXGYmkYR33y9FLcQMJoAYdYTESVEy0g/RRXnb0=",
+        "owner": "raspberrypi",
+        "repo": "firmware",
+        "rev": "287e6a6c2d3b50eee3e2c5b2eacdd907e5cbe09a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "raspberrypi",
+        "ref": "1.20241001",
+        "repo": "firmware",
+        "type": "github"
+      }
+    },
+    "rpi-linux-6_10_12-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1728305462,
+        "narHash": "sha256-LtvNmGD1D5YYv+C9xxxddAeHw69o3OX/H9M7F663L74=",
+        "owner": "raspberrypi",
+        "repo": "linux",
+        "rev": "26ee50d56618c2d98100b1bc672fd201aed4d00f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "raspberrypi",
+        "ref": "rpi-6.10.y",
+        "repo": "linux",
+        "type": "github"
+      }
+    },
+    "rpi-linux-6_6_54-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1728155174,
+        "narHash": "sha256-/8RjW35XQMnshjAE4Ey8j3oWzE2GOntnBYY6PlvZGhs=",
+        "owner": "raspberrypi",
+        "repo": "linux",
+        "rev": "12f0f28db3afe451a81a34c5a444f6841c10067c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "raspberrypi",
+        "ref": "rpi-6.6.y",
+        "repo": "linux",
+        "type": "github"
+      }
+    },
+    "rpi-nix": {
+      "inputs": {
+        "libcamera-src": "libcamera-src",
+        "libpisp-src": "libpisp-src",
+        "nixpkgs": "nixpkgs_2",
+        "rpi-bluez-firmware-src": "rpi-bluez-firmware-src",
+        "rpi-firmware-nonfree-src": "rpi-firmware-nonfree-src",
+        "rpi-firmware-src": "rpi-firmware-src",
+        "rpi-linux-6_10_12-src": "rpi-linux-6_10_12-src",
+        "rpi-linux-6_6_54-src": "rpi-linux-6_6_54-src",
+        "rpicam-apps-src": "rpicam-apps-src",
+        "u-boot-src": "u-boot-src"
+      },
+      "locked": {
+        "lastModified": 1731453829,
+        "narHash": "sha256-GzdsZR30UPMsbNM1dBlOmeXzhxcPXq79RDl4qOILpmU=",
+        "owner": "nix-community",
+        "repo": "raspberry-pi-nix",
+        "rev": "3a016ff26c2ca6e0052f3f17c892bb7406eb0c84",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "raspberry-pi-nix",
+        "type": "github"
+      }
+    },
+    "rpicam-apps-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1727515047,
+        "narHash": "sha256-qCYGrcibOeGztxf+sd44lD6VAOGoUNwRqZDdAmcTa/U=",
+        "owner": "raspberrypi",
+        "repo": "rpicam-apps",
+        "rev": "a8ccf9f3cd9df49875dfb834a2b490d41d226031",
+        "type": "github"
+      },
+      "original": {
+        "owner": "raspberrypi",
+        "ref": "v1.5.2",
+        "repo": "rpicam-apps",
+        "type": "github"
+      }
+    },
+    "u-boot-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1719857238,
+        "narHash": "sha256-mJ2TBy0Y5ZtcGFgtU5RKr0UDUp5FWzojbFb+o/ebRJU=",
+        "type": "tarball",
+        "url": "https://ftp.denx.de/pub/u-boot/u-boot-2024.07.tar.bz2"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://ftp.denx.de/pub/u-boot/u-boot-2024.07.tar.bz2"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..2c7c88e
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,25 @@
+{
+  description = "My standard flake-parts devshell template";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
+    rpi-nix.url = "github:nix-community/raspberry-pi-nix";
+  };
+
+  outputs = { nixpkgs, rpi-nix, ... }: {
+
+    nixosConfigurations.kiosk = nixpkgs.lib.nixosSystem {
+      system = "aarch64-linux";
+      modules = [
+        ./base.nix
+        ./kiosk.nix
+
+        rpi-nix.nixosModules.raspberry-pi
+        rpi-nix.nixosModules.sd-image
+        {
+          sdImage.compressImage = false;
+        }
+      ];
+    };
+  };
+}
diff --git a/kiosk.nix b/kiosk.nix
new file mode 100644
index 0000000..0ff05e6
--- /dev/null
+++ b/kiosk.nix
@@ -0,0 +1,48 @@
+{ pkgs, lib, ... }:
+let
+  dashboardUrl = "https://night.purduehackers.com";
+in
+{
+  # Create user to host kiosk
+  users.users.kiosk = {
+    isSystemUser = true;
+    group = "kiosk";
+  };
+  users.groups.kiosk = { };
+
+  # Setup caged kiosk, with kiosk firefox
+  # Use a temporary directory for the firefox profile
+  # This removes the need for a home directory at all
+  # Using a private window removes most effects of a profile anyways
+  services.cage = {
+    enable = true;
+    user = "kiosk";
+    program = ''
+      ${lib.getExe pkgs.firefox} \
+        --profile /tmp/firefox-profile \
+        --kiosk \
+        --private-window "${dashboardUrl}"
+    '';
+    extraArguments = [ "-d" ];
+  };
+
+  # Create temporary directory for firefox profile
+  systemd.tmpfiles.settings."10-kiosk" = {
+    "/tmp/firefox-profile".d = {
+      user = "kiosk";
+      group = "kiosk";
+    };
+  };
+
+  # Set firefox autoplay policy to always allow autoplay for dashboard
+  programs.firefox.policies = {
+    Permissions.Autoplay.Allow = [ dashboardUrl ];
+  };
+
+  # Enable pipewire/pipewire-pulse for audio
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    pulse.enable = true;
+  };
+}