Add a11ywatch and related configurations for Podman and Nginx

- Introduced a new module for a11ywatch with Podman support, creating a bridge network and defining backend and frontend containers. - Configured Nginx to serve the a11ywatch application with SSL and ACME support. - Added user and group configurations for a11ywatch. - Created a systemd service to ensure the Podman network exists on boot. Implement Firefox Container Controller extension and host - Added a module for the Firefox Container Controller extension, allowing installation via Nix. - Created a native messaging host for the extension to communicate with the container controller. - Included CLI helpers to enqueue commands for showing and hiding containers. Enable fingerprint authentication in PAM - Configured fingerprint authentication for login, sudo, and swaylock services. Setup Raspberry Pi OS image creation script - Developed a script to create a read-only Raspberry Pi OS Lite image with Snapcast client. - Included configuration for Wi-Fi, hostname, and Snapcast server. - Implemented user and group setup for Snapcast client and ensured necessary services are enabled. Document Raspberry Pi Zero W setup instructions - Added detailed instructions for configuring Raspberry Pi OS on Zero W, including disabling unused services and setting up Snapcast client. Create test configuration script for NixOS - Implemented a script to perform dry-builds for NixOS configurations, allowing for easy validation of host configurations.
2025-05-29 00:10:07 +02:00
parent 8e52274edd
commit 53d73142ae
32 changed files with 1280 additions and 104 deletions
--- a/hosts/nb/configuration.nix
+++ b/hosts/nb/configuration.nix
@@ -24,12 +24,15 @@ in {
      ./utils/modules/sops.nix
      ./utils/modules/nur.nix
      ./modules/appimage.nix
+      ./modules/desktop
      ./modules/sway/sway.nix
      # ./modules/printer.nix
      # ./modules/cyberghost.nix
      ./utils/modules/autoupgrade.nix
      ./modules/puppeteer.nix

+      # ./modules/development
+
      ./cachix.nix
      ./users

@@ -38,6 +41,7 @@ in {
      ./modules/coding.nix

      # ./modules/steam.nix
+      ./modules/fingerprint.nix

      ./hardware-configuration.nix

@@ -57,6 +61,7 @@ in {
    open-sans
    nix-prefetch
    jq
+    mkcert
    oh-my-zsh
    zsh-autosuggestions
    zsh-completions
--- a/hosts/nb/modules/desktop/default.nix
+++ b/hosts/nb/modules/desktop/default.nix
@@ -0,0 +1,4 @@
+{ pkgs, ... }: {
+  imports = [
+  ];
+}
--- a/hosts/nb/modules/desktop/firefox-container-controller-extension.nix
+++ b/hosts/nb/modules/desktop/firefox-container-controller-extension.nix
@@ -0,0 +1,67 @@
+# firefox-container-controller-extension.nix
+# Import this file in your configuration.nix to build and install the Container Controller extension.
+# Usage in configuration.nix:
+#
+# let
+#   containerControllerXpi = import ./firefox-container-controller-extension.nix { inherit pkgs; };
+# in {
+#   programs.firefox = {
+#     enable = true;
+#     profiles.default = {
+#       extensions = [ containerControllerXpi ];
+#     };
+#   };
+# }
+
+{ pkgs }:
+
+pkgs.runCommand "firefox-containercontroller-xpi" {
+  nativeBuildInputs = [ pkgs.zip ];
+} ''
+  # Create temp dir for packaging
+  TMPDIR=$(mktemp -d)
+  cd "$TMPDIR"
+
+  # Write manifest.json without leading spaces
+  cat > manifest.json << 'EOF'
+{
+  "manifest_version": 2,
+  "name": "Container Controller",
+  "version": "1.0",
+  "applications": { "gecko": { "id": "containercontroller@cloonar.com" } },
+  "permissions": ["containers", "nativeMessaging"],
+  "background": { "scripts": ["background.js"] }
+}
+EOF
+
+  # Write background.js without indentation
+  cat > background.js << 'EOF'
+async function poll() {
+  const resp = await browser.runtime.sendNativeMessage(
+    "com.firefox.containercontroller", {}
+  );
+  if (resp.userContextId && resp.action) {
+    try {
+      if (resp.action === "hide") {
+        await browser.containers.hideContainer({ userContextId: resp.userContextId });
+      } else if (resp.action === "show") {
+        await browser.containers.showContainer({ userContextId: resp.userContextId });
+      }
+    } catch (e) {}
+  }
+}
+
+// Poll every second
+setInterval(poll, 1000);
+EOF
+
+  # Ensure the Firefox extensions directory exists in the output
+  mkdir -p "$out/share/firefox/extensions"
+
+  # Create ZIP archive at root of package
+  # and use the updated extension id for the filename
+  zip -r "$out/share/firefox/extensions/containercontroller@cloonar.com.xpi" manifest.json background.js
+
+  # Clean up
+  rm -rf "$TMPDIR"
+''
--- a/hosts/nb/modules/desktop/firefox-container-controller-host.nix
+++ b/hosts/nb/modules/desktop/firefox-container-controller-host.nix
@@ -0,0 +1,59 @@
+{ pkgs, lib, ... }:
+
+let
+  # 1) Native‐messaging host: reads and clears the queued JSON command
+  containerControllerHost = pkgs.writeScriptBin "firefox-containercontroller-host" ''
+    #!/usr/bin/env bash
+    CMD_FILE="$HOME/.cache/firefox-container-command.json"
+    if [ -f "$CMD_FILE" ]; then
+      cat "$CMD_FILE"
+      rm "$CMD_FILE"
+    else
+      echo '{}'
+    fi
+  '';
+
+  # 2) CLI helper to enqueue a “hide” command
+  hideContainer = pkgs.writeScriptBin "hide-container" ''
+    #!/usr/bin/env bash
+    if [ -z "$1" ]; then
+      echo "Usage: $0 <userContextId>" >&2
+      exit 1
+    fi
+    ID="$1"
+    mkdir -p "$HOME/.cache"
+    printf '{"userContextId": %s, "action": "hide"}' "$ID" \
+      > "$HOME/.cache/firefox-container-command.json"
+  '';
+
+  # 3) CLI helper to enqueue a “show” command
+  showContainer = pkgs.writeScriptBin "show-container" ''
+    #!/usr/bin/env bash
+    if [ -z "$1" ]; then
+      echo "Usage: $0 <userContextId>" >&2
+      exit 1
+    fi
+    ID="$1"
+    mkdir -p "$HOME/.cache"
+    printf '{"userContextId": %s, "action": "show"}' "$ID" \
+      > "$HOME/.cache/firefox-container-command.json"
+  '';
+in
+{
+  # Install host + helpers
+  environment.systemPackages = [
+    containerControllerHost
+    hideContainer
+    showContainer
+  ];
+
+  # Register the native‐messaging host for our extension
+  environment.etc."mozilla/native-messaging-hosts/com.firefox.containercontroller.json".text =
+    builtins.toJSON {
+      name               = "com.firefox.containercontroller";
+      description        = "Native messaging host for Container Controller";
+      path               = containerControllerHost;
+      type               = "stdio";
+      allowed_extensions = [ "containercontroller@cloonar.com" ];
+    };
+}
--- a/hosts/nb/modules/development/mcp.nix
+++ b/hosts/nb/modules/development/mcp.nix
@@ -1,11 +1,13 @@

 { config, pkgs, lib, ... }:
 let
+  pkgs = import (builtins.fetchTarball "https://github.com/NixOS/nixpkgs/archive/refs/heads/nixos-unstable.tar.gz") { };
+  mcp-servers = import (builtins.fetchTarball "https://github.com/natsukium/mcp-servers-nix/archive/refs/heads/main.tar.gz") { inherit pkgs; };
 in {
-  nixpkgs.overlays = [
-    (import (builtins.fetchTarball "https://github.com/natsukium/mcp-servers-nix/archive/main.tar.gz")).overlays.default
-  ];
-  environment.systemPackages = with pkgs; [
-    mcp-server-fetch
-  ];
+  mcp-servers.lib.mkConfig pkgs {
+    programs = {
+      fetch.enable = true;
+      memory.enable = true;
+    };
+  };
 }
--- a/hosts/nb/modules/fingerprint.nix
+++ b/hosts/nb/modules/fingerprint.nix
@@ -0,0 +1,9 @@
+{ config, pkgs, ... }:
+
+{
+  services.fprintd.enable = true;
+
+  security.pam.services.login.fprintAuth = true;
+  security.pam.services.sudo.fprintAuth = true;
+  security.pam.services.swaylock.fprintAuth = true;
+}
--- a/hosts/nb/modules/sway/social.nix
+++ b/hosts/nb/modules/sway/social.nix
@@ -5,7 +5,10 @@ let
    name = "social";
    desktopName = "Firefox browser with social profile";
    exec = "firefox -P social";
+    # exec= "firefox -P social --marionette --remote-debugging-port 2828 --no-remote";
  };
 in {
-  environment.systemPackages = [ socialDesktopItem ];
+  environment.systemPackages = with pkgs; [
+    socialDesktopItem
+  ];
 }