diff --git a/lnf/configuration.nix b/lnf/configuration.nix index c36232f..6e822f5 100644 --- a/lnf/configuration.nix +++ b/lnf/configuration.nix @@ -1,6 +1,3 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running 'nixos-help'). { config, pkgs, ... }: { imports = [ @@ -10,32 +7,32 @@ boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/vda"; boot.loader.grub.useOSProber = true; - + services.xserver.videoDrivers = [ "modesetting" ]; hardware.graphics = { enable = true; extraPackages = with pkgs; [ # Required for modern Intel GPUs (Xe iGPU and ARC) - intel-media-driver # VA-API (iHD) userspace - vpl-gpu-rt # oneVPL (QSV) runtime + intel-media-driver # VA-API (iHD) userspace + vpl-gpu-rt # oneVPL (QSV) runtime # Optional (compute / tooling): - intel-compute-runtime # OpenCL (NEO) + Level Zero for Arc/Xe + intel-compute-runtime # OpenCL (NEO) + Level Zero for Arc/Xe # NOTE: 'intel-ocl' also exists as a legacy package; not recommended for Arc/Xe. # libvdpau-va-gl # Only if you must run VDPAU-only apps ]; }; - environment.sessionVariables = { - LIBVA_DRIVER_NAME = "iHD"; # Prefer the modern iHD backend - # VDPAU_DRIVER = "va_gl"; # Only if using libvdpau-va-gl - }; - - # May help if FFmpeg/VAAPI/QSV init fails (esp. on Arc with i915): hardware.enableRedistributableFirmware = true; boot.kernelParams = [ "i915.enable_guc=3" ]; + environment.sessionVariables = { + LIBVA_DRIVER_NAME = "iHD"; + QT_QPA_PLATFORM = "wayland"; + WLR_NO_HARDWARE_CURSORS = "1"; + }; + networking.hostName = "nixos-lnf"; networking.wireless.enable = true; networking.networkmanager.enable = true; @@ -65,7 +62,11 @@ users.users.user = { isNormalUser = true; description = "user"; - extraGroups = [ "networkmanager" "wheel" "video" ]; + extraGroups = [ + "networkmanager" + "wheel" + "video" + ]; packages = with pkgs; [ ]; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGHadFhDCUU/ta3p1FQgpm7NExHkyHNrJbNJP6np5w9 kempinger@ins.jku.at" @@ -79,6 +80,18 @@ ]; }; + security.sudo.extraRules = [ + { + users = [ "user" ]; + commands = [ + { + command = "/run/current-system/sw/bin/systemctl restart cage-tty1.service"; + options = [ "NOPASSWD" ]; + } + ]; + } + ]; + nixpkgs.config.allowUnfree = true; environment.systemPackages = with pkgs; [ @@ -89,154 +102,57 @@ kmsxx libinput vlc - jq - sway ffmpeg python3 - - (pkgs.writeScriptBin "run-on-output" '' - #!/usr/bin/env bash - # Usage: run-on-output - # Example: run-on-output 1 firefox --kiosk https://example.com - # run-on-output 2 vlc --fullscreen /path/to/video.mp4 - - set -euo pipefail - - if [[ $# -lt 2 ]]; then - echo "Usage: run-on-output " >&2 - exit 1 - fi - - IDX="$1" - shift - - MYUID=$(id -u) - SOCK=$(ls /run/user/"$MYUID"/sway-ipc.* 2>/dev/null | head -n1) - if [[ -z "$SOCK" ]]; then - echo "Error: no sway IPC socket found for uid $MYUID" >&2 - exit 1 - fi - export SWAYSOCK="$SOCK" - - # Inherit Wayland env from the running sway instance - export WAYLAND_DISPLAY=$(${pkgs.sway}/bin/swaymsg -t get_version -r \ - | ${pkgs.jq}/bin/jq -r '.loaded_config_file' 2>/dev/null \ - | xargs -I{} sh -c 'echo "wayland-1"' 2>/dev/null || echo "wayland-1") - export XDG_RUNTIME_DIR="/run/user/$MYUID" - - OUT=$(${pkgs.sway}/bin/swaymsg -t get_outputs -r \ - | ${pkgs.jq}/bin/jq -r ".[$((IDX-1))].name") - - if [[ "$OUT" == "null" || -z "$OUT" ]]; then - echo "Error: no output found at index $IDX" >&2 - ${pkgs.sway}/bin/swaymsg -t get_outputs -r \ - | ${pkgs.jq}/bin/jq -r '.[].name' | nl -v1 -ba >&2 - exit 1 - fi - - echo "Launching on output $IDX ($OUT): $*" - - # Workspace management only — no exec via swaymsg - ${pkgs.sway}/bin/swaymsg "[workspace=$IDX] kill" 2>/dev/null || true - sleep 0.3 - ${pkgs.sway}/bin/swaymsg "workspace $IDX; move workspace to output $OUT" - - # Launch directly — inherits full PATH and Wayland env from this shell - nohup "$@" >> /tmp/run-on-output-$IDX.log 2>&1 & - - echo "Launched PID $! on workspace $IDX ($OUT)" - '') + jq + bash + + (pkgs.writeScriptBin "kiosk-run" '' + #!/usr/bin/env bash + set -euo pipefail + + if [[ $# -lt 1 ]]; then + echo "Usage: kiosk-run " >&2 + exit 1 + fi + + echo "Setting command: $*" + echo "$*" > /etc/cage/current-cmd + + echo "Restarting cage..." + sudo systemctl kill cage-tty1.service + sudo systemctl start cage-tty1.service + + echo "Done." + '') ]; - + programs.firefox.enable = true; - # ── Sway: multi-monitor Wayland compositor ───────────────────────────────── - programs.sway = { - enable = true; - wrapperFeatures.gtk = true; + # writable by the kiosk user at runtime + environment.etc."cage/current-cmd" = { + mode = "0777"; + text = "ls -al"; }; - # Script that runs inside the sway session. - # It detects every active output, pins a numbered workspace to each, - # then launches one VLC per workspace (→ per monitor). - environment.etc."sway/kiosk-start.sh" = { - mode = "0755"; - text = '' - #!/usr/bin/env bash - exec >> /tmp/kiosk-start.log 2>&1 - echo "[$(date)] kiosk-start.sh running" - sleep 2 # give sway more time to settle - - readarray -t outputs < <( - ${pkgs.sway}/bin/swaymsg -t get_outputs \ - | ${pkgs.jq}/bin/jq -r '.[] | select(.active) | .name' - ) - - echo "[$(date)] Found outputs: ''${outputs[*]}" - - # for i in "''${!outputs[@]}"; do - # ws=$(( i + 1 )) - # output="''${outputs[$i]}" - # echo "[$(date)] Launching VLC on output $output (workspace $ws)" - - # ${pkgs.sway}/bin/swaymsg "workspace $ws output $output" - # ${pkgs.sway}/bin/swaymsg "workspace $ws" - # ${pkgs.sway}/bin/swaymsg "exec ${pkgs.firefox}/bin/firefox" - # sleep 0.5 - # done - - echo "[$(date)] Done" - - ''; - }; - - # # Minimal sway config for the kiosk session - # environment.etc."sway/kiosk.conf".text = '' - # output * bg #000000 solid_color - # default_border none - # hide_edge_borders both - - # input * { - # xkb_layout de - # } - - # for_window [app_id="vlc"] fullscreen enable, inhibit_idle open - # for_window [class="vlc"] fullscreen enable, inhibit_idle open - # for_window [title="VLC.*"] fullscreen enable, inhibit_idle open - - # exec /etc/sway/kiosk-start.sh - # ''; - - # Minimal sway config for the kiosk session - environment.etc."sway/kiosk.conf".text = '' - output * bg #000000 solid_color - default_border none - hide_edge_borders both - - input * { - xkb_layout de - } - - exec /etc/sway/kiosk-start.sh - ''; - - environment.sessionVariables = { - QT_QPA_PLATFORM = "wayland"; - WLR_NO_HARDWARE_CURSORS = "1"; - }; - - # ── greetd: replaces cage, autologins user and starts sway ───────────────── - services.greetd = { - enable = true; - settings = { - default_session = { - command = "${pkgs.sway}/bin/sway --config /etc/sway/kiosk.conf"; - user = "user"; - }; + systemd.services.cage-tty1 = { + serviceConfig = { + Restart = "always"; + RestartSec = "1s"; + TimeoutStopSec = "1"; + TimeoutAbortSec = "5"; + KillSignal = "SIGKILL"; }; }; - # ── SSH ───────────────────────────────────────────────────────────────────── + services.cage = { + enable = true; + user = "user"; + program = "/etc/cage/current-cmd"; + }; + + services.getty.loginProgram = "${pkgs.coreutils}/bin/true"; + services.openssh = { enable = true; settings = { @@ -246,7 +162,9 @@ }; }; - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; system.stateVersion = "25.11"; -} \ No newline at end of file +}