58 lines
1.4 KiB
Nix
58 lines
1.4 KiB
Nix
{ pkgs, lib, ... }:
|
|
let
|
|
dashboardUrl = "https://night.purduehackers.com";
|
|
in
|
|
{
|
|
# Create user to host kiosk
|
|
users.users.kiosk = {
|
|
isNormalUser = true;
|
|
group = "kiosk";
|
|
home = "/tmp/kiosk";
|
|
};
|
|
users.groups.kiosk = { };
|
|
|
|
# Setup caged kiosk, with kiosk firefox
|
|
services.cage = {
|
|
enable = true;
|
|
user = "kiosk";
|
|
program = ''
|
|
${lib.getExe pkgs.firefox} \
|
|
--kiosk \
|
|
--private-window "${dashboardUrl}"
|
|
'';
|
|
extraArguments = [ "-d" ];
|
|
};
|
|
|
|
# Set firefox autoplay policy to always allow autoplay for dashboard
|
|
# and disable checking for default browser
|
|
programs.firefox.policies = {
|
|
Permissions.Autoplay.Default = "allow-audio-video";
|
|
Preferences."browser.shell.checkDefaultBrowser".Value = false;
|
|
DontCheckDefaultBrowser = true;
|
|
};
|
|
|
|
# Enable pipewire/pipewire-pulse for audio
|
|
security.rtkit.enable = true;
|
|
services.pipewire = {
|
|
enable = true;
|
|
pulse.enable = true;
|
|
};
|
|
|
|
systemd.services.cage-tty1.requires = [ "network-online.target" ];
|
|
|
|
services.tailscale = {
|
|
enable = true;
|
|
extraUpFlags = [ "--advertise-tags" "tag:kiosk" ];
|
|
authKeyFile = ./tailscale-client-secret.key;
|
|
authKeyParameters.ephemeral = false;
|
|
openFirewall = true;
|
|
};
|
|
networking.firewall.trustedInterfaces = [ "tailscale0" ];
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
settings = {
|
|
PermitRootLogin = "yes";
|
|
};
|
|
};
|
|
}
|