From 40e4b0e594f6d8918e02d17b96c7197c353e41d1 Mon Sep 17 00:00:00 2001 From: Stefan Kempinger Date: Thu, 26 Mar 2026 21:19:48 +0100 Subject: [PATCH] add somewhat working lnf config --- flake.nix | 9 +- lnf/configuration.nix | 223 ++++++++++++++++++++++++++---------------- 2 files changed, 145 insertions(+), 87 deletions(-) diff --git a/flake.nix b/flake.nix index 708378b..1b91866 100644 --- a/flake.nix +++ b/flake.nix @@ -68,8 +68,13 @@ lnf = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ - ./lnf/configuration.nix - ]; + ({ pkgs, modulesPath, ... }: { + imports = [ (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix") ]; + + }) + + ./lnf/configuration.nix + ]; }; }; }; diff --git a/lnf/configuration.nix b/lnf/configuration.nix index c27a92e..788b196 100644 --- a/lnf/configuration.nix +++ b/lnf/configuration.nix @@ -1,32 +1,24 @@ # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - +# and in the NixOS manual (accessible by running 'nixos-help'). { config, pkgs, ... }: - { imports = [ - # Include the results of the hardware scan. ./hardware-configuration.nix ]; - # Bootloader. boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/vda"; boot.loader.grub.useOSProber = true; - networking.hostName = "nixos-lnf"; # Define your hostname. - networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - # Enable networking + networking.hostName = "nixos-lnf"; + networking.wireless.enable = true; networking.networkmanager.enable = true; + networking.firewall.enable = false; - # Set your time zone. time.timeZone = "Europe/Vienna"; - # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; - i18n.extraLocaleSettings = { LC_ADDRESS = "de_AT.UTF-8"; LC_IDENTIFICATION = "de_AT.UTF-8"; @@ -39,44 +31,30 @@ LC_TIME = "de_AT.UTF-8"; }; - # Configure keymap in X11 services.xserver.xkb = { layout = "de"; variant = ""; }; - - # Configure console keymap console.keyMap = "de"; - # Define a user account. Don't forget to set a password with ‘passwd’. users.users.kemp = { isNormalUser = true; description = "user"; - extraGroups = [ - "networkmanager" - "wheel" - ]; + extraGroups = [ "networkmanager" "wheel" "video" ]; packages = with pkgs; [ ]; - openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGHadFhDCUU/ta3p1FQgpm7NExHkyHNrJbNJP6np5w9 kempinger@ins.jku.at" ]; }; - users.users.root = { openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGHadFhDCUU/ta3p1FQgpm7NExHkyHNrJbNJP6np5w9 kempinger@ins.jku.at" ]; }; - # Allow unfree packages nixpkgs.config.allowUnfree = true; - # List packages installed in system profile. To search, run: - # $ nix search wget environment.systemPackages = with pkgs; [ - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - # wget git nil nixd @@ -84,76 +62,151 @@ kmsxx libinput vlc + jq + sway + ffmpeg + python3 + + (pkgs.writeScriptBin "run-on-output" '' + #!/usr/bin/env bash + # Usage: run-on-output + # Example: run-on-output 1 firefox --kiosk https://example.com + # run-on-output 2 vlc --fullscreen /path/to/video.mp4 + + set -euo pipefail + + if [[ $# -lt 2 ]]; then + echo "Usage: run-on-output " >&2 + exit 1 + fi + + IDX="$1" + shift + + MYUID=$(id -u) + SOCK=$(ls /run/user/"$MYUID"/sway-ipc.* 2>/dev/null | head -n1) + if [[ -z "$SOCK" ]]; then + echo "Error: no sway IPC socket found for uid $MYUID" >&2 + exit 1 + fi + export SWAYSOCK="$SOCK" + + # Inherit Wayland env from the running sway instance + export WAYLAND_DISPLAY=$(${pkgs.sway}/bin/swaymsg -t get_version -r \ + | ${pkgs.jq}/bin/jq -r '.loaded_config_file' 2>/dev/null \ + | xargs -I{} sh -c 'echo "wayland-1"' 2>/dev/null || echo "wayland-1") + export XDG_RUNTIME_DIR="/run/user/$MYUID" + + OUT=$(${pkgs.sway}/bin/swaymsg -t get_outputs -r \ + | ${pkgs.jq}/bin/jq -r ".[$((IDX-1))].name") + + if [[ "$OUT" == "null" || -z "$OUT" ]]; then + echo "Error: no output found at index $IDX" >&2 + ${pkgs.sway}/bin/swaymsg -t get_outputs -r \ + | ${pkgs.jq}/bin/jq -r '.[].name' | nl -v1 -ba >&2 + exit 1 + fi + + echo "Launching on output $IDX ($OUT): $*" + + # Workspace management only — no exec via swaymsg + ${pkgs.sway}/bin/swaymsg "[workspace=$IDX] kill" 2>/dev/null || true + sleep 0.3 + ${pkgs.sway}/bin/swaymsg "workspace $IDX; move workspace to output $OUT" + + # Launch directly — inherits full PATH and Wayland env from this shell + nohup "$@" >> /tmp/run-on-output-$IDX.log 2>&1 & + + echo "Launched PID $! on workspace $IDX ($OUT)" + '') ]; - programs.firefox = { + + programs.firefox.enable = true; + + # ── Sway: multi-monitor Wayland compositor ───────────────────────────────── + programs.sway = { enable = true; + wrapperFeatures.gtk = true; }; - systemd.services.cage-tty1 = { - after = [ - "network-online.target" - #"systemd-resolved.service" - ]; - serviceConfig = { - Restart = "always"; - RestartSec = "1s"; - }; - environment.XKB_DEFAULT_LAYOUT = "de"; - }; - - services.cage = { - enable = true; - user = "kemp"; - program = "${pkgs.writeScriptBin "start-multi-cage" '' + # Script that runs inside the sway session. + # It detects every active output, pins a numbered workspace to each, + # then launches one VLC per workspace (→ per monitor). + environment.etc."sway/kiosk-start.sh" = { + mode = "0755"; + text = '' #!/usr/bin/env bash - - # Get a list of all connected outputs - # Example output: HDMI-A-1, eDP-1 - outputs=($( ${pkgs.wlr-randr}/bin/wlr-randr | grep -E "^[^ ]+" | awk '{print $1}' )) - - # Launch VLC on the first monitor - # We use a subshell or background process so they run simultaneously - if [[ -n "''${outputs[0]}" ]]; then - # Note: To truly isolate them, some users use 'cage -d' if supported - # or separate Wayland sockets (WAYLAND_DISPLAY) - WAYLAND_DISPLAY=wayland-0 cage -m last -- ${pkgs.vlc}/bin/vlc & - fi - - # Launch a different app (e.g., Firefox) on the second monitor - if [[ -n "''${outputs[1]}" ]]; then - WAYLAND_DISPLAY=wayland-1 cage -m last -- ${pkgs.firefox}/bin/firefox & - fi - - wait - ''}/bin/start-multi-cage"; + exec >> /tmp/kiosk-start.log 2>&1 + echo "[$(date)] kiosk-start.sh running" + sleep 2 # give sway more time to settle + + readarray -t outputs < <( + ${pkgs.sway}/bin/swaymsg -t get_outputs \ + | ${pkgs.jq}/bin/jq -r '.[] | select(.active) | .name' + ) + + echo "[$(date)] Found outputs: ''${outputs[*]}" + + # for i in "''${!outputs[@]}"; do + # ws=$(( i + 1 )) + # output="''${outputs[$i]}" + # echo "[$(date)] Launching VLC on output $output (workspace $ws)" + + # ${pkgs.sway}/bin/swaymsg "workspace $ws output $output" + # ${pkgs.sway}/bin/swaymsg "workspace $ws" + # ${pkgs.sway}/bin/swaymsg "exec ${pkgs.firefox}/bin/firefox" + # sleep 0.5 + # done + + echo "[$(date)] Done" + + ''; }; - services.getty.loginProgram = "${pkgs.coreutils}/bin/true"; - # services.udev.extraRules = '' - # ENV{LIBINPUT_CALIBRATION_MATRIX}="-1 0 1 0 -1 1" - # ''; - + + # Minimal sway config for the kiosk session + environment.etc."sway/kiosk.conf".text = '' + output * bg #000000 solid_color + default_border none + hide_edge_borders both + + input * { + xkb_layout de + } + + for_window [app_id="vlc"] fullscreen enable, inhibit_idle open + for_window [class="vlc"] fullscreen enable, inhibit_idle open + for_window [title="VLC.*"] fullscreen enable, inhibit_idle open + + exec /etc/sway/kiosk-start.sh + ''; + + environment.sessionVariables = { + QT_QPA_PLATFORM = "wayland"; + WLR_NO_HARDWARE_CURSORS = "1"; + }; + + # ── greetd: replaces cage, autologins kemp and starts sway ───────────────── + services.greetd = { + enable = true; + settings = { + default_session = { + command = "${pkgs.sway}/bin/sway --config /etc/sway/kiosk.conf"; + user = "kemp"; + }; + }; + }; + + # ── SSH ───────────────────────────────────────────────────────────────────── services.openssh = { enable = true; settings = { PasswordAuthentication = false; KbdInteractiveAuthentication = false; - PermitRootLogin = "prohibit-password"; # Allow root with SSH keys only + PermitRootLogin = "prohibit-password"; }; }; - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; - - networking.firewall.enable = false; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "25.11"; # Did you read the comment? - -} + system.stateVersion = "25.11"; +} \ No newline at end of file