From f6f97a6079dc690ed0b8733051c16846f3bf7d19 Mon Sep 17 00:00:00 2001 From: Infinidoge Date: Sat, 7 Dec 2024 18:58:32 -0500 Subject: [PATCH 1/2] set cage to require network-online.target --- kiosk.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kiosk.nix b/kiosk.nix index 5a75fd9..bf23da9 100644 --- a/kiosk.nix +++ b/kiosk.nix @@ -38,6 +38,8 @@ in pulse.enable = true; }; + systemd.services.cage-tty1.requires = [ "network-online.target" ]; + services.tailscale = { enable = true; extraUpFlags = [ "--advertise-tags" "tag:kiosk" ]; From 3757fb20b9e8e43f0970ce279b5ebe1c28a40473 Mon Sep 17 00:00:00 2001 From: Infinidoge Date: Sat, 7 Dec 2024 19:35:20 -0500 Subject: [PATCH 2/2] clone and decrypt configuration on boot --- decryption.key | Bin 0 -> 170 bytes kiosk.nix | 14 ++++++++++++++ 2 files changed, 14 insertions(+) create mode 100644 decryption.key diff --git a/decryption.key b/decryption.key new file mode 100644 index 0000000000000000000000000000000000000000..f695f7cfa408d5f88606ee1a7eb6686b61233311 GIT binary patch literal 170 zcmZQ@_Y83kiVO&0Sp2?6HX*8#alsSCr~Ezk20~|A4qVR2bjZ%gx)LD7{@zum`1;H( zr?ZnyF9@?gV*Y7=xbFQ9`DU(N(gr*KtTTUHz@L4SEm;!gAMnPph*dbMoN-ivV=3Q_cVY literal 0 HcmV?d00001 diff --git a/kiosk.nix b/kiosk.nix index bf23da9..f087edf 100644 --- a/kiosk.nix +++ b/kiosk.nix @@ -40,6 +40,20 @@ in systemd.services.cage-tty1.requires = [ "network-online.target" ]; + systemd.services.clone-config = { + wantedBy = [ "multi-user.target" ]; + requires = [ "network-online.target" ]; + path = with pkgs; [ git git-crypt ]; + script = '' + git clone ssh://git@inx.moe:245/Infinidoge/kiosk.git /etc/nixos + cd /etc/nixos + git-crypt unlock /etc/decryption.key + ''; + serviceConfig.Type = "oneshot"; + }; + + environment.etc."decryption.key".source = ./decryption.key; + services.tailscale = { enable = true; extraUpFlags = [ "--advertise-tags" "tag:kiosk" ];