bryan/nixos
0
0
Fork 0
mirror of https://github.com/itme-brain/nixos.git synced 2026-05-08 14:50:12 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
nixos/system/machines/tv/modules/kiosk/default.nix
Bryan Ramos 99c1e0a4fc added tv
2026-04-19 13:29:28 -04:00

84 lines
2.5 KiB
Nix
Raw Blame History

{ pkgs, lib, config, ... }:
with lib;
let
cfg = config.modules.system.kiosk;
in
{
options.modules.system.kiosk = {
enable = mkEnableOption "kiosk mode (Cage + Firefox fullscreen browser)";
user = mkOption {
type = types.str;
description = "user account the kiosk session runs as";
};
url = mkOption {
type = types.str;
default = "about:blank";
description = "URL loaded by Firefox on startup";
};
};
config = mkIf cfg.enable {
# Cage is a minimal Wayland compositor that runs exactly one program
# fullscreen. Combined with auto-login it gives us a zero-chrome kiosk.
services.cage = {
enable = true;
user = cfg.user;
program = ''
${pkgs.firefox}/bin/firefox \
--kiosk \
${cfg.url}
'';
};
# System-wide Firefox policies. Writes /etc/firefox/policies/policies.json
# which Firefox reads regardless of how it's launched.
programs.firefox = {
enable = true;
policies = {
# Force-install uBlock Origin from AMO. The "latest.xpi" URL is
# Mozilla's stable redirect — it always resolves to the current
# release and is explicitly supported for enterprise policy use.
ExtensionSettings = {
"uBlock0@raymondhill.net" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
installation_mode = "force_installed";
};
};
# Trim everything Firefox does that makes no sense on a TV
DisableTelemetry = true;
DisablePocket = true;
DisableFirefoxStudies = true;
DisableProfileImport = true;
DontCheckDefaultBrowser = true;
OverrideFirstRunPage = "";
OverridePostUpdatePage = "";
NoDefaultBookmarks = true;
PasswordManagerEnabled = false;
# DRM on — required for Netflix/Prime/etc. to even attempt playback.
# On aarch64 the Widevine CDM still has to be fetched at runtime and
# may be refused by streaming services; YouTube/Twitch/non-DRM work
# regardless.
EncryptedMediaExtensions = {
Enabled = true;
Locked = true;
};
};
};
# Firefox runs on Wayland cleanly only with this env var.
environment.sessionVariables.MOZ_ENABLE_WAYLAND = "1";
# PipeWire for audio out over HDMI / 3.5mm
services.pipewire = {
enable = true;
audio.enable = true;
pulse.enable = true;
alsa.enable = true;
};
};
}
Reference in a new issue View git blame Copy permalink