From fdf4e2d50bab331e4d213791c53a4b242ccfdabd Mon Sep 17 00:00:00 2001 From: Manawyrm Date: Fri, 30 Jun 2023 23:52:37 +0200 Subject: [PATCH] Readme: Fix link to kioskbrowser.ini Readme: Add x86 compatibility kiosk: Add tmpfs for /var/lib/private kiosk: Add custom motd kiosk: Add custom issue string kiosk: Fix systemd-logind and systemd-timesyncd readonly handling ntpdate: Autorestart on failure x86: Change EFI partition type to "Basic Data Partition" (was ESP) x86: Fix wpasupplicant package name x86: Set custom grub OS name CI: Combine workflows for all architectures --- .../workflows/{raspberrypi.yml => main.yml} | 33 ++++++++++++++- .github/workflows/x86.yml | 40 ------------------- README.md | 4 +- build_x86.sh | 2 +- kiosk_skeleton/build.sh | 3 ++ .../etc/default/grub.d/anotterkiosk.cfg | 1 + kiosk_skeleton/etc/issue | 2 + kiosk_skeleton/etc/motd | 4 ++ .../etc/systemd/system/ntpdate.service | 5 +++ .../systemd-logind.service.d/override.conf | 2 + .../systemd-timesyncd.service.d/override.conf | 2 + x86_skeleton/setup.sh | 2 +- 12 files changed, 54 insertions(+), 46 deletions(-) rename .github/workflows/{raspberrypi.yml => main.yml} (52%) delete mode 100644 .github/workflows/x86.yml create mode 100644 kiosk_skeleton/etc/default/grub.d/anotterkiosk.cfg create mode 100644 kiosk_skeleton/etc/issue create mode 100644 kiosk_skeleton/etc/motd create mode 100644 kiosk_skeleton/etc/systemd/system/systemd-logind.service.d/override.conf create mode 100644 kiosk_skeleton/etc/systemd/system/systemd-timesyncd.service.d/override.conf diff --git a/.github/workflows/raspberrypi.yml b/.github/workflows/main.yml similarity index 52% rename from .github/workflows/raspberrypi.yml rename to .github/workflows/main.yml index c5c6935..e3176f4 100644 --- a/.github/workflows/raspberrypi.yml +++ b/.github/workflows/main.yml @@ -2,14 +2,43 @@ name: CI on: create: { } - push: { } pull_request: { } permissions: contents: write jobs: - build: + x86: + runs-on: [ubuntu-latest] + + outputs: + pkgfile: ${{ steps.pkgname.outputs.pkgfile }} + + steps: + - name: Check out repo + uses: actions/checkout@v2 + + - name: Install dependencies + run: | + sudo apt update -qq + sudo apt install -yqq libguestfs-tools qemu-utils qemu-system-x86 ovmf qemu-block-extra qemu-user-static binfmt-support rsync sudo wget xz-utils pigz mount dosfstools libarchive-tools + + - name: Build firmware + run: | + ./build_x86.sh + + - name: Release build artifacts + uses: softprops/action-gh-release@v1 + if: startsWith(github.ref, 'refs/tags/') + with: + append_body: true + body_path: ./version-info + files: | + ./anotterkiosk-* + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + raspberrypi: runs-on: [self-hosted, hetzner-cax21] outputs: diff --git a/.github/workflows/x86.yml b/.github/workflows/x86.yml deleted file mode 100644 index 234a04d..0000000 --- a/.github/workflows/x86.yml +++ /dev/null @@ -1,40 +0,0 @@ -name: CI - -on: - create: { } - push: { } - pull_request: { } - -permissions: - contents: write - -jobs: - build: - runs-on: [ubuntu-latest] - - outputs: - pkgfile: ${{ steps.pkgname.outputs.pkgfile }} - - steps: - - name: Check out repo - uses: actions/checkout@v2 - - - name: Install dependencies - run: | - sudo apt update -qq - sudo apt install -yqq libguestfs-tools qemu-utils qemu-system-x86 ovmf qemu-block-extra qemu-user-static binfmt-support rsync sudo wget xz-utils pigz mount dosfstools libarchive-tools - - - name: Build firmware - run: | - ./build_x86.sh - - - name: Release build artifacts - uses: softprops/action-gh-release@v1 - if: startsWith(github.ref, 'refs/tags/') - with: - append_body: true - body_path: ./version-info - files: | - ./anotterkiosk-* - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/README.md b/README.md index d498fa3..3beb4ef 100644 --- a/README.md +++ b/README.md @@ -11,6 +11,7 @@ This project aims to solve a lot of those (at least for the author), it might al - [Images built via CI](https://github.com/Manawyrm/AnotterKiosk/blob/main/.github/workflows/main.yml) - WiFi connection support - Raspberry Pi (Arm64) compatibility +- PC (x86) compatibility - [USB flash drive, USB SSD, etc. compatible](#how-to-use) - aarch64 mode for Raspberry Pis (_significant_ performance improvements over armv7/32bit ARM) - Read-only filesystem handling (no more broken SD cards) @@ -23,7 +24,6 @@ This project aims to solve a lot of those (at least for the author), it might al - SSH tunneling support (for remote-access without port-forwarding, etc.) #### Planned features: -- PC (x86) compatibility - Raspberry Pi PXE/network boot support - Network connectivity watchdog (configurable ping, etc. timeout) - Automatic reboot at specified time @@ -40,7 +40,7 @@ You can use a tool like the [Raspberry Pi Imager](https://www.raspberrypi.com/so When using the latter two, make sure to extract the .gz compression first (using a tool like 7zip). After flashing, re-plug the storage device and open the FAT32 partition. -Open the [`kioskbrowser.ini`](https://github.com/Manawyrm/AnotterKiosk/blob/main/raspberry_pi_skeleton/boot/kioskbrowser.ini) file in a text editor and change everything to your needs. +Open the [`kioskbrowser.ini`](https://github.com/Manawyrm/AnotterKiosk/blob/main/kiosk_skeleton/boot/kioskbrowser.ini) file in a text editor and change everything to your needs. More complex WiFi setups (like WPA2-Enterprise) can be configured by creating a wpa_supplicant.conf. Adding your own SSH keys can be done by creating a authorized_keys file. If you want to use the autossh tunneling features, copy an SSH private key as either "id_rsa" or "id_ed25519". diff --git a/build_x86.sh b/build_x86.sh index 75f6ac1..830793e 100755 --- a/build_x86.sh +++ b/build_x86.sh @@ -23,7 +23,7 @@ first-lba: 34 last-lba: 20971486 sector-size: 512 -x86kiosk.img1 : start= 2048, size= 2095105, type=C12A7328-F81F-11D2-BA4B-00A0C93EC93B, uuid=9C99F1BB-11A8-4BB5-82C2-555D7A38F85C, name="EFI system partition" +x86kiosk.img1 : start= 2048, size= 2095105, type=EBD0A0A2-B9E5-4433-87C0-68B6B72699C7, uuid=9C99F1BB-11A8-4BB5-82C2-555D7A38F85C, name="EFI system partition" x86kiosk.img2 : start= 2099200, size= 18870272, type=0FC63DAF-8483-4772-8E79-3D69D8477DE4, uuid=93A9AB2C-BC29-4C6C-B6DD-1B4EDDED9A1E, name="Linux filesystem" END ) diff --git a/kiosk_skeleton/build.sh b/kiosk_skeleton/build.sh index a96cecd..e04fa08 100755 --- a/kiosk_skeleton/build.sh +++ b/kiosk_skeleton/build.sh @@ -33,6 +33,7 @@ mkdir -p /root/.ssh mkdir -p /var/lib/lightdm mkdir -p /var/lib/dhcpcd mkdir -p /var/lib/nginx +mkdir -p /var/lib/private echo "tmpfs /dev/shm tmpfs mode=0777 0 0" >> /etc/fstab echo "tmpfs /tmp tmpfs mode=1777 0 0" >> /etc/fstab @@ -41,6 +42,7 @@ echo "tmpfs /var/log tmpfs defaults,noatime,nosuid,mode=0755,size=100m 0 0" echo "tmpfs /var/lib/lightdm tmpfs defaults,noatime,nosuid,size=30m 0 0" >> /etc/fstab echo "tmpfs /var/lib/dhcpcd tmpfs defaults,noatime,nosuid,size=30m 0 0" >> /etc/fstab echo "tmpfs /var/lib/nginx tmpfs defaults,noatime,nosuid,size=30m 0 0" >> /etc/fstab +echo "tmpfs /var/lib/private tmpfs defaults,noatime,nosuid,size=30m 0 0" >> /etc/fstab echo "tmpfs /home/pi/.cache tmpfs mode=0755,nosuid,nodev,uid=1000,gid=1000 0 0" >> /etc/fstab echo "tmpfs /home/pi/.config/chromium/ tmpfs mode=0755,nosuid,nodev,uid=1000,gid=1000 0 0" >> /etc/fstab echo "tmpfs /home/pi/.pki/ tmpfs mode=0755,nosuid,nodev,uid=1000,gid=1000 0 0" >> /etc/fstab @@ -71,6 +73,7 @@ systemctl enable kiosk-set-hostname systemctl enable ntpdate systemctl enable lightdm systemctl enable nginx +systemctl enable ssh # generate a version info/build info file echo -n "Chromium version: " >> /version-info diff --git a/kiosk_skeleton/etc/default/grub.d/anotterkiosk.cfg b/kiosk_skeleton/etc/default/grub.d/anotterkiosk.cfg new file mode 100644 index 0000000..a0dca6b --- /dev/null +++ b/kiosk_skeleton/etc/default/grub.d/anotterkiosk.cfg @@ -0,0 +1 @@ +GRUB_DISTRIBUTOR="AnotterKiosk" \ No newline at end of file diff --git a/kiosk_skeleton/etc/issue b/kiosk_skeleton/etc/issue new file mode 100644 index 0000000..7889400 --- /dev/null +++ b/kiosk_skeleton/etc/issue @@ -0,0 +1,2 @@ +AnotterKiosk \n \l + diff --git a/kiosk_skeleton/etc/motd b/kiosk_skeleton/etc/motd new file mode 100644 index 0000000..048b279 --- /dev/null +++ b/kiosk_skeleton/etc/motd @@ -0,0 +1,4 @@ + +Welcome to AnotterKiosk! +Run "mount -o remount,rw /" to make the root filesystem writeable. +FAT32 / config partition is located in /boot. diff --git a/kiosk_skeleton/etc/systemd/system/ntpdate.service b/kiosk_skeleton/etc/systemd/system/ntpdate.service index 0f9ab03..5097ee1 100644 --- a/kiosk_skeleton/etc/systemd/system/ntpdate.service +++ b/kiosk_skeleton/etc/systemd/system/ntpdate.service @@ -4,9 +4,14 @@ Requires=networking.service After=syslog.target networking.service dhcpcd.service Before=lightdm.service +StartLimitIntervalSec=2 +StartLimitBurst=100 + [Service] Type=oneshot ExecStart=ntpdate ptbtime2.ptb.de ptbtime3.ptb.de +Restart=on-failure +RestartSec=5s [Install] WantedBy=multi-user.target diff --git a/kiosk_skeleton/etc/systemd/system/systemd-logind.service.d/override.conf b/kiosk_skeleton/etc/systemd/system/systemd-logind.service.d/override.conf new file mode 100644 index 0000000..4e9e21a --- /dev/null +++ b/kiosk_skeleton/etc/systemd/system/systemd-logind.service.d/override.conf @@ -0,0 +1,2 @@ +[Service] +StateDirectory= diff --git a/kiosk_skeleton/etc/systemd/system/systemd-timesyncd.service.d/override.conf b/kiosk_skeleton/etc/systemd/system/systemd-timesyncd.service.d/override.conf new file mode 100644 index 0000000..4e9e21a --- /dev/null +++ b/kiosk_skeleton/etc/systemd/system/systemd-timesyncd.service.d/override.conf @@ -0,0 +1,2 @@ +[Service] +StateDirectory= diff --git a/x86_skeleton/setup.sh b/x86_skeleton/setup.sh index f6f523b..3a54b5d 100755 --- a/x86_skeleton/setup.sh +++ b/x86_skeleton/setup.sh @@ -2,7 +2,7 @@ echo "deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware" > /etc/apt/sources.list apt update -apt install -y polkitd locales zstd dhcpcd wpa_supplicant +apt install -y polkitd locales zstd dhcpcd wpasupplicant locale-gen en_US.UTF-8 apt install -y firmware-amd-graphics firmware-iwlwifi firmware-brcm80211 firmware-atheros firmware-misc-nonfree firmware-realtek