Readme: Fix link to kioskbrowser.ini

Readme: Add x86 compatibility
kiosk: Add tmpfs for /var/lib/private
kiosk: Add custom motd
kiosk: Add custom issue string
kiosk: Fix systemd-logind and systemd-timesyncd readonly handling
ntpdate: Autorestart on failure
x86: Change EFI partition type to "Basic Data Partition" (was ESP)
x86: Fix wpasupplicant package name
x86: Set custom grub OS name
CI: Combine workflows for all architectures

.github/workflows/main.yml

@@ -2,14 +2,43 @@ name: CI
 
 on:
   create: { }
-  push: { }
   pull_request: { }
 
 permissions:
   contents: write
 
 jobs:
-  build:
+  x86:
+    runs-on: [ubuntu-latest]
+
+    outputs:
+      pkgfile: ${{ steps.pkgname.outputs.pkgfile }}
+
+    steps:
+      - name: Check out repo
+        uses: actions/checkout@v2
+
+      - name: Install dependencies
+        run: |
+          sudo apt update -qq
+          sudo apt install -yqq libguestfs-tools qemu-utils qemu-system-x86 ovmf qemu-block-extra qemu-user-static binfmt-support rsync sudo wget xz-utils pigz mount dosfstools libarchive-tools
+          
+      - name: Build firmware
+        run: |
+          ./build_x86.sh
+
+      - name: Release build artifacts
+        uses: softprops/action-gh-release@v1
+        if: startsWith(github.ref, 'refs/tags/')
+        with:
+          append_body: true
+          body_path: ./version-info
+          files: |
+            ./anotterkiosk-*
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  raspberrypi:
     runs-on: [self-hosted, hetzner-cax21]
 
     outputs:

.github/workflows/x86.yml

@@ -1,40 +0,0 @@
-name: CI
-
-on:
-  create: { }
-  push: { }
-  pull_request: { }
-
-permissions:
-  contents: write
-
-jobs:
-  build:
-    runs-on: [ubuntu-latest]
-
-    outputs:
-      pkgfile: ${{ steps.pkgname.outputs.pkgfile }}
-
-    steps:
-      - name: Check out repo
-        uses: actions/checkout@v2
-
-      - name: Install dependencies
-        run: |
-          sudo apt update -qq
-          sudo apt install -yqq libguestfs-tools qemu-utils qemu-system-x86 ovmf qemu-block-extra qemu-user-static binfmt-support rsync sudo wget xz-utils pigz mount dosfstools libarchive-tools
-          
-      - name: Build firmware
-        run: |
-          ./build_x86.sh
-
-      - name: Release build artifacts
-        uses: softprops/action-gh-release@v1
-        if: startsWith(github.ref, 'refs/tags/')
-        with:
-          append_body: true
-          body_path: ./version-info
-          files: |
-            ./anotterkiosk-*
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

README.md

@@ -11,6 +11,7 @@ This project aims to solve a lot of those (at least for the author), it might al
 - [Images built via CI](https://github.com/Manawyrm/AnotterKiosk/blob/main/.github/workflows/main.yml)
 - WiFi connection support
 - Raspberry Pi (Arm64) compatibility
+- PC (x86) compatibility
 - [USB flash drive, USB SSD, etc. compatible](#how-to-use)
 - aarch64 mode for Raspberry Pis (_significant_ performance improvements over armv7/32bit ARM)
 - Read-only filesystem handling (no more broken SD cards)
@@ -23,7 +24,6 @@ This project aims to solve a lot of those (at least for the author), it might al
 - SSH tunneling support (for remote-access without port-forwarding, etc.)
 
 #### Planned features:
-- PC (x86) compatibility
 - Raspberry Pi PXE/network boot support
 - Network connectivity watchdog (configurable ping, etc. timeout)
 - Automatic reboot at specified time
@@ -40,7 +40,7 @@ You can use a tool like the [Raspberry Pi Imager](https://www.raspberrypi.com/so
 When using the latter two, make sure to extract the .gz compression first (using a tool like 7zip).  
 
 After flashing, re-plug the storage device and open the FAT32 partition.  
-Open the [`kioskbrowser.ini`](https://github.com/Manawyrm/AnotterKiosk/blob/main/raspberry_pi_skeleton/boot/kioskbrowser.ini) file in a text editor and change everything to your needs.  
+Open the [`kioskbrowser.ini`](https://github.com/Manawyrm/AnotterKiosk/blob/main/kiosk_skeleton/boot/kioskbrowser.ini) file in a text editor and change everything to your needs.  
 More complex WiFi setups (like WPA2-Enterprise) can be configured by creating a wpa_supplicant.conf.  
 Adding your own SSH keys can be done by creating a authorized_keys file.  
 If you want to use the autossh tunneling features, copy an SSH private key as either "id_rsa" or "id_ed25519".

build_x86.sh

@@ -23,7 +23,7 @@ first-lba: 34
 last-lba: 20971486
 sector-size: 512
 
-x86kiosk.img1 : start=        2048, size=     2095105, type=C12A7328-F81F-11D2-BA4B-00A0C93EC93B, uuid=9C99F1BB-11A8-4BB5-82C2-555D7A38F85C, name="EFI system partition"
+x86kiosk.img1 : start=        2048, size=     2095105, type=EBD0A0A2-B9E5-4433-87C0-68B6B72699C7, uuid=9C99F1BB-11A8-4BB5-82C2-555D7A38F85C, name="EFI system partition"
 x86kiosk.img2 : start=     2099200, size=    18870272, type=0FC63DAF-8483-4772-8E79-3D69D8477DE4, uuid=93A9AB2C-BC29-4C6C-B6DD-1B4EDDED9A1E, name="Linux filesystem"
 END
 )

kiosk_skeleton/build.sh

@@ -33,6 +33,7 @@ mkdir -p /root/.ssh
 mkdir -p /var/lib/lightdm
 mkdir -p /var/lib/dhcpcd
 mkdir -p /var/lib/nginx
+mkdir -p /var/lib/private
 
 echo "tmpfs		/dev/shm	tmpfs	mode=0777	0	0" >> /etc/fstab
 echo "tmpfs		/tmp		tmpfs	mode=1777	0	0" >> /etc/fstab
@@ -41,6 +42,7 @@ echo "tmpfs		/var/log	tmpfs		defaults,noatime,nosuid,mode=0755,size=100m    0 0"
 echo "tmpfs		/var/lib/lightdm	tmpfs	defaults,noatime,nosuid,size=30m    0 0" >> /etc/fstab
 echo "tmpfs		/var/lib/dhcpcd	tmpfs	defaults,noatime,nosuid,size=30m    0 0" >> /etc/fstab
 echo "tmpfs		/var/lib/nginx	tmpfs	defaults,noatime,nosuid,size=30m    0 0" >> /etc/fstab
+echo "tmpfs		/var/lib/private	tmpfs	defaults,noatime,nosuid,size=30m    0 0" >> /etc/fstab
 echo "tmpfs		/home/pi/.cache tmpfs mode=0755,nosuid,nodev,uid=1000,gid=1000  0       0" >> /etc/fstab
 echo "tmpfs		/home/pi/.config/chromium/ tmpfs mode=0755,nosuid,nodev,uid=1000,gid=1000  0       0" >> /etc/fstab
 echo "tmpfs		/home/pi/.pki/ tmpfs mode=0755,nosuid,nodev,uid=1000,gid=1000  0       0" >> /etc/fstab
@@ -71,6 +73,7 @@ systemctl enable kiosk-set-hostname
 systemctl enable ntpdate
 systemctl enable lightdm
 systemctl enable nginx
+systemctl enable ssh
 
 # generate a version info/build info file
 echo -n "Chromium version: " >> /version-info

kiosk_skeleton/etc/default/grub.d/anotterkiosk.cfg

@@ -0,0 +1 @@
+GRUB_DISTRIBUTOR="AnotterKiosk"

kiosk_skeleton/etc/issue

@@ -0,0 +1,2 @@
+AnotterKiosk \n \l
+

kiosk_skeleton/etc/motd

@@ -0,0 +1,4 @@
+
+Welcome to AnotterKiosk!
+Run "mount -o remount,rw /" to make the root filesystem writeable.
+FAT32 / config partition is located in /boot.

kiosk_skeleton/etc/systemd/system/ntpdate.service

@@ -4,9 +4,14 @@ Requires=networking.service
 After=syslog.target networking.service dhcpcd.service
 Before=lightdm.service
 
+StartLimitIntervalSec=2
+StartLimitBurst=100
+
 [Service]
 Type=oneshot
 ExecStart=ntpdate ptbtime2.ptb.de ptbtime3.ptb.de
+Restart=on-failure
+RestartSec=5s
 
 [Install]
 WantedBy=multi-user.target

kiosk_skeleton/etc/systemd/system/systemd-logind.service.d/override.conf

@@ -0,0 +1,2 @@
+[Service]
+StateDirectory=

kiosk_skeleton/etc/systemd/system/systemd-timesyncd.service.d/override.conf

@@ -0,0 +1,2 @@
+[Service]
+StateDirectory=

x86_skeleton/setup.sh

@@ -2,7 +2,7 @@
 
 echo "deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware" > /etc/apt/sources.list
 apt update
-apt install -y polkitd locales zstd dhcpcd wpa_supplicant
+apt install -y polkitd locales zstd dhcpcd wpasupplicant
 locale-gen en_US.UTF-8
 
 apt install -y firmware-amd-graphics firmware-iwlwifi firmware-brcm80211 firmware-atheros firmware-misc-nonfree firmware-realtek