New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos/cage: init #81327
nixos/cage: init #81327
Conversation
@GrahamcOfBorg eval |
71e1cce
to
9e5776a
Compare
@GrahamcOfBorg test cage |
It seems I don't need to modprobe drm anymore - might have been I tested with a too old nixpkgs checkout that didn't contain the fix, not sure. Tests seem to succeed ;-) |
@GrahamcOfBorg test cage |
"plymouth-start.service" | ||
"plymouth-quit.service" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I had to slightly change these, as the plymouth unit files are named a bit different on NixOS - that config seemed have worked with plymouth on my system, I'm not sure if it's 100% correct.
I don't really understand what was going on there TBH. Would you like to see something changed here regarding plymouth units, or does it look fine? |
@GrahamcOfBorg test cage |
Add a cage module to nixos. This can be used to make kiosk-style systems that boot directly to a single application. The user (demo by default) is automatically logged in by this service and the program (xterm by default) is automatically started. This is useful for some embedded, single-user systems where we want automatic booting. To keep the system secure, the user should have limited privileges. Based on the service provided in the Cage wiki here: https://github.com/Hjdskes/cage/wiki/Starting-Cage-on-boot-with-systemd Co-Authored-By: Florian Klink <flokli@flokli.de>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good
@flokli What's the rationale for hardcoding tty1 here? I was under the impression we could leave the name as |
Also noticed this in journalctl:
|
The previous PR was also hardcoding to tty1, it just used a template unit (which caused it to try to spin up |
Yeah, this should be Also, please let me know if you're fine with the hardcoding of |
Supersedes #80561
Add a cage module to nixos. This can be used to make kiosk-style
systems that boot directly to a single application. The user (demo by
default) is automatically logged in by this service and the
program (xterm by default) is automatically started.
This is useful for some embedded, single-user systems where we want
automatic booting. To keep the system secure, the user should have
limited privileges.
Based on the service provided in the Cage wiki here:
https://github.com/Hjdskes/cage/wiki/Starting-Cage-on-boot-with-systemd
This also adds a test starting cage in a qemu VM and ensuring
alice@machine
is shown byxterm
.Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)