init
This commit is contained in:
commit
9103bfa337
SSH key fingerprint:
SHA256:oAMyvotlNFraMmZmr+p6AxnNfW/GioTs1pOn3V4tQ7A
4 changed files with 329 additions and 0 deletions
36
base.nix
Normal file
36
base.nix
Normal file
|
|
@ -0,0 +1,36 @@
|
|||
{ lib, ... }:
|
||||
|
||||
{
|
||||
system.stateVersion = "24.11";
|
||||
|
||||
# No need to change users at runtime
|
||||
users.mutableUsers = false;
|
||||
|
||||
# I DON'T WANT IT
|
||||
# STOP TRYING TO GIVE IT TO ME
|
||||
boot.supportedFilesystems.zfs = lib.mkForce false;
|
||||
|
||||
# Set root password to a secure password
|
||||
users.users.root.password = "asecurepassword";
|
||||
|
||||
# Add wifi credentials
|
||||
networking.wireless = {
|
||||
enable = true;
|
||||
networks."PAL3.0".auth = ''
|
||||
eap=PEAP
|
||||
key_mgmt=WPA-EAP
|
||||
pairwise=CCMP
|
||||
auth_alg=OPEN
|
||||
proto=RSN
|
||||
identity="USERNAME@purdue.edu"
|
||||
password="PASSWORD"
|
||||
phase1="peaplabel=0"
|
||||
phase2="auth=MSCHAPV2"
|
||||
'';
|
||||
};
|
||||
|
||||
networking.hostName = "kiosk";
|
||||
time.timeZone = "America/New_York";
|
||||
|
||||
raspberry-pi-nix.board = "bcm2711";
|
||||
}
|
||||
220
flake.lock
Normal file
220
flake.lock
Normal file
|
|
@ -0,0 +1,220 @@
|
|||
{
|
||||
"nodes": {
|
||||
"libcamera-src": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1725630279,
|
||||
"narHash": "sha256-KH30jmHfxXq4j2CL7kv18DYECJRp9ECuWNPnqPZajPA=",
|
||||
"owner": "raspberrypi",
|
||||
"repo": "libcamera",
|
||||
"rev": "69a894c4adad524d3063dd027f5c4774485cf9db",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "raspberrypi",
|
||||
"repo": "libcamera",
|
||||
"rev": "69a894c4adad524d3063dd027f5c4774485cf9db",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"libpisp-src": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1724944683,
|
||||
"narHash": "sha256-Fo2UJmQHS855YSSKKmGrsQnJzXog1cdpkIOO72yYAM4=",
|
||||
"owner": "raspberrypi",
|
||||
"repo": "libpisp",
|
||||
"rev": "28196ed6edcfeda88d23cc5f213d51aa6fa17bb3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "raspberrypi",
|
||||
"ref": "v1.0.7",
|
||||
"repo": "libpisp",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1731245184,
|
||||
"narHash": "sha256-vmLS8+x+gHRv1yzj3n+GTAEObwmhxmkkukB2DwtJRdU=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "aebe249544837ce42588aa4b2e7972222ba12e8f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixpkgs-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1728193676,
|
||||
"narHash": "sha256-PbDWAIjKJdlVg+qQRhzdSor04bAPApDqIv2DofTyynk=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "ecbc1ca8ffd6aea8372ad16be9ebbb39889e55b6",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-24.05",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"nixpkgs": "nixpkgs",
|
||||
"rpi-nix": "rpi-nix"
|
||||
}
|
||||
},
|
||||
"rpi-bluez-firmware-src": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1708969706,
|
||||
"narHash": "sha256-KakKnOBeWxh0exu44beZ7cbr5ni4RA9vkWYb9sGMb8Q=",
|
||||
"owner": "RPi-Distro",
|
||||
"repo": "bluez-firmware",
|
||||
"rev": "78d6a07730e2d20c035899521ab67726dc028e1c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "RPi-Distro",
|
||||
"ref": "bookworm",
|
||||
"repo": "bluez-firmware",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"rpi-firmware-nonfree-src": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1723266537,
|
||||
"narHash": "sha256-T7eTKXqY9cxEMdab8Snda4CEOrEihy5uOhA6Fy+Mhnw=",
|
||||
"owner": "RPi-Distro",
|
||||
"repo": "firmware-nonfree",
|
||||
"rev": "4b356e134e8333d073bd3802d767a825adec3807",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "RPi-Distro",
|
||||
"ref": "bookworm",
|
||||
"repo": "firmware-nonfree",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"rpi-firmware-src": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1727798811,
|
||||
"narHash": "sha256-eavbshXGYmkYR33y9FLcQMJoAYdYTESVEy0g/RRXnb0=",
|
||||
"owner": "raspberrypi",
|
||||
"repo": "firmware",
|
||||
"rev": "287e6a6c2d3b50eee3e2c5b2eacdd907e5cbe09a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "raspberrypi",
|
||||
"ref": "1.20241001",
|
||||
"repo": "firmware",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"rpi-linux-6_10_12-src": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1728305462,
|
||||
"narHash": "sha256-LtvNmGD1D5YYv+C9xxxddAeHw69o3OX/H9M7F663L74=",
|
||||
"owner": "raspberrypi",
|
||||
"repo": "linux",
|
||||
"rev": "26ee50d56618c2d98100b1bc672fd201aed4d00f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "raspberrypi",
|
||||
"ref": "rpi-6.10.y",
|
||||
"repo": "linux",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"rpi-linux-6_6_54-src": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1728155174,
|
||||
"narHash": "sha256-/8RjW35XQMnshjAE4Ey8j3oWzE2GOntnBYY6PlvZGhs=",
|
||||
"owner": "raspberrypi",
|
||||
"repo": "linux",
|
||||
"rev": "12f0f28db3afe451a81a34c5a444f6841c10067c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "raspberrypi",
|
||||
"ref": "rpi-6.6.y",
|
||||
"repo": "linux",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"rpi-nix": {
|
||||
"inputs": {
|
||||
"libcamera-src": "libcamera-src",
|
||||
"libpisp-src": "libpisp-src",
|
||||
"nixpkgs": "nixpkgs_2",
|
||||
"rpi-bluez-firmware-src": "rpi-bluez-firmware-src",
|
||||
"rpi-firmware-nonfree-src": "rpi-firmware-nonfree-src",
|
||||
"rpi-firmware-src": "rpi-firmware-src",
|
||||
"rpi-linux-6_10_12-src": "rpi-linux-6_10_12-src",
|
||||
"rpi-linux-6_6_54-src": "rpi-linux-6_6_54-src",
|
||||
"rpicam-apps-src": "rpicam-apps-src",
|
||||
"u-boot-src": "u-boot-src"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1731453829,
|
||||
"narHash": "sha256-GzdsZR30UPMsbNM1dBlOmeXzhxcPXq79RDl4qOILpmU=",
|
||||
"owner": "nix-community",
|
||||
"repo": "raspberry-pi-nix",
|
||||
"rev": "3a016ff26c2ca6e0052f3f17c892bb7406eb0c84",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "raspberry-pi-nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"rpicam-apps-src": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1727515047,
|
||||
"narHash": "sha256-qCYGrcibOeGztxf+sd44lD6VAOGoUNwRqZDdAmcTa/U=",
|
||||
"owner": "raspberrypi",
|
||||
"repo": "rpicam-apps",
|
||||
"rev": "a8ccf9f3cd9df49875dfb834a2b490d41d226031",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "raspberrypi",
|
||||
"ref": "v1.5.2",
|
||||
"repo": "rpicam-apps",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"u-boot-src": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1719857238,
|
||||
"narHash": "sha256-mJ2TBy0Y5ZtcGFgtU5RKr0UDUp5FWzojbFb+o/ebRJU=",
|
||||
"type": "tarball",
|
||||
"url": "https://ftp.denx.de/pub/u-boot/u-boot-2024.07.tar.bz2"
|
||||
},
|
||||
"original": {
|
||||
"type": "tarball",
|
||||
"url": "https://ftp.denx.de/pub/u-boot/u-boot-2024.07.tar.bz2"
|
||||
}
|
||||
}
|
||||
},
|
||||
"root": "root",
|
||||
"version": 7
|
||||
}
|
||||
25
flake.nix
Normal file
25
flake.nix
Normal file
|
|
@ -0,0 +1,25 @@
|
|||
{
|
||||
description = "My standard flake-parts devshell template";
|
||||
|
||||
inputs = {
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
|
||||
rpi-nix.url = "github:nix-community/raspberry-pi-nix";
|
||||
};
|
||||
|
||||
outputs = { nixpkgs, rpi-nix, ... }: {
|
||||
|
||||
nixosConfigurations.kiosk = nixpkgs.lib.nixosSystem {
|
||||
system = "aarch64-linux";
|
||||
modules = [
|
||||
./base.nix
|
||||
./kiosk.nix
|
||||
|
||||
rpi-nix.nixosModules.raspberry-pi
|
||||
rpi-nix.nixosModules.sd-image
|
||||
{
|
||||
sdImage.compressImage = false;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
48
kiosk.nix
Normal file
48
kiosk.nix
Normal file
|
|
@ -0,0 +1,48 @@
|
|||
{ pkgs, lib, ... }:
|
||||
let
|
||||
dashboardUrl = "https://night.purduehackers.com";
|
||||
in
|
||||
{
|
||||
# Create user to host kiosk
|
||||
users.users.kiosk = {
|
||||
isSystemUser = true;
|
||||
group = "kiosk";
|
||||
};
|
||||
users.groups.kiosk = { };
|
||||
|
||||
# Setup caged kiosk, with kiosk firefox
|
||||
# Use a temporary directory for the firefox profile
|
||||
# This removes the need for a home directory at all
|
||||
# Using a private window removes most effects of a profile anyways
|
||||
services.cage = {
|
||||
enable = true;
|
||||
user = "kiosk";
|
||||
program = ''
|
||||
${lib.getExe pkgs.firefox} \
|
||||
--profile /tmp/firefox-profile \
|
||||
--kiosk \
|
||||
--private-window "${dashboardUrl}"
|
||||
'';
|
||||
extraArguments = [ "-d" ];
|
||||
};
|
||||
|
||||
# Create temporary directory for firefox profile
|
||||
systemd.tmpfiles.settings."10-kiosk" = {
|
||||
"/tmp/firefox-profile".d = {
|
||||
user = "kiosk";
|
||||
group = "kiosk";
|
||||
};
|
||||
};
|
||||
|
||||
# Set firefox autoplay policy to always allow autoplay for dashboard
|
||||
programs.firefox.policies = {
|
||||
Permissions.Autoplay.Allow = [ dashboardUrl ];
|
||||
};
|
||||
|
||||
# Enable pipewire/pipewire-pulse for audio
|
||||
security.rtkit.enable = true;
|
||||
services.pipewire = {
|
||||
enable = true;
|
||||
pulse.enable = true;
|
||||
};
|
||||
}
|
||||
Loading…
Reference in a new issue