diff --git a/.github/workflows/kiosk-iso.yml b/.github/workflows/kiosk-iso.yml deleted file mode 100644 index 3171b4d..0000000 --- a/.github/workflows/kiosk-iso.yml +++ /dev/null @@ -1,43 +0,0 @@ -name: Build NixOS Kiosk ISO - -on: - push: - branches: [ main, profile-install ] - workflow_dispatch: - -jobs: - flake-check: - runs-on: ubuntu-latest - container: - image: nixos/nix:2.33.0 - env: - NIX_CONFIG: extra-experimental-features = nix-command flakes - steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Flake check - run: nix flake check -L - - build-iso: - runs-on: ubuntu-latest - needs: [ flake-check ] - container: - image: nixos/nix:2.33.0 - env: - NIX_CONFIG: extra-experimental-features = nix-command flakes - steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Build ISO - run: | - nix --version - nix build .#iso -L --system x86_64-linux - ls -la result - mkdir -p artifacts - cp -v result/iso/*.iso artifacts/ - - name: Upload ISO artifact - uses: actions/upload-artifact@v4 - with: - name: kiosk-iso - path: artifacts/*.iso - if-no-files-found: error diff --git a/flake.lock b/flake.lock deleted file mode 100644 index 032fb8b..0000000 --- a/flake.lock +++ /dev/null @@ -1,61 +0,0 @@ -{ - "nodes": { - "flake-utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "nixpkgs": { - "locked": { - "lastModified": 1751274312, - "narHash": "sha256-/bVBlRpECLVzjV19t5KMdMFWSwKLtb5RyXdjz3LJT+g=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "50ab793786d9de88ee30ec4e4c24fb4236fc2674", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "root": { - "inputs": { - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs" - } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - } - }, - "root": "root", - "version": 7 -} diff --git a/flake.nix b/flake.nix deleted file mode 100644 index b991131..0000000 --- a/flake.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - description = "Kiosk NixOS ISO with Firefox in kiosk mode"; - - inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; - flake-utils.url = "github:numtide/flake-utils"; - }; - - outputs = { self, nixpkgs, flake-utils }: - flake-utils.lib.eachDefaultSystem (system: { - # Build a bootable ISO image using the built-in NixOS iso module - packages.iso = ( - (nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - ./nixos/kiosk.nix - (import "${nixpkgs}/nixos/modules/installer/cd-dvd/iso-image.nix") - ]; - }).config.system.build.isoImage - ); - - # Expose the NixOS configuration for direct use if desired - nixosConfigurations.kiosk = (nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ ./nixos/kiosk.nix ]; - }); - }); -} diff --git a/nixos/kiosk.nix b/nixos/kiosk.nix deleted file mode 100644 index e2688f7..0000000 --- a/nixos/kiosk.nix +++ /dev/null @@ -1,151 +0,0 @@ -{ config, pkgs, lib, ... }: - -{ - ############################################ - # Base system - ############################################ - nixpkgs.hostPlatform = "x86_64-linux"; - system.stateVersion = "24.11"; - - # Simple console-based kiosk using cage (Wayland single-app compositor) - services.xserver.enable = false; # Not using an X11 display manager - - # Autologin to TTY1 as kiosk user - services.getty.autologinUser = "kiosk"; - - # Kiosk user - users.users.kiosk = { - isNormalUser = true; - description = "Kiosk User"; - home = "/home/kiosk"; - extraGroups = [ "wheel" ]; - initialPassword = "kiosk"; - }; - - # Packages required (aligning with the Debian preseed intent) - environment.systemPackages = with pkgs; [ - firefox - cage - curl - unzip - # chromium # available if you want it in addition to Firefox - ]; - - ############################################ - # Firefox policies (preconfigured profile settings) - ############################################ - programs.firefox = { - enable = true; - policies = { - DisableDeveloperTools = true; - BlockAboutAddons = true; - BlockAboutConfig = true; - BlockAboutProfiles = true; - BlockAboutSupport = true; - DisableFirefoxAccounts = true; - DisablePrivateBrowsing = true; - DisableProfileImport = true; - DisableProfileRefresh = true; - DisableSafeMode = true; - DisablePocket = true; - DisableFirefoxScreenshots = true; - DisableSetDesktopBackground = true; - - Homepage = { - URL = "https://mahn.ke"; - Locked = true; - }; - - NewTabPage = { Enabled = false; }; - - # Use a Linux path for downloads in kiosk - DownloadDirectory = { - Path = "/home/kiosk/Downloads"; - Locked = true; - }; - - PromptForDownloadLocation = false; - StartDownloadsInTempDirectory = false; - DisableAppUpdate = true; - - Permissions = { - Camera = "deny"; - Microphone = "deny"; - Location = "deny"; - Notifications = "deny"; - }; - - ShowHomeButton = false; - DisplayMenuBar = false; - DisplayBookmarksToolbar = false; - - # Extension & user messaging controls (per your Debian policy JSON) - UserMessaging = { - ExtensionRecommendations = false; - FeatureRecommendations = false; - UrlbarInterventions = false; - SkipOnboarding = false; - MoreFromMozilla = false; - FirefoxLabs = false; - Locked = false; - }; - - # Install Tampermonkey automatically (Firefox will fetch at runtime). - # Note: AMO URL may change; this is the typical latest channel. - Extensions = { - Install = [ - "https://addons.mozilla.org/firefox/downloads/latest/tampermonkey/latest.xpi" - ]; - }; - }; - - # Helpful preferences to keep Firefox minimal - preferences = { - "browser.fullscreen.autohide" = true; - "browser.shell.checkDefaultBrowser" = false; - "browser.startup.page" = 1; # Start with homepage - }; - }; - - ############################################ - # Kiosk launch behavior (replicates your bash_profile approach) - ############################################ - # Create a bash_profile for the kiosk user that launches cage + firefox - system.activationScripts.kioskBashProfile = lib.stringAfter ["users"] '' - mkdir -p /home/kiosk - chown kiosk:kiosk /home/kiosk - sudo -u kiosk mkdir -p /home/kiosk/.config - cat > /home/kiosk/.bash_profile <<'EOF' -if [ -z "$WAYLAND_DISPLAY" ] && [ "$(tty)" = "/dev/tty1" ]; then - exec ${pkgs.cage}/bin/cage ${pkgs.firefox}/bin/firefox --kiosk https://c3nav.de -fi -EOF - chown kiosk:kiosk /home/kiosk/.bash_profile - ''; - - # Unpack preconfigured Firefox profile from the repository into kiosk's home - system.activationScripts.kioskFirefoxProfile = lib.stringAfter ["users"] '' - mkdir -p /home/kiosk/.mozilla/firefox - # Only unzip if directory is empty (first activation) - if [ -z "$(ls -A /home/kiosk/.mozilla/firefox 2>/dev/null)" ]; then - ${pkgs.unzip}/bin/unzip -o ${../Firefox.zip} -d /home/kiosk/.mozilla/firefox - chown -R kiosk:kiosk /home/kiosk/.mozilla/firefox - fi - ''; - - ############################################ - # Include your userscripts in the image for easy import - ############################################ - environment.etc."kiosk/tampermonkey".source = ./../tampermonkey; - - ############################################ - # Networking & basic services - ############################################ - networking.hostName = "kiosk"; - time.timeZone = "UTC"; - services.openssh.enable = true; # optional, mirrors preseed tasksel ssh-server - - - # Keep system simple, disable unneeded DM - services.displayManager.enable = false; -}