.github/workflows/main.yml

@@ -1,14 +1,43 @@
 name: CI
 
 on:
-  push:
-    tags:
-      - '*'  # Triggers on any tag push
+  create: { }
+  pull_request: { }
 
 permissions:
   contents: write
 
 jobs:
+  x86:
+    runs-on: [ubuntu-latest]
+
+    outputs:
+      pkgfile: ${{ steps.pkgname.outputs.pkgfile }}
+
+    steps:
+      - name: Check out repo
+        uses: actions/checkout@v2
+
+      - name: Install dependencies
+        run: |
+          sudo apt update -qq
+          sudo apt install -yqq libguestfs-tools qemu-utils qemu-system-x86 ovmf qemu-block-extra qemu-user-static binfmt-support rsync sudo wget xz-utils pigz mount dosfstools libarchive-tools
+          
+      - name: Build firmware
+        run: |
+          ./build_x86.sh
+
+      - name: Release build artifacts
+        uses: softprops/action-gh-release@v1
+        if: startsWith(github.ref, 'refs/tags/')
+        with:
+          append_body: true
+          body_path: ./version-info
+          files: |
+            ./anotterkiosk-*
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
   raspberrypi:
     runs-on: [self-hosted]
 
@@ -30,6 +59,7 @@ jobs:
 
       - name: Release build artifacts
         uses: softprops/action-gh-release@v1
+        if: startsWith(github.ref, 'refs/tags/')
         with:
           append_body: true
           body_path: ./version-info

README.md

@@ -1,23 +1,13 @@
-N-AnotterKiosk (Not-AnotterKiosk)
-=================================
-
-### I have hacked this about alot from the main branch, mainly Raspberry Pi changes
-
-- Removed x86 support
-- Added scheduled screen on/off
-- Added scheduled chrome page refresh
-- Rpi3 Overclock settings
-- Disabled KMS driver for HW screen rotation (screen rotated portrait by default)
+AnotterKiosk
+=============================
 
 ### Overview
-
 Another kiosk browser OS? Yes, this one is a little bit opinionated :)  
 
 The author ran several similar setups in production for years and has seen a lot of problems and strange failure modes.  
 This project aims to solve a lot of those (at least for the author), it might also be useful for others :)  
 
 #### Key features
-
 - [Images built via CI](https://github.com/Manawyrm/AnotterKiosk/blob/main/.github/workflows/main.yml)
 - WiFi connection support
 - Raspberry Pi (Arm64) compatibility
@@ -32,22 +22,18 @@ This project aims to solve a lot of those (at least for the author), it might al
 - SSH support
 - VNC support
 - SSH tunneling support (for remote-access without port-forwarding, etc.)
-- Basic API for Rpi Actions
 
 #### Planned features:
-
 - Raspberry Pi PXE/network boot support
 - Network connectivity watchdog (configurable ping, etc. timeout)
 - Automatic reboot at specified time
 
 #### Security considerations:
-
 - Autossh does not check SSH host keys. This is okay-ish as long as the target server only allows tunneling, nothing else.
 - nginx/PHP are allowed to use sudo/NOPASSWD (because it needs to query the VideoCore, manage service, etc.), more priviledge seperation would be nice
 - due to the skeleton mechanism, the system has some ... creative permissions. some cleanup required.
 
 ### How-To Use
-
 Like any other Raspberry Pi image: download the current .img file from the [Releases](https://github.com/Manawyrm/AnotterKiosk/releases) page and flash it to a storage device of your choice.  
 SD cards, USB flash drives, USB SSDs, SATA SSDs, NVMe SSDs are all good options.  
 You can use a tool like the [Raspberry Pi Imager](https://www.raspberrypi.com/software/), [BalenaEtcher](https://etcher.balena.io/), [Win32DiskImager](https://sourceforge.net/projects/win32diskimager/) or plain "dd" on \*nix-like systems.   
@@ -60,18 +46,15 @@ Adding your own SSH keys can be done by creating a authorized_keys file.
 If you want to use the autossh tunneling features, copy an SSH private key as either "id_rsa" or "id_ed25519".
 
 ### HTTP watchdog functionality
-
 Browsers are complex, networks are unstable and software can be buggy.   
 In order to get the highest reliability possible, self-hosted websites can be modified to include a heartbeat/watchdog functionality.
 This works by requesting a certain http-endpoint from the website at some interval.   
 If your page is being reloaded often (like with a <meta refresh=-header), you can just load the heartbeat-URL as an image:
-
 ```html
 <img src="http://localhost/heartbeat.php" style="display: none;">
 ```
 
 If your page stays on one page for a long time (or is just a single-page application), you might want to use AJAX requests to send a heartbeat:
-
 ```html
 <script>
 const req = new XMLHttpRequest();
@@ -84,46 +67,6 @@ setInterval(function() {
 
 Whenever the heartbeat stops (for whatever reason), the device will first restart the X11 environment (browser, window manager, etc.) and later (if it hasn't recovered) the whole system by rebooting.
 
-### API
-
-Lightweight HTTP API for controlling and monitoring a Raspberry Pi-based kiosk system. It exposes several endpoints that allow you to query system status, control the display, refresh the screen, and reboot the device — all protected by an API key.
-
-API key will be loaded from `/boot/kioskbrowser.ini`
-
-```ini
-[api]
-key = "My Key"
-```
-
-#### Endpoints
-
-All requests must include a key query parameter matching the API key from the INI file.
-
-`GET /script.php?action=status&key=YOUR_API_KEY`
-Returns system status:
-
-```json
-{
-  "temperature": "temp=48.0'C",
-  "voltage": "volt=1.2000V",
-  "throttled": "throttled=0x0",
-  "heartbeat": "2025-06-09 14:33:12"
- }
-```
-
-`GET /script.php?action=screen_off&key=YOUR_API_KEY`
-Turns off the screen.
-
-`GET /script.php?action=screen_on&key=YOUR_API_KEY`
-Turns on the screen.
-
-`GET /script.php?action=screen_refresh&key=YOUR_API_KEY`
-Starts the screen-refresh.service to refresh the screen.
-
-`GET /script.php?action=reboot&key=YOUR_API_KEY`
-Reboots the Raspberry Pi.
-
 ### Inspiration / Other Kiosk-OSes:
-
 - https://github.com/jareware/chilipie-kiosk/
 - https://github.com/guysoft/FullPageOS

build_raspberry_pi.sh

@@ -7,10 +7,10 @@ SCRIPT_DIR="$(dirname "$(realpath "$0")")"
 BUILD_DIR="${SCRIPT_DIR}/work/root/"
 
 # cleanup any previous build attempts
-sudo umount -fl "${BUILD_DIR}" || true
-sudo losetup -D /dev/loop0 || true
-sudo rm -rf "${BUILD_DIR}" || true
-sudo mkdir -p "${BUILD_DIR}"
+umount -fl "${BUILD_DIR}" || true
+losetup -D /dev/loop0 || true
+rm -rf "${BUILD_DIR}" || true
+mkdir -p "${BUILD_DIR}"
 
 # download a modern RaspiOS build
 if [ ! -f raspios.img.xz ]
@@ -51,7 +51,7 @@ sed -i 's/vfat    defaults/vfat    ro,defaults/g' "${BUILD_DIR}/etc/fstab"
 sed -i 's/ext4    defaults/ext4    ro,defaults/g' "${BUILD_DIR}/etc/fstab"
 
 # Include git repo version info
-echo -n "N-AnotterKiosk Raspberry Pi version: " > "${BUILD_DIR}/version-info"
+echo -n "AnotterKiosk Raspberry Pi version: " > "${BUILD_DIR}/version-info"
 git describe --abbrev=4 --dirty --always --tags >> "${BUILD_DIR}/version-info"
 
 # Mount system partitions (from the build host)
@@ -84,5 +84,5 @@ sudo umount "${BUILD_DIR}"
 sudo losetup -D /dev/loop0
 
 tag=$(git describe --abbrev=4 --dirty --always --tags)
-mv raspikiosk.img n-anotterkiosk-${tag}-arm64-raspberrypi.img
-pigz -4 n-anotterkiosk-${tag}-arm64-raspberrypi.img
+mv raspikiosk.img anotterkiosk-${tag}-arm64-raspberrypi.img
+pigz -4 anotterkiosk-${tag}-arm64-raspberrypi.img

kiosk_skeleton/boot/kioskbrowser.ini

@@ -20,10 +20,6 @@ reboot_time = 04:00
 ; configure chrome to refresh the page every x minutes
 ;refresh_screen_every_x_min=15
 
-[api]
-; apikey to be sent with commands to /api.php
-key = "MyKey"
-
 [wifi]
 ; If you need more complex WiFi settings (like WPA2-Enterprise, hidden SSIDs, etc.)
 ; create a file called wpa_supplicant.conf on this partition.

kiosk_skeleton/build.sh

@@ -80,7 +80,8 @@ systemctl enable nginx
 systemctl enable ssh
 systemctl enable kiosk-sechedule-screen.service
 systemctl enable schedule-reboot.service
-systemctl enable setup-refresh-timer.service
+systemctl enable screen-refresh.service
+systemctl enable setup-screen-refresh.service
 
 
 # generate a version info/build info file

kiosk_skeleton/etc/systemd/system/screen-refresh.service

@@ -0,0 +1,10 @@
+[Unit]
+Description=Refresh Screen
+After=graphical.target
+
+[Service]
+Type=oneshot
+User=pi
+Environment=DISPLAY=:0
+Environment=XAUTHORITY=/home/pi/.Xauthority
+ExecStart=/usr/bin/refresh-screen

kiosk_skeleton/usr/bin/schedule-reboot

@@ -1,16 +1,6 @@
 #!/bin/bash
 
 INI_FILE="/boot/kioskbrowser.ini"
-
-remount_root() {
-    local mode=$1
-    echo "Remounting root filesystem as $mode..."
-    mount -o remount,"$mode" / || {
-        echo "Failed to remount root as $mode"
-        exit 1
-    }
-}
-
 REBOOT_ENABLED=$(awk -F '=' '/^\[reboot\]/ { in_reboot=1; next }
                              in_reboot && /^\[/ { in_reboot=0 }
                              in_reboot && $1 ~ /enabled/ { gsub(/ /, "", $2); print $2 }' "$INI_FILE")
@@ -22,8 +12,6 @@ REBOOT_TIME=$(awk -F '=' '/^\[reboot\]/ { in_reboot=1; next }
 if [[ "$REBOOT_ENABLED" -eq 1 ]] && [[ "$REBOOT_TIME" =~ ^[0-2][0-9]:[0-5][0-9]$ ]]; then
     echo "Scheduling reboot for $REBOOT_TIME..."
 
-    remount_root rw
-
     TARGET_TIME=$(date -d "$REBOOT_TIME" +%s)
     NOW=$(date +%s)
 
@@ -46,6 +34,7 @@ Persistent=false
 WantedBy=timers.target
 EOF
 
+    # Create the associated service
     cat <<EOF > /etc/systemd/system/reboot-at.service
 [Unit]
 Description=Scheduled Reboot
@@ -57,8 +46,6 @@ EOF
 
     systemctl daemon-reload
     systemctl enable --now reboot-at.timer
-
-    remount_root ro
 else
     echo "Reboot not scheduled (disabled or invalid time)"
 fi

kiosk_skeleton/usr/bin/schedule-screen-timers

@@ -3,18 +3,6 @@
 INI_FILE="/boot/kioskbrowser.ini"
 SYSTEMD_DIR="/etc/systemd/system"
 
-
-# Function to safely remount root FS
-remount_root() {
-    local mode=$1
-    echo "Remounting root filesystem as $mode..."
-    mount -o remount,"$mode" / || {
-        echo "Failed to remount root as $mode"
-        exit 1
-    }
-}
-
-
 get_ini_value() {
     local section=$1 key=$2
     awk -F '=' -v sec="$section" -v k="$key" '
@@ -29,17 +17,6 @@ get_ini_value() {
 create_recurring_timer() {
     local action=$1
     local time=$2
-    local value
-
-    if [[ "$action" == "on" ]]; then
-        value=1
-    elif [[ "$action" == "off" ]]; then
-        value=0
-    else
-        echo "Invalid action: $action"
-        return 1
-    fi
-
     local name="screen-${action}"
 
     echo "Setting daily screen ${action} at ${time}"
@@ -62,7 +39,9 @@ Description=Turn screen ${action}
 
 [Service]
 Type=oneshot
-ExecStart=/usr/bin/vcgencmd display_power ${value}
+Environment=DISPLAY=:0
+ExecStart=/usr/bin/xset dpms force ${action}
+Environment=XAUTHORITY=/home/pi/.Xauthority
 User=pi
 EOF
 
@@ -70,7 +49,6 @@ EOF
     systemctl enable --now "${name}.timer"
 }
 
-
 cleanup_screen_timers() {
     for action in on off; do
         systemctl disable --now screen-${action}.timer 2>/dev/null
@@ -79,8 +57,6 @@ cleanup_screen_timers() {
     systemctl daemon-reload
 }
 
-remount_root rw
-
 # === MAIN ===
 SCREEN_ON=$(get_ini_value screen screen_on_time)
 SCREEN_OFF=$(get_ini_value screen screen_off_time)
@@ -89,5 +65,3 @@ cleanup_screen_timers
 
 [[ "$SCREEN_ON"  =~ ^[0-2][0-9]:[0-5][0-9]$ ]] && create_recurring_timer on "$SCREEN_ON"
 [[ "$SCREEN_OFF" =~ ^[0-2][0-9]:[0-5][0-9]$ ]] && create_recurring_timer off "$SCREEN_OFF"
-
-remount_root ro

kiosk_skeleton/usr/bin/setup-refresh-timer

@@ -29,13 +29,9 @@ if [[ "$REFRESH_INTERVAL" =~ ^[0-9]+$ ]] && (( REFRESH_INTERVAL > 0 )); then
     cat <<EOF | tee "$SERVICE_UNIT" > /dev/null
 [Unit]
 Description=Refresh Screen
-After=graphical.target
 
 [Service]
 Type=oneshot
-User=pi
-Environment=DISPLAY=:0
-Environment=XAUTHORITY=/home/pi/.Xauthority
 ExecStart=/usr/bin/refresh-screen
 EOF
 

kiosk_skeleton/var/www/html/api.php

@@ -1,60 +0,0 @@
-<?php
-header('Content-Type: application/json');
-
-// Load API key from INI file
-$iniFile = '/boot/kioskbrowser.ini';
-if (!file_exists($iniFile)) {
-    http_response_code(500);
-    echo json_encode(["error" => "INI file not found"]);
-    exit;
-}
-
-$config = parse_ini_file($iniFile, true);
-$API_KEY = trim($config['api']['key'], "\"'"); // Remove any surrounding quotes
-
-// API key check
-if (!isset($_GET['key']) || $_GET['key'] !== $API_KEY) {
-    http_response_code(403);
-    echo json_encode(["error" => "Forbidden"]);
-    exit;
-}
-
-// Get action
-$action = $_GET['action'] ?? '';
-
-switch ($action) {
-    case 'status':
-        echo json_encode([
-            'temperature' => trim(shell_exec("sudo vcgencmd measure_temp")),
-            'voltage'     => trim(shell_exec("sudo vcgencmd measure_volts")),
-            'throttled'   => trim(shell_exec("sudo vcgencmd get_throttled")),
-            'heartbeat'   => date("Y-m-d H:i:s", filemtime("/dev/shm/heartbeat")),
-        ]);
-        break;
-
-    case 'screen_off':
-        shell_exec("sudo vcgencmd display_power 0");
-        echo json_encode(["message" => "Screen turned off"]);
-        break;
-
-    case 'screen_on':
-        shell_exec("sudo vcgencmd display_power 1");
-        echo json_encode(["message" => "Screen turned on"]);
-        break;
-
-    case 'screen_refresh':
-        shell_exec("sudo systemctl start screen-refresh.service");
-        echo json_encode(["message" => "Screen refreshed"]);
-        break;
-
-    case 'reboot':
-        shell_exec("sudo reboot");
-        echo json_encode(["message" => "Rebooting"]);
-        break;
-
-    default:
-        http_response_code(400);
-        echo json_encode(["error" => "Invalid action"]);
-        break;
-}
-?>

raspberry_pi_skeleton/boot/cmdline.txt

@@ -1 +1 @@
-console=serial0,115200 console=tty1 root=PARTUUID=544c6228-02 rootfstype=ext4 ro rootwait logo.nologo consoleblank=0 loglevel=0 quiet
+console=serial0,115200 console=tty1 root=PARTUUID=544c6228-02 rootfstype=ext4 rw rootwait logo.nologo consoleblank=0 loglevel=0 quiet