From 4727b78cd6fa47622a82e4a8b4391ceb13f1439c Mon Sep 17 00:00:00 2001 From: Gene Liverman Date: Fri, 10 Jan 2025 21:11:43 -0500 Subject: [PATCH] Working Pi with Cage --- .sops.yaml | 6 + flake.nix | 6 + modules/hosts/common/secrets.yaml | 106 ++++++++++-------- .../hosts/nixos/kiosk-gene-desk/default.nix | 67 +++++++++-- .../hosts/nixos/kiosk-gene-desk/home-gene.nix | 5 +- .../hosts/nixos/kiosk-gene-desk/secrets.yaml | 22 ++++ 6 files changed, 156 insertions(+), 56 deletions(-) create mode 100644 modules/hosts/nixos/kiosk-gene-desk/secrets.yaml diff --git a/.sops.yaml b/.sops.yaml index 1d82ef5..6759356 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -3,6 +3,7 @@ keys: - &system_bigboy age1hraf69phgqg9y48m2r2sn6tr2sw7tf2h5j62ysl8nrv3qs2ft9kst0ysxm - &system_hetznix01 age1rd55wsu0hhvxk25tm69d9h57z0z0u6556x4ypg09muj3vh4yqs5qaw23nu - &system_hetznix02 age180w4c04kga07097u0us6d72aslnv2523hx64x8fzgzu4tccrxuyqa50hpm + - &system_kiosk_gene_desk age1an6t5f0rr6h55rzsv5ejycxju72rp46jka840fwvupwfk65jegrq7hmkl9 - &system_nixnas1 age1g4h5a4f5xfle2a6np8te342pphs3mcuan60emz2zp87nrwjzl5yquhr5vl - &system_nixnuc age1g24zhwvgenpc4wqejt63thvgd4rn5x9n7nnwwme7dm83nfqpp93se2vmq4 - &system_rainbow_planet age15xlw5vnnjdx2ypz6rq0mqcywuaj3yx8y6lrgf95satafqf7y4qus6rv6ck @@ -22,6 +23,10 @@ creation_rules: key_groups: - age: - *system_hetznix02 + - path_regex: kiosk-gene-desk/secrets.yaml$ + key_groups: + - age: + - *system_kiosk_gene_desk - path_regex: nixnas1/secrets.yaml$ key_groups: - age: @@ -52,6 +57,7 @@ creation_rules: - *system_bigboy - *system_hetznix01 - *system_hetznix02 + - *system_kiosk_gene_desk - *system_nixnas1 - *system_nixnuc - *system_rainbow_planet diff --git a/flake.nix b/flake.nix index a32913f..69efcdd 100644 --- a/flake.nix +++ b/flake.nix @@ -182,5 +182,11 @@ additionalSpecialArgs = {}; }; }; # end homeConfigurations + + packages.aarch64-linux.kiosk-gene-desk-sdImage = (self.nixosConfigurations.kiosk-gene-desk.extendModules { + modules = [ + "${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" + ]; + }).config.system.build.sdImage; }; } diff --git a/modules/hosts/common/secrets.yaml b/modules/hosts/common/secrets.yaml index 1fa4ee5..d6b4e97 100644 --- a/modules/hosts/common/secrets.yaml +++ b/modules/hosts/common/secrets.yaml @@ -3,6 +3,7 @@ gandi_api: ENC[AES256_GCM,data:YsdDMk75miIKO4LkCZjfwJw6gxfrmsTL,iv:BOPRxB661sPJn restic_env: ENC[AES256_GCM,data:FCYR8tkClRwfcjUotcr28D6uRz7sNihn50nw38CaYnqOD/U9+5kU0iAPSvqAbeuw+xUoKKKAPAfMHI12dPTYt17Wz1N7i4a+MRkiIR9pjyv5KZTK59G+,iv:jStc8GMbZUQUgooZiRdImSZskdckYN1cRm2gsKbUyYY=,tag:HpQQIj1j7fjCmxkSeY/k4g==,type:str] restic_repo: ENC[AES256_GCM,data:kCoNYVKwB87W4h5doa3IXj4n,iv:jKEw/Hki/tp3RSTsRB4dlg593I5B4pCLBav84ADCh70=,tag:+GFF5vHOVw0r/G8BbhcCjw==,type:str] restic_password: ENC[AES256_GCM,data:PfQsxJul1Qpt3WQoUEI941l+yng3lVjhDd8=,iv:U5KjhcVqyksN2ay19RBjNhYIB31tUbfNRIqCEx/+Wbc=,tag:jsoU+B1mjAprPK+M5I0pAQ==,type:str] +wifi_creds: ENC[AES256_GCM,data:9lgTtI8YHyCHrvqss4W7coLnqfOAoQzrCQne6dLv0x66pt7jLo4Y6YSd3TklRTurS9usvNk3sg==,iv:6g86hOmpnOxf4p4C+wPit7EP0DD+xb+cINiWRJnTRDM=,tag:ZW336IhXtrf5l5n/RJecoQ==,type:str] sops: kms: [] gcp_kms: [] @@ -12,86 +13,95 @@ sops: - recipient: age1hraf69phgqg9y48m2r2sn6tr2sw7tf2h5j62ysl8nrv3qs2ft9kst0ysxm enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoNUNVVVk4NVZPTU93bE53 - OXRjY2U1R0JFU1hBQU9LU2RmazhVUG92R0RZClF3RXREaFNidjBlZDNRQW9jcWFY - dStPSHV4RS9PQnZ2RFo1NW8zQ2NYT0EKLS0tIHcyVFRRU09SeFQzOC82dHh5WXZl - OTRYOEwxWWkybE9GcndhOEt1VW1Cc0kK3aoH7yrC/Vc98RqzAicwkGKZKiTx5dMl - 6cPFziBIQv03N06vN60eLbBXUMgrT/21Cn/Np79PLzYJ/K/i9Tt4Qg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXbHhmeVRUUDJvTy94Vldu + QmxTb2pWTWM0RVFUK2NYUlcyKytERXdtZGxJClVvTDZuZ3R5Ujc4U3o1bmtlempi + bzhCK1RveHF5bE4xVWx4bmxsNHZhOHMKLS0tIFRVWEF2N05wZGpZY0w2MXlETXFm + dkFJQUJ0aGxtdTFGSU1US2Y5U3ZxS0UKViqR82ov4e+C1eKpJ6zPI9TMqBbk2PJP + ZvsROkTo8GmdB7RctIfnbNust8A4iO31aJB899eVD07iZpX9tsivQw== -----END AGE ENCRYPTED FILE----- - recipient: age1rd55wsu0hhvxk25tm69d9h57z0z0u6556x4ypg09muj3vh4yqs5qaw23nu enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKblc4TGk4d0hxdW9MREJQ - a2UyWmxSTUZOUUlURHY1eDB1LzRDQUxmRFJ3CkpRak9mVTd5bGxjZnJYQlhBSWpw - ditqemZ5QnNJbEJ0WWJneHM3NkN3SkkKLS0tIHlDT1VyNCtSejRjd1RSZGM4ZzMx - V2d5ZTRkRURRc0huT1k5Y0VNZGVMWWMKn9BnIg+vehG2Nxea2Jz3JMqrPwpNGXuP - 9GU3kbk/ldviqLjqRGmvZR8KiOnazX7AdV/x/c0dO/nfckeKVZ1sAA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4eFRsYjU1OE1XaDhrK2JC + QktYaUc0RDlSUXZ2TDVxaDRxMWlqUG52b25VClJoYzVyTnM5dnJyMlBtcDN4VnJh + dDR1QUVCRjdhaXRhcFZmNXBzRWluc3MKLS0tIGl4WVdlVjNGWWVQV3I1ZSs3VHQ3 + WVZhbmlzTGptWGU0MkQ2YlBQK292TDQKexgX4LUBeQuGxqUfNP32d+omdpnd9vVC + LMKg50MZR2RzZXDwBpWECxCShOvzCjikyzV5955vLMfLQoPky+TG4Q== -----END AGE ENCRYPTED FILE----- - recipient: age180w4c04kga07097u0us6d72aslnv2523hx64x8fzgzu4tccrxuyqa50hpm enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4N1NkU04xY1JZVG5WRThV - Um5pV3RzZG9UcmZHZk5FUDl4Ni9KbmJLTFFjCmJXcHVORll0eko1bmxDUFhHYVpz - Z1RpdUIzM1lUV3Z3VGU1emdTbmpEWDAKLS0tIC96TFZRMkdHQ255VjZGcVdKcmJD - UWExNWozT2h1TDZ0YmtuWldCeXhEV1EK/v+GJ7eKgpQE1dysCD0dt+ildshnkPqB - j1tqYcnHysXYoQSLUzCADK2Fo7tJ1BC7e4N7C0wZMXZ1B6FkO8GrrA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUVW9rRUFlb3h4aXlOK0xV + enNNK3V5Ni91cWxsY1lSSzZBUnNsODE4OGpZCk9YK3VLTWhWOHhraEM3ZHROTDhi + cm0rVXdqQTNNbjAyNzQxUGJIVVVTcTgKLS0tIE5KUGtoNE5seHFZNnBReFZ3WmFr + cGFDUVZFbVBSMmdLeU8wbjhlUzRHaXcK/tsc4Amurh2i4TdzQoruD7scW+SnYUtU + EySIFKKQzKCodSEYRzDHlp0PRRTcbgOtEUuvr+9a2Rsod1Kzc9CZ1g== + -----END AGE ENCRYPTED FILE----- + - recipient: age1an6t5f0rr6h55rzsv5ejycxju72rp46jka840fwvupwfk65jegrq7hmkl9 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxeCt3M1JzRVdWblBENXpI + T1RHZ3h3ekx6N0FyRTJ5Z1ZGejFPY29rV0RrCnZRWjRXSnhNekxQeVU4M3loNDJO + RitBL25kRWhMVnJNcDB4RFQvYks4SUUKLS0tIC8zVGVPNFZLYzVvdDk1dFF6M2Fn + c3RSNXZJNlEvQTQxTVovY1NndEtQSTAKuMUQBKVIYfDKxCIMZwUczd1UlE6O9L93 + WL/Fs/TWYKtduiOAJtAEpKKmMzHIWAUwH8fdvVUXO8T+8xR3VyZ7gA== -----END AGE ENCRYPTED FILE----- - recipient: age1g4h5a4f5xfle2a6np8te342pphs3mcuan60emz2zp87nrwjzl5yquhr5vl enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoQnZzNnYrb1hTYUtUWits - V3lETXpZODMyN3M4R3B4VHpwMytOamVFM2dZCnl3dmxUWWJYOFdnRFZZVXROWnNn - RjlkdHMyalBaRU5VczhKWEU2dEtFT3cKLS0tIHFOMDJRRVY4dVFjQTV5YWFzZDRr - K2orYzVra3V0OEtROU5ma25jaHJkTjQKdHeDC7b+6zTmClpVOOXTbAcK38ADx6TN - HkyIcASUaC/HqpTSTvXT3OYUE8edQdUAC7Z9wYLTgrxTVZRCTtTzLQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4RU9JNks0U0MwQTFsY2pp + YVVkbDJ3TnV2QVRyanZITmVCelJzay8rbkI4CmM2cWNYN2NQaEoxcGNOZFI1K05Y + eDZ1ZlpSRXQyVkVQaFlEeXgrR1ZtTWcKLS0tIDluaGVlZXZQTjB4RVFML2FSMU5s + N2pxT2hLbEQvVnBTMS9yODc3MWxPWjAK5eB7GQ2gLz3VkBBEji5wr8MWT0V3szPE + 5beVQykzz7kzggKFMFeYli6Uhhy8ZNT7nyM0uusbQ+fZZ4qcr3OxCg== -----END AGE ENCRYPTED FILE----- - recipient: age1g24zhwvgenpc4wqejt63thvgd4rn5x9n7nnwwme7dm83nfqpp93se2vmq4 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxZTZRZmRCL0NRVFJTSjVT - WmUyRXExZU5pMzY1SEV0dThjc0hvSXVXdEhjClBLZENteEhvOEF6T0ZqaHA3TE5k - Sko0Y1lKSjdaWTF4amNvc1VJTXkzdDQKLS0tIFNHRnhYQjB2MXdxcmNDREZLdkov - dWxkN3dzanY2TVNPelZFMXpvMTFyUm8KTwij5ubszireukfKqKPEKB8kELS82ld+ - UqDDPu6x7uNT+D9UV5nk4l4zzox5pmxuBxziz4RcTVYCHmhjtVSh7A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqRVJsZnhncUdnQStTZ0VB + T21EaGhwckd0bjF4dXZMRnBzbFZkOEd3RFhVCmFJaEc4UHJZQVJUOS8zaU5PU3p0 + MnFGcXc2SEdSWjdWckJ0VXhQaDZsS3cKLS0tIE41N1FpZHh3WmVOYzN2c2VHc00w + SHl0cFhvVzQzZXhmTFdWTnB3R1pqVXcKOTbCrWLKG2tDtiduNipCxB5pVRw6XhMe + oir1nURrV/c7LFALactcq51rV1Es48DvSyBjE0OM7XaeJvRIQjfB2w== -----END AGE ENCRYPTED FILE----- - recipient: age15xlw5vnnjdx2ypz6rq0mqcywuaj3yx8y6lrgf95satafqf7y4qus6rv6ck enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpT21zMzRCMXpVOStBbEJO - UlVBdVNRTmkzSjNpRzQrYlExRnVPU3FVM1FzCk11RFVsdVBRMWUxeUFyS1FqckhZ - cndkQktqRTEvNUFrQ3lEa1B3T0V6a2cKLS0tIEtWRXB1Z3hyZjczS0VMZ0I0cFRZ - N3RiR3ZTcFVvUFJlbTFiVS9OOElOd1EKy1tuLTMr+0EB0ZcgOMz8INbhFMUbyfme - NByTM4lrHsOvt1mO6ts+Ug3UWy0KSqE1RQI5XZIU0jsA36z+ISM6tg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzc2EzZ2IwZW05VldyL3pO + M1duZis0VUFwYm1ZNVU0elExZTlmcklYR0JNCnVsbXN1OEZoV2NEV0IyTjlmWXU4 + WmZ2Q2xFUVVzaUMvWFBvanpJWHNaR0EKLS0tIER1S2hmN0tYZEluZUlJZDd6Sk9Q + YWxBS0liSUxCc00zeExwZUFrUWhSb2MKEd+wTDvIQR8fvb6hknCiT18AYB429APU + qOqgxnK8NAhMYZ73EtmAK8cyKnNWOfARwcFh0OkY9xf1mwH8ahAgkQ== -----END AGE ENCRYPTED FILE----- - recipient: age1awdf9h0avajf57cudx0rjfmxu2wlxw8wf3sa7yvfk8rp4j6taecsu74x77 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByeWhOT0pZb1hyOVp6cG1n - b1c1RFJWNUFKSVYremo4TngxcHlEaUlWM1I4CkVzSjZKeGFiTHdTamQrYlg5UGxy - UVh1ZlVWeFFkQk9oeG5BUDAyTlNlQWcKLS0tIGRKSmhkRGVCWnJkRVFXMjBaQm9K - enhPTnBQVjFQSk80UzNvUm1iL0xjMEEKtsMPvSTm+j6FxZbtdxKEBmRsYwXgDQZH - FUXkJLpNFVJVNLRHb8WKfLQaf2xR+tJmNZ0KM8GueHE9ft4q7gxCRA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWNFRSRVE1KzArQUF1Wk5I + b1MyNnZvZWtGQ2hXYU9kTmZXM01JajNqWXpBCmtLVDB4YW5ReTV5NnBLTm5lTXJw + Y2s5UzIwVGN6RmlnYk1tTHJSbU5Eb0UKLS0tIEk4R3ZvOFM0bnJrOGh5dDUrSE00 + SFZpK3RtR2dJcy9rNHpHZTNaYndwZ0kKYCt784yPEXPoHeksPT5GQ8RZl+urHfUV + VABWk70L+6cySe5y/N1mZT3ixaNwEOhViKqONw8soeqMDnELJtYWBg== -----END AGE ENCRYPTED FILE----- - recipient: age1rt72txg22w8y3cdvq9w7zff0cas6xtkplpj36kxnevfnrtn82f6ss7yw7d enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6UWV3VXVla1M0anREbVNU - MUVRa3FaeHN2WHU2ZjR2cnNlUXRHVVQ1TkVRCmpjTk5nTmJIaU5nRDNheWc5ZDUx - L0wvSVVRQ3A3YS94U3ZpbWFieHJVUG8KLS0tIHpuUFNNOWhlTHRhVHJFdE9tMGJt - c3pmMmlGd0JQV3ptdzlmZDhDY2FGeU0KutCMMR1irGAlD/xYxUGyqj0uXBoChSJL - wsgEMyD62+zqHWDQPqfLFh7b9+/Ir/sQai0qPKiU9uDCuIP/K0TLVQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjbU1PVWZLMFplT0I5RnNk + U1VLd2tWdExCTEFVU3RHZkhSbElmeVByUUFJCmo3OUFnL0daeXNONWxVbHNOUnRE + TUlqTFA2WkJlS0YwL1FoMm1Xa2w0eVEKLS0tIENUNW1KZkMvTmxHbDJsR2VmbG96 + VFJrdzVtMjZrallSL1BmcXNtZEhYZTAK8hsJvs8GjlxFpwW1Ol8hCQQw+lXvgz81 + qt3aysE/w3voPiZQYcVcZLAoV/oAlaZMS199tEvwTuGa8HXMNN2NZw== -----END AGE ENCRYPTED FILE----- - recipient: age1zz34qx3n3dj63sva24kaymetv3apn58lafjq4dl6zw7xxachuyts00mhck enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDR2tvaUZLV09udXNiaHE3 - SG1HeTE4MUVEeTZlRmx2eWF2RzZ3ZHI2VmxBCisvTWNOcTB6eXRlSEZQQWpCOXFy - Tm1aalJGbVB6SHBnT200OElhZGtmQmMKLS0tIDU5aER4WEFsZDdFQU9hMkhPS3NW - VW9xemJxL05FNzBiNXFLMlpwKzFjTE0KtEzpcVvZrzi40hl2zP9r6Ca4muPCVFbd - hAXOLUi05CkSHDzTt4lrR4BMK46P4rS3ZnpLOfsZO+2zMfGsIOetVw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCdGVCa1Q5QUNmVGZsT01Y + SW9aL2hWUjdTdkFBT0o1TnFDb1pkdWRnNlc0CnlYNDRhbXhTS3lvdlprdUZJY1pm + M3VWcTI0OWxHY1hxQW5nZkJxTnZLMzgKLS0tIGFoNVlKTGJ0ZnlnTnlnV21PNDFX + Y3I0d2xaYlRwVU9CdE44UW9vZ1NJeFUK5DQu30MuGjMq5YRSTh2II2uNvWm2XF9B + YDcK/E1xKGIA/tKk/DDmpbUZMTIzh+tmYcN72EQQqlT/9a2HyINChg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-11T17:22:16Z" - mac: ENC[AES256_GCM,data:WbuN9UpP0OP69ta29VW2LlCFfyTWI3v8IiwUu3tLOxtY3gjdJLZTpaG2hBR985qjLYL3MT7eR7eWp4p99DAKupVBvA6tJl8/+N9+0W/dapcec+qv7u9wRHcFjP9wtggq66vUdGqH8IIHYuGlIhAvCbDouoXuLoFIcB2i2lYNB4Q=,iv:u+KsBgHxLgwSgFLYtY0F6HjCUbSCvNAatIIwrCGGyJg=,tag:bHO4vovTLPVK2vsQvliwzQ==,type:str] + lastmodified: "2025-01-11T02:27:36Z" + mac: ENC[AES256_GCM,data:Eezf5E3vh10bZTQCxGMZxioUoJqoc9rNBdMu+Wske1SC34Z8GzWbxy3s1T4RPB8I84woIigSgiwj03bZ/F5dchUqNtZwZDObpB44Ru9SEXMB/zEgM8g8LLha/Dgj1MFNbsVR9j2VhacDVv5XJKkjzr/TY5tKedi2mTSHUkpjAGI=,iv:U6YQWh0ISZ0LV6TrwA9QEGal/+lNyTV+tA6yCfNjd6A=,tag:6AUhKo1PniUxW98Yrq3Ulg==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.2 diff --git a/modules/hosts/nixos/kiosk-gene-desk/default.nix b/modules/hosts/nixos/kiosk-gene-desk/default.nix index 1e14536..68c813e 100644 --- a/modules/hosts/nixos/kiosk-gene-desk/default.nix +++ b/modules/hosts/nixos/kiosk-gene-desk/default.nix @@ -1,4 +1,4 @@ -{ inputs, lib, pkgs, username, ... }: { +{ inputs, config, lib, pkgs, username, ... }: { imports = [ # SD card image "${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" @@ -14,19 +14,25 @@ environment.systemPackages = with pkgs; [ libraspberrypi raspberrypi-eeprom + raspberrypifw + ubootRaspberryPi4_64bit + wlr-randr ]; hardware.enableRedistributableFirmware = true; + hardware.graphics.enable = true; + hardware.raspberry-pi."4".fkms-3d.enable = true; networking.wireless = { enable = true; networks = { + # Home + "Diagon Alley".pskRaw = "ext:psk_diagon_alley"; # Public networks "Gallery Row-GuestWiFi" = {}; - "LocalTies Guest" = { - psk = "DrinkLocal!"; - }; + "LocalTies Guest".pskRaw = "ext:psk_local_ties"; }; + secretsFile = "${config.sops.secrets.wifi_creds.path}"; }; nixpkgs.overlays = [ @@ -36,14 +42,55 @@ }) ]; + sdImage.compressImage = false; + services = { - cage = { + cage = let + kioskProgram = pkgs.writeShellScript "kiosk.sh" '' + WAYLAND_DISPLAY=wayland-0 wlr-randr --output HDMI-A-1 --transform 90 + /etc/profiles/per-user/gene/bin/chromium-browser + ''; + in { enable = true; - program = "${pkgs.chromium}/bin/chromium-browser"; + program = kioskProgram; + user = "gene"; + environment = { + WLR_LIBINPUT_NO_DEVICES = "1"; # boot up even if no mouse/keyboard connected + }; + }; + prometheus.exporters.node = { + enable = true; + enabledCollectors = [ + "logind" + "systemd" + "network_route" + ]; + disabledCollectors = [ + "textfile" + ]; }; }; - sdImage.compressImage = false; + sops = { + age.keyFile = "${config.users.users.${username}.home}/.config/sops/age/keys.txt"; + defaultSopsFile = ./secrets.yaml; + secrets = { + local_git_config = { + owner = "${username}"; + path = "${config.users.users.${username}.home}/.gitconfig-local"; + }; + local_private_env = { + owner = "${username}"; + path = "${config.users.users.${username}.home}/.private-env"; + }; + wifi_creds = { + sopsFile = ../../common/secrets.yaml; + restartUnits = [ + "wpa_supplicant.service" + ]; + }; + }; + }; users.users.${username} = { isNormalUser = true; @@ -55,5 +102,11 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIp42X5DZ713+bgbOO+GXROufUFdxWo7NjJbGQ285x3N gene.liverman@ltnglobal.com" ]; }; + + zramSwap = { + enable = true; + algorithm = "zstd"; + memoryPercent = 90; + }; } diff --git a/modules/hosts/nixos/kiosk-gene-desk/home-gene.nix b/modules/hosts/nixos/kiosk-gene-desk/home-gene.nix index 185b25c..93fa15c 100644 --- a/modules/hosts/nixos/kiosk-gene-desk/home-gene.nix +++ b/modules/hosts/nixos/kiosk-gene-desk/home-gene.nix @@ -5,7 +5,8 @@ chromium = { enable = true; commandLineArgs = [ - "http://192.168.22.22:8123/kiosk-gene-desk" + #"http://192.168.22.22:8123/kiosk-gene-desk/0?kiosk" + "--app=http://192.168.20.190:3001/?album=e2281831-ae1b-45a5-8fe1-0a267ba5e1a9&transtion=cross-fade" "--kiosk" "--noerrdialogs" "--disable-infobars" @@ -13,6 +14,8 @@ "--ozone-platform=wayland" "--enable-features=OverlayScrollbar" "--start-maximized" + "--force-dark-mode" + "--hide-crash-restore-bubble" ]; }; }; diff --git a/modules/hosts/nixos/kiosk-gene-desk/secrets.yaml b/modules/hosts/nixos/kiosk-gene-desk/secrets.yaml new file mode 100644 index 0000000..67fffda --- /dev/null +++ b/modules/hosts/nixos/kiosk-gene-desk/secrets.yaml @@ -0,0 +1,22 @@ +local_git_config: ENC[AES256_GCM,data:gMuCCJzRdZcDGZvdDCv3h5EZmAkK+bBewn2m6x4VT+23K5gCdajeV94=,iv:1pRM6QWSIw6xfTgcjpGkfHR8iHY/+xuWgeFQ+1pWSTM=,tag:lodSBhqgN8Yaagm6gK4xTQ==,type:str] +local_private_env: ENC[AES256_GCM,data:i+uyo+/StMDUfIp6g1Pl8pOyqD+0f2X5AsFzOo+3VOd/n7CCOy7j/1F42QMpjgejvIYmQwLYSR2jEXyxig==,iv:QTUeDe/LnkKCEFB5g3y7pbySUwdWW7D8rVjVv4+ib9g=,tag:6hBzyfQus60i5c2EktD0Eg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1an6t5f0rr6h55rzsv5ejycxju72rp46jka840fwvupwfk65jegrq7hmkl9 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmY2Q1NkR3ZnBOWmJVakxh + SGgweVp1N2FROXAyVk5hM24ybXBTVEJQNnpZCmRJSldCM1NRbEUrekFNU2NjaWZR + RXhxQU5ZYVpiaWJ1V0FzOGxHRHc5N28KLS0tIGtCRTcva1hyOXFGbzlKUXl6REpR + Z0JQanNPV2NTT2dxSThWOU9EUS90UlkKNpEald58B9SM98tqgyLV5Q/943nliZq2 + vYd3ULeY9gF8NA7BlmbZrWKRbd+/eIZnYKSAht1lWTwhktwHEVZV0A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-01-11T17:31:06Z" + mac: ENC[AES256_GCM,data:dGi6v1WdScNNMzaBlMQ3r+B6w4pKuVMo70x8J+d8suysW1Opsot3QehEkxPXQ8OmktuSJlSvPugKSX6CyM2N7pZtPL0ZeyVYQuHHHUmoIf0myc2tgIJ3OD3M+YYtnyEbZoRnDCE/geH/WfQ+ttNCDJbxtSYaQfhndJjouPQBRs4=,iv:zQXSbJLI4A85GcrU8VSOAaMWWprNTh/2PAVA47MALsk=,tag:MqBvBn9V5tXzZtUscuBpjA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2