.github/workflows/main.yml

@@ -1,14 +1,43 @@
 name: CI
 
 on:
-  push:
+  create: { }
-    tags:
+  pull_request: { }
-      - '*'  # Triggers on any tag push
 
 permissions:
   contents: write
 
 jobs:
+  x86:
+    runs-on: [ubuntu-latest]
+
+    outputs:
+      pkgfile: ${{ steps.pkgname.outputs.pkgfile }}
+
+    steps:
+      - name: Check out repo
+        uses: actions/checkout@v2
+
+      - name: Install dependencies
+        run: |
+          sudo apt update -qq
+          sudo apt install -yqq libguestfs-tools qemu-utils qemu-system-x86 ovmf qemu-block-extra qemu-user-static binfmt-support rsync sudo wget xz-utils pigz mount dosfstools libarchive-tools
+          
+      - name: Build firmware
+        run: |
+          ./build_x86.sh
+
+      - name: Release build artifacts
+        uses: softprops/action-gh-release@v1
+        if: startsWith(github.ref, 'refs/tags/')
+        with:
+          append_body: true
+          body_path: ./version-info
+          files: |
+            ./anotterkiosk-*
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
   raspberrypi:
     runs-on: [self-hosted]
 
@@ -30,6 +59,7 @@ jobs:
 
       - name: Release build artifacts
         uses: softprops/action-gh-release@v1
+        if: startsWith(github.ref, 'refs/tags/')
         with:
           append_body: true
           body_path: ./version-info

README.md

@@ -1,23 +1,20 @@
 N-AnotterKiosk (Not-AnotterKiosk)
-=================================
+=============================
 
 ### I have hacked this about alot from the main branch, mainly Raspberry Pi changes
-
+ - Removed the RO filesystem
-- Removed x86 support
  - Added scheduled screen on/off
  - Added scheduled chrome page refresh
  - Rpi3 Overclock settings
  - Disabled KMS driver for HW screen rotation (screen rotated portrait by default)
 
 ### Overview
-
 Another kiosk browser OS? Yes, this one is a little bit opinionated :)  
 
 The author ran several similar setups in production for years and has seen a lot of problems and strange failure modes.  
 This project aims to solve a lot of those (at least for the author), it might also be useful for others :)  
 
 #### Key features
-
 - [Images built via CI](https://github.com/Manawyrm/AnotterKiosk/blob/main/.github/workflows/main.yml)
 - WiFi connection support
 - Raspberry Pi (Arm64) compatibility
@@ -32,22 +29,18 @@ This project aims to solve a lot of those (at least for the author), it might al
 - SSH support
 - VNC support
 - SSH tunneling support (for remote-access without port-forwarding, etc.)
-- Basic API for Rpi Actions
 
 #### Planned features:
-
 - Raspberry Pi PXE/network boot support
 - Network connectivity watchdog (configurable ping, etc. timeout)
 - Automatic reboot at specified time
 
 #### Security considerations:
-
 - Autossh does not check SSH host keys. This is okay-ish as long as the target server only allows tunneling, nothing else.
 - nginx/PHP are allowed to use sudo/NOPASSWD (because it needs to query the VideoCore, manage service, etc.), more priviledge seperation would be nice
 - due to the skeleton mechanism, the system has some ... creative permissions. some cleanup required.
 
 ### How-To Use
-
 Like any other Raspberry Pi image: download the current .img file from the [Releases](https://github.com/Manawyrm/AnotterKiosk/releases) page and flash it to a storage device of your choice.  
 SD cards, USB flash drives, USB SSDs, SATA SSDs, NVMe SSDs are all good options.  
 You can use a tool like the [Raspberry Pi Imager](https://www.raspberrypi.com/software/), [BalenaEtcher](https://etcher.balena.io/), [Win32DiskImager](https://sourceforge.net/projects/win32diskimager/) or plain "dd" on \*nix-like systems.   
@@ -60,18 +53,15 @@ Adding your own SSH keys can be done by creating a authorized_keys file.
 If you want to use the autossh tunneling features, copy an SSH private key as either "id_rsa" or "id_ed25519".
 
 ### HTTP watchdog functionality
-
 Browsers are complex, networks are unstable and software can be buggy.   
 In order to get the highest reliability possible, self-hosted websites can be modified to include a heartbeat/watchdog functionality.
 This works by requesting a certain http-endpoint from the website at some interval.   
 If your page is being reloaded often (like with a <meta refresh=-header), you can just load the heartbeat-URL as an image:
-
 ```html
 <img src="http://localhost/heartbeat.php" style="display: none;">
 ```
 
 If your page stays on one page for a long time (or is just a single-page application), you might want to use AJAX requests to send a heartbeat:
-
 ```html
 <script>
 const req = new XMLHttpRequest();
@@ -84,46 +74,6 @@ setInterval(function() {
 
 Whenever the heartbeat stops (for whatever reason), the device will first restart the X11 environment (browser, window manager, etc.) and later (if it hasn't recovered) the whole system by rebooting.
 
-### API
-
-Lightweight HTTP API for controlling and monitoring a Raspberry Pi-based kiosk system. It exposes several endpoints that allow you to query system status, control the display, refresh the screen, and reboot the device — all protected by an API key.
-
-API key will be loaded from `/boot/kioskbrowser.ini`
-
-```ini
-[api]
-key = "My Key"
-```
-
-#### Endpoints
-
-All requests must include a key query parameter matching the API key from the INI file.
-
-`GET /script.php?action=status&key=YOUR_API_KEY`
-Returns system status:
-
-```json
-{
-  "temperature": "temp=48.0'C",
-  "voltage": "volt=1.2000V",
-  "throttled": "throttled=0x0",
-  "heartbeat": "2025-06-09 14:33:12"
- }
-```
-
-`GET /script.php?action=screen_off&key=YOUR_API_KEY`
-Turns off the screen.
-
-`GET /script.php?action=screen_on&key=YOUR_API_KEY`
-Turns on the screen.
-
-`GET /script.php?action=screen_refresh&key=YOUR_API_KEY`
-Starts the screen-refresh.service to refresh the screen.
-
-`GET /script.php?action=reboot&key=YOUR_API_KEY`
-Reboots the Raspberry Pi.
-
 ### Inspiration / Other Kiosk-OSes:
-
 - https://github.com/jareware/chilipie-kiosk/
 - https://github.com/guysoft/FullPageOS

build_raspberry_pi.sh

@@ -7,10 +7,10 @@ SCRIPT_DIR="$(dirname "$(realpath "$0")")"
 BUILD_DIR="${SCRIPT_DIR}/work/root/"
 
 # cleanup any previous build attempts
-sudo umount -fl "${BUILD_DIR}" || true
+umount -fl "${BUILD_DIR}" || true
-sudo losetup -D /dev/loop0 || true
+losetup -D /dev/loop0 || true
-sudo rm -rf "${BUILD_DIR}" || true
+rm -rf "${BUILD_DIR}" || true
-sudo mkdir -p "${BUILD_DIR}"
+mkdir -p "${BUILD_DIR}"
 
 # download a modern RaspiOS build
 if [ ! -f raspios.img.xz ]
@@ -51,7 +51,7 @@ sed -i 's/vfat    defaults/vfat    ro,defaults/g' "${BUILD_DIR}/etc/fstab"
 sed -i 's/ext4    defaults/ext4    ro,defaults/g' "${BUILD_DIR}/etc/fstab"
 
 # Include git repo version info
-echo -n "N-AnotterKiosk Raspberry Pi version: " > "${BUILD_DIR}/version-info"
+echo -n "AnotterKiosk Raspberry Pi version: " > "${BUILD_DIR}/version-info"
 git describe --abbrev=4 --dirty --always --tags >> "${BUILD_DIR}/version-info"
 
 # Mount system partitions (from the build host)
@@ -84,5 +84,5 @@ sudo umount "${BUILD_DIR}"
 sudo losetup -D /dev/loop0
 
 tag=$(git describe --abbrev=4 --dirty --always --tags)
-mv raspikiosk.img n-anotterkiosk-${tag}-arm64-raspberrypi.img
+mv raspikiosk.img anotterkiosk-${tag}-arm64-raspberrypi.img
-pigz -4 n-anotterkiosk-${tag}-arm64-raspberrypi.img
+pigz -4 anotterkiosk-${tag}-arm64-raspberrypi.img

kiosk_skeleton/boot/kioskbrowser.ini

@@ -20,10 +20,6 @@ reboot_time = 04:00
 ; configure chrome to refresh the page every x minutes
 ;refresh_screen_every_x_min=15
 
-[api]
-; apikey to be sent with commands to /api.php
-key = "MyKey"
-
 [wifi]
 ; If you need more complex WiFi settings (like WPA2-Enterprise, hidden SSIDs, etc.)
 ; create a file called wpa_supplicant.conf on this partition.

kiosk_skeleton/var/www/html/api.php

@@ -1,60 +0,0 @@
-<?php
-header('Content-Type: application/json');
-
-// Load API key from INI file
-$iniFile = '/boot/kioskbrowser.ini';
-if (!file_exists($iniFile)) {
-    http_response_code(500);
-    echo json_encode(["error" => "INI file not found"]);
-    exit;
-}
-
-$config = parse_ini_file($iniFile, true);
-$API_KEY = trim($config['api']['key'], "\"'"); // Remove any surrounding quotes
-
-// API key check
-if (!isset($_GET['key']) || $_GET['key'] !== $API_KEY) {
-    http_response_code(403);
-    echo json_encode(["error" => "Forbidden"]);
-    exit;
-}
-
-// Get action
-$action = $_GET['action'] ?? '';
-
-switch ($action) {
-    case 'status':
-        echo json_encode([
-            'temperature' => trim(shell_exec("sudo vcgencmd measure_temp")),
-            'voltage'     => trim(shell_exec("sudo vcgencmd measure_volts")),
-            'throttled'   => trim(shell_exec("sudo vcgencmd get_throttled")),
-            'heartbeat'   => date("Y-m-d H:i:s", filemtime("/dev/shm/heartbeat")),
-        ]);
-        break;
-
-    case 'screen_off':
-        shell_exec("sudo vcgencmd display_power 0");
-        echo json_encode(["message" => "Screen turned off"]);
-        break;
-
-    case 'screen_on':
-        shell_exec("sudo vcgencmd display_power 1");
-        echo json_encode(["message" => "Screen turned on"]);
-        break;
-
-    case 'screen_refresh':
-        shell_exec("sudo systemctl start screen-refresh.service");
-        echo json_encode(["message" => "Screen refreshed"]);
-        break;
-
-    case 'reboot':
-        shell_exec("sudo reboot");
-        echo json_encode(["message" => "Rebooting"]);
-        break;
-
-    default:
-        http_response_code(400);
-        echo json_encode(["error" => "Invalid action"]);
-        break;
-}
-?>