genebean/dots
1
0
Fork 0
mirror of https://github.com/genebean/dots.git synced 2026-03-27 09:27:44 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Working Pi with Cage

Browse source
This commit is contained in:
Gene Liverman 2025-01-10 21:11:43 -05:00
parent 1c2414c595
commit 4727b78cd6
6 changed files with 156 additions and 56 deletions
Download patch file Download diff file Expand all files Collapse all files

67
modules/hosts/nixos/kiosk-gene-desk/default.nix
View file

@ -1,4 +1,4 @@
{ inputs, lib, pkgs, username, ... }: {
{ inputs, config, lib, pkgs, username, ... }: {
imports = [
# SD card image
"${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
@ -14,19 +14,25 @@
environment.systemPackages = with pkgs; [
libraspberrypi
raspberrypi-eeprom
raspberrypifw
ubootRaspberryPi4_64bit
wlr-randr
];
hardware.enableRedistributableFirmware = true;
hardware.graphics.enable = true;
hardware.raspberry-pi."4".fkms-3d.enable = true;
networking.wireless = {
enable = true;
networks = {
# Home
"Diagon Alley".pskRaw = "ext:psk_diagon_alley";
# Public networks
"Gallery Row-GuestWiFi" = {};
"LocalTies Guest" = {
psk = "DrinkLocal!";
};
"LocalTies Guest".pskRaw = "ext:psk_local_ties";
};
secretsFile = "${config.sops.secrets.wifi_creds.path}";
};
nixpkgs.overlays = [
@ -36,14 +42,55 @@
})
];
sdImage.compressImage = false;
services = {
cage = {
cage = let
kioskProgram = pkgs.writeShellScript "kiosk.sh" ''
WAYLAND_DISPLAY=wayland-0 wlr-randr --output HDMI-A-1 --transform 90
/etc/profiles/per-user/gene/bin/chromium-browser
'';
in {
enable = true;
program = "${pkgs.chromium}/bin/chromium-browser";
program = kioskProgram;
user = "gene";
environment = {
WLR_LIBINPUT_NO_DEVICES = "1"; # boot up even if no mouse/keyboard connected
};
};
prometheus.exporters.node = {
enable = true;
enabledCollectors = [
"logind"
"systemd"
"network_route"
];
disabledCollectors = [
"textfile"
];
};
};
sdImage.compressImage = false;
sops = {
age.keyFile = "${config.users.users.${username}.home}/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
secrets = {
local_git_config = {
owner = "${username}";
path = "${config.users.users.${username}.home}/.gitconfig-local";
};
local_private_env = {
owner = "${username}";
path = "${config.users.users.${username}.home}/.private-env";
};
wifi_creds = {
sopsFile = ../../common/secrets.yaml;
restartUnits = [
"wpa_supplicant.service"
];
};
};
};
users.users.${username} = {
isNormalUser = true;
@ -55,5 +102,11 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIp42X5DZ713+bgbOO+GXROufUFdxWo7NjJbGQ285x3N gene.liverman@ltnglobal.com"
];
};
zramSwap = {
enable = true;
algorithm = "zstd";
memoryPercent = 90;
};
}

5
modules/hosts/nixos/kiosk-gene-desk/home-gene.nix
View file

@ -5,7 +5,8 @@
chromium = {
enable = true;
commandLineArgs = [
"http://192.168.22.22:8123/kiosk-gene-desk"
#"http://192.168.22.22:8123/kiosk-gene-desk/0?kiosk"
"--app=http://192.168.20.190:3001/?album=e2281831-ae1b-45a5-8fe1-0a267ba5e1a9&transtion=cross-fade"
"--kiosk"
"--noerrdialogs"
"--disable-infobars"
@ -13,6 +14,8 @@
"--ozone-platform=wayland"
"--enable-features=OverlayScrollbar"
"--start-maximized"
"--force-dark-mode"
"--hide-crash-restore-bubble"
];
};
};

22
modules/hosts/nixos/kiosk-gene-desk/secrets.yaml Normal file
View file

@ -0,0 +1,22 @@
local_git_config: ENC[AES256_GCM,data:gMuCCJzRdZcDGZvdDCv3h5EZmAkK+bBewn2m6x4VT+23K5gCdajeV94=,iv:1pRM6QWSIw6xfTgcjpGkfHR8iHY/+xuWgeFQ+1pWSTM=,tag:lodSBhqgN8Yaagm6gK4xTQ==,type:str]
local_private_env: ENC[AES256_GCM,data:i+uyo+/StMDUfIp6g1Pl8pOyqD+0f2X5AsFzOo+3VOd/n7CCOy7j/1F42QMpjgejvIYmQwLYSR2jEXyxig==,iv:QTUeDe/LnkKCEFB5g3y7pbySUwdWW7D8rVjVv4+ib9g=,tag:6hBzyfQus60i5c2EktD0Eg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1an6t5f0rr6h55rzsv5ejycxju72rp46jka840fwvupwfk65jegrq7hmkl9
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmY2Q1NkR3ZnBOWmJVakxh
SGgweVp1N2FROXAyVk5hM24ybXBTVEJQNnpZCmRJSldCM1NRbEUrekFNU2NjaWZR
RXhxQU5ZYVpiaWJ1V0FzOGxHRHc5N28KLS0tIGtCRTcva1hyOXFGbzlKUXl6REpR
Z0JQanNPV2NTT2dxSThWOU9EUS90UlkKNpEald58B9SM98tqgyLV5Q/943nliZq2
vYd3ULeY9gF8NA7BlmbZrWKRbd+/eIZnYKSAht1lWTwhktwHEVZV0A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-11T17:31:06Z"
mac: ENC[AES256_GCM,data:dGi6v1WdScNNMzaBlMQ3r+B6w4pKuVMo70x8J+d8suysW1Opsot3QehEkxPXQ8OmktuSJlSvPugKSX6CyM2N7pZtPL0ZeyVYQuHHHUmoIf0myc2tgIJ3OD3M+YYtnyEbZoRnDCE/geH/WfQ+ttNCDJbxtSYaQfhndJjouPQBRs4=,iv:zQXSbJLI4A85GcrU8VSOAaMWWprNTh/2PAVA47MALsk=,tag:MqBvBn9V5tXzZtUscuBpjA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2