From b3ac11ef384eb10df8dcac76613eaa7f692c189b Mon Sep 17 00:00:00 2001
From: DerGrumpf <phil.keier@hotmail.com>
Date: Mon, 13 Apr 2026 19:15:30 +0200
Subject: [PATCH] Added Cage as interface

---
 .gitignore                               |  2 +
 hosts/cyper-controller/configuration.nix |  1 +
 nixos/roles/cage.nix                     | 48 ++++++++++++++++++++++++
 3 files changed, 51 insertions(+)
 create mode 100644 nixos/roles/cage.nix

diff --git a/.gitignore b/.gitignore
index cbd5a89..cbdecd7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,7 @@
 # Nix build results
 result
 result-*
+*.qcow2
 
 # Ignore everything in the secrets directory
 secrets/*
@@ -24,6 +25,7 @@ secrets/ssh-private
 # secrets (encrypted via sops, but extra safety)
 secrets/*.yaml~
 
+
 # Editor
 .direnv/
 .envrc
diff --git a/hosts/cyper-controller/configuration.nix b/hosts/cyper-controller/configuration.nix
index 68a7598..8006aaf 100644
--- a/hosts/cyper-controller/configuration.nix
+++ b/hosts/cyper-controller/configuration.nix
@@ -12,6 +12,7 @@
     ../../nixos/roles/gitea.nix
     ../../nixos/roles/vaultwarden.nix
     ../../nixos/roles/frontpage
+    ../../nixos/roles/cage.nix
   ];
 
   networking = {
diff --git a/nixos/roles/cage.nix b/nixos/roles/cage.nix
new file mode 100644
index 0000000..21c2b5d
--- /dev/null
+++ b/nixos/roles/cage.nix
@@ -0,0 +1,48 @@
+{ pkgs, ... }:
+let
+  kiosk-url = "https://www.cyperpunk.de";
+  kiosk-user = "kiosk";
+  kiosk-program =
+    "${pkgs.chromium}/bin/chromium "
+    + "--kiosk "
+    + "--app=${kiosk-url} "
+    + "--noerrdialogs "
+    + "--disable-infobars "
+    + "--no-first-run "
+    + "--disable-translate "
+    + "--disable-features=TranslateUI "
+    + "--autoplay-policy=no-user-gesture-required "
+    + "--enable-features=WebUIDarkMode "
+    + "--force-dark-mode ";
+in
+{
+  environment = {
+    systemPackages = [
+      pkgs.cage
+      pkgs.chromium
+    ];
+
+    variables = {
+      XKB_DEFAULT_LAYOUT = "de";
+      XKB_DEFAULT_VARIANT = "mac";
+      XKB_DEFAULT_OPTIONS = "terminate:ctrl_alt_bksp";
+    };
+
+    loginShellInit = ''
+      if [ "$(tty)" = "/dev/tty1" ] && [ "$USER" = "${kiosk-user}" ]; then
+        export XDG_CONFIG_HOME=/home/${kiosk-user}/.config
+        export XDG_CACHE_HOME=/home/${kiosk-user}/.cache
+        exec ${pkgs.cage}/bin/cage -s -- ${kiosk-program}
+      fi
+    '';
+  };
+
+  services.getty.autologinUser = kiosk-user;
+
+  users.users.${kiosk-user} = {
+    isNormalUser = true;
+    home = "/home/${kiosk-user}";
+    createHome = true;
+  };
+
+}