From 08445f64317aafc56c293b405506ad3eb3309bba Mon Sep 17 00:00:00 2001 From: Stefan Kempinger Date: Thu, 26 Mar 2026 16:30:40 +0100 Subject: [PATCH 1/2] add preliminary lnf config --- flake.nix | 6 ++ lnf/configuration.nix | 159 +++++++++++++++++++++++++++++++++ lnf/hardware-configuration.nix | 24 +++++ 3 files changed, 189 insertions(+) create mode 100644 lnf/configuration.nix create mode 100644 lnf/hardware-configuration.nix diff --git a/flake.nix b/flake.nix index d007398..708378b 100644 --- a/flake.nix +++ b/flake.nix @@ -64,6 +64,12 @@ modules = [ ./dad/configuration.nix ]; + }; + lnf = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./lnf/configuration.nix + ]; }; }; }; diff --git a/lnf/configuration.nix b/lnf/configuration.nix new file mode 100644 index 0000000..c27a92e --- /dev/null +++ b/lnf/configuration.nix @@ -0,0 +1,159 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + # Bootloader. + boot.loader.grub.enable = true; + boot.loader.grub.device = "/dev/vda"; + boot.loader.grub.useOSProber = true; + + networking.hostName = "nixos-lnf"; # Define your hostname. + networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + + # Enable networking + networking.networkmanager.enable = true; + + # Set your time zone. + time.timeZone = "Europe/Vienna"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "de_AT.UTF-8"; + LC_IDENTIFICATION = "de_AT.UTF-8"; + LC_MEASUREMENT = "de_AT.UTF-8"; + LC_MONETARY = "de_AT.UTF-8"; + LC_NAME = "de_AT.UTF-8"; + LC_NUMERIC = "de_AT.UTF-8"; + LC_PAPER = "de_AT.UTF-8"; + LC_TELEPHONE = "de_AT.UTF-8"; + LC_TIME = "de_AT.UTF-8"; + }; + + # Configure keymap in X11 + services.xserver.xkb = { + layout = "de"; + variant = ""; + }; + + # Configure console keymap + console.keyMap = "de"; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.kemp = { + isNormalUser = true; + description = "user"; + extraGroups = [ + "networkmanager" + "wheel" + ]; + packages = with pkgs; [ ]; + + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGHadFhDCUU/ta3p1FQgpm7NExHkyHNrJbNJP6np5w9 kempinger@ins.jku.at" + ]; + }; + + users.users.root = { + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGHadFhDCUU/ta3p1FQgpm7NExHkyHNrJbNJP6np5w9 kempinger@ins.jku.at" + ]; + }; + + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget + git + nil + nixd + wlr-randr + kmsxx + libinput + vlc + ]; + programs.firefox = { + enable = true; + }; + + systemd.services.cage-tty1 = { + after = [ + "network-online.target" + #"systemd-resolved.service" + ]; + serviceConfig = { + Restart = "always"; + RestartSec = "1s"; + }; + environment.XKB_DEFAULT_LAYOUT = "de"; + }; + + services.cage = { + enable = true; + user = "kemp"; + program = "${pkgs.writeScriptBin "start-multi-cage" '' + #!/usr/bin/env bash + + # Get a list of all connected outputs + # Example output: HDMI-A-1, eDP-1 + outputs=($( ${pkgs.wlr-randr}/bin/wlr-randr | grep -E "^[^ ]+" | awk '{print $1}' )) + + # Launch VLC on the first monitor + # We use a subshell or background process so they run simultaneously + if [[ -n "''${outputs[0]}" ]]; then + # Note: To truly isolate them, some users use 'cage -d' if supported + # or separate Wayland sockets (WAYLAND_DISPLAY) + WAYLAND_DISPLAY=wayland-0 cage -m last -- ${pkgs.vlc}/bin/vlc & + fi + + # Launch a different app (e.g., Firefox) on the second monitor + if [[ -n "''${outputs[1]}" ]]; then + WAYLAND_DISPLAY=wayland-1 cage -m last -- ${pkgs.firefox}/bin/firefox & + fi + + wait + ''}/bin/start-multi-cage"; + }; + services.getty.loginProgram = "${pkgs.coreutils}/bin/true"; + # services.udev.extraRules = '' + # ENV{LIBINPUT_CALIBRATION_MATRIX}="-1 0 1 0 -1 1" + # ''; + + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + PermitRootLogin = "prohibit-password"; # Allow root with SSH keys only + }; + }; + + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + + networking.firewall.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "25.11"; # Did you read the comment? + +} diff --git a/lnf/hardware-configuration.nix b/lnf/hardware-configuration.nix new file mode 100644 index 0000000..3578db9 --- /dev/null +++ b/lnf/hardware-configuration.nix @@ -0,0 +1,24 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/88cc8a52-5a15-4782-a322-fe280fa0f7b8"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} From 40e4b0e594f6d8918e02d17b96c7197c353e41d1 Mon Sep 17 00:00:00 2001 From: Stefan Kempinger Date: Thu, 26 Mar 2026 21:19:48 +0100 Subject: [PATCH 2/2] add somewhat working lnf config --- flake.nix | 9 +- lnf/configuration.nix | 223 ++++++++++++++++++++++++++---------------- 2 files changed, 145 insertions(+), 87 deletions(-) diff --git a/flake.nix b/flake.nix index 708378b..1b91866 100644 --- a/flake.nix +++ b/flake.nix @@ -68,8 +68,13 @@ lnf = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ - ./lnf/configuration.nix - ]; + ({ pkgs, modulesPath, ... }: { + imports = [ (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix") ]; + + }) + + ./lnf/configuration.nix + ]; }; }; }; diff --git a/lnf/configuration.nix b/lnf/configuration.nix index c27a92e..788b196 100644 --- a/lnf/configuration.nix +++ b/lnf/configuration.nix @@ -1,32 +1,24 @@ # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - +# and in the NixOS manual (accessible by running 'nixos-help'). { config, pkgs, ... }: - { imports = [ - # Include the results of the hardware scan. ./hardware-configuration.nix ]; - # Bootloader. boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/vda"; boot.loader.grub.useOSProber = true; - networking.hostName = "nixos-lnf"; # Define your hostname. - networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - # Enable networking + networking.hostName = "nixos-lnf"; + networking.wireless.enable = true; networking.networkmanager.enable = true; + networking.firewall.enable = false; - # Set your time zone. time.timeZone = "Europe/Vienna"; - # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; - i18n.extraLocaleSettings = { LC_ADDRESS = "de_AT.UTF-8"; LC_IDENTIFICATION = "de_AT.UTF-8"; @@ -39,44 +31,30 @@ LC_TIME = "de_AT.UTF-8"; }; - # Configure keymap in X11 services.xserver.xkb = { layout = "de"; variant = ""; }; - - # Configure console keymap console.keyMap = "de"; - # Define a user account. Don't forget to set a password with ‘passwd’. users.users.kemp = { isNormalUser = true; description = "user"; - extraGroups = [ - "networkmanager" - "wheel" - ]; + extraGroups = [ "networkmanager" "wheel" "video" ]; packages = with pkgs; [ ]; - openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGHadFhDCUU/ta3p1FQgpm7NExHkyHNrJbNJP6np5w9 kempinger@ins.jku.at" ]; }; - users.users.root = { openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGHadFhDCUU/ta3p1FQgpm7NExHkyHNrJbNJP6np5w9 kempinger@ins.jku.at" ]; }; - # Allow unfree packages nixpkgs.config.allowUnfree = true; - # List packages installed in system profile. To search, run: - # $ nix search wget environment.systemPackages = with pkgs; [ - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - # wget git nil nixd @@ -84,76 +62,151 @@ kmsxx libinput vlc + jq + sway + ffmpeg + python3 + + (pkgs.writeScriptBin "run-on-output" '' + #!/usr/bin/env bash + # Usage: run-on-output + # Example: run-on-output 1 firefox --kiosk https://example.com + # run-on-output 2 vlc --fullscreen /path/to/video.mp4 + + set -euo pipefail + + if [[ $# -lt 2 ]]; then + echo "Usage: run-on-output " >&2 + exit 1 + fi + + IDX="$1" + shift + + MYUID=$(id -u) + SOCK=$(ls /run/user/"$MYUID"/sway-ipc.* 2>/dev/null | head -n1) + if [[ -z "$SOCK" ]]; then + echo "Error: no sway IPC socket found for uid $MYUID" >&2 + exit 1 + fi + export SWAYSOCK="$SOCK" + + # Inherit Wayland env from the running sway instance + export WAYLAND_DISPLAY=$(${pkgs.sway}/bin/swaymsg -t get_version -r \ + | ${pkgs.jq}/bin/jq -r '.loaded_config_file' 2>/dev/null \ + | xargs -I{} sh -c 'echo "wayland-1"' 2>/dev/null || echo "wayland-1") + export XDG_RUNTIME_DIR="/run/user/$MYUID" + + OUT=$(${pkgs.sway}/bin/swaymsg -t get_outputs -r \ + | ${pkgs.jq}/bin/jq -r ".[$((IDX-1))].name") + + if [[ "$OUT" == "null" || -z "$OUT" ]]; then + echo "Error: no output found at index $IDX" >&2 + ${pkgs.sway}/bin/swaymsg -t get_outputs -r \ + | ${pkgs.jq}/bin/jq -r '.[].name' | nl -v1 -ba >&2 + exit 1 + fi + + echo "Launching on output $IDX ($OUT): $*" + + # Workspace management only — no exec via swaymsg + ${pkgs.sway}/bin/swaymsg "[workspace=$IDX] kill" 2>/dev/null || true + sleep 0.3 + ${pkgs.sway}/bin/swaymsg "workspace $IDX; move workspace to output $OUT" + + # Launch directly — inherits full PATH and Wayland env from this shell + nohup "$@" >> /tmp/run-on-output-$IDX.log 2>&1 & + + echo "Launched PID $! on workspace $IDX ($OUT)" + '') ]; - programs.firefox = { + + programs.firefox.enable = true; + + # ── Sway: multi-monitor Wayland compositor ───────────────────────────────── + programs.sway = { enable = true; + wrapperFeatures.gtk = true; }; - systemd.services.cage-tty1 = { - after = [ - "network-online.target" - #"systemd-resolved.service" - ]; - serviceConfig = { - Restart = "always"; - RestartSec = "1s"; - }; - environment.XKB_DEFAULT_LAYOUT = "de"; - }; - - services.cage = { - enable = true; - user = "kemp"; - program = "${pkgs.writeScriptBin "start-multi-cage" '' + # Script that runs inside the sway session. + # It detects every active output, pins a numbered workspace to each, + # then launches one VLC per workspace (→ per monitor). + environment.etc."sway/kiosk-start.sh" = { + mode = "0755"; + text = '' #!/usr/bin/env bash - - # Get a list of all connected outputs - # Example output: HDMI-A-1, eDP-1 - outputs=($( ${pkgs.wlr-randr}/bin/wlr-randr | grep -E "^[^ ]+" | awk '{print $1}' )) - - # Launch VLC on the first monitor - # We use a subshell or background process so they run simultaneously - if [[ -n "''${outputs[0]}" ]]; then - # Note: To truly isolate them, some users use 'cage -d' if supported - # or separate Wayland sockets (WAYLAND_DISPLAY) - WAYLAND_DISPLAY=wayland-0 cage -m last -- ${pkgs.vlc}/bin/vlc & - fi - - # Launch a different app (e.g., Firefox) on the second monitor - if [[ -n "''${outputs[1]}" ]]; then - WAYLAND_DISPLAY=wayland-1 cage -m last -- ${pkgs.firefox}/bin/firefox & - fi - - wait - ''}/bin/start-multi-cage"; + exec >> /tmp/kiosk-start.log 2>&1 + echo "[$(date)] kiosk-start.sh running" + sleep 2 # give sway more time to settle + + readarray -t outputs < <( + ${pkgs.sway}/bin/swaymsg -t get_outputs \ + | ${pkgs.jq}/bin/jq -r '.[] | select(.active) | .name' + ) + + echo "[$(date)] Found outputs: ''${outputs[*]}" + + # for i in "''${!outputs[@]}"; do + # ws=$(( i + 1 )) + # output="''${outputs[$i]}" + # echo "[$(date)] Launching VLC on output $output (workspace $ws)" + + # ${pkgs.sway}/bin/swaymsg "workspace $ws output $output" + # ${pkgs.sway}/bin/swaymsg "workspace $ws" + # ${pkgs.sway}/bin/swaymsg "exec ${pkgs.firefox}/bin/firefox" + # sleep 0.5 + # done + + echo "[$(date)] Done" + + ''; }; - services.getty.loginProgram = "${pkgs.coreutils}/bin/true"; - # services.udev.extraRules = '' - # ENV{LIBINPUT_CALIBRATION_MATRIX}="-1 0 1 0 -1 1" - # ''; - + + # Minimal sway config for the kiosk session + environment.etc."sway/kiosk.conf".text = '' + output * bg #000000 solid_color + default_border none + hide_edge_borders both + + input * { + xkb_layout de + } + + for_window [app_id="vlc"] fullscreen enable, inhibit_idle open + for_window [class="vlc"] fullscreen enable, inhibit_idle open + for_window [title="VLC.*"] fullscreen enable, inhibit_idle open + + exec /etc/sway/kiosk-start.sh + ''; + + environment.sessionVariables = { + QT_QPA_PLATFORM = "wayland"; + WLR_NO_HARDWARE_CURSORS = "1"; + }; + + # ── greetd: replaces cage, autologins kemp and starts sway ───────────────── + services.greetd = { + enable = true; + settings = { + default_session = { + command = "${pkgs.sway}/bin/sway --config /etc/sway/kiosk.conf"; + user = "kemp"; + }; + }; + }; + + # ── SSH ───────────────────────────────────────────────────────────────────── services.openssh = { enable = true; settings = { PasswordAuthentication = false; KbdInteractiveAuthentication = false; - PermitRootLogin = "prohibit-password"; # Allow root with SSH keys only + PermitRootLogin = "prohibit-password"; }; }; - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; - - networking.firewall.enable = false; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "25.11"; # Did you read the comment? - -} + system.stateVersion = "25.11"; +} \ No newline at end of file