dustin
/
photoframe2
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Compare commits

base: dustin:9ab95e37d2593ccd31681b06c0a6d0ed1082b3ae
Branches Tags
dustin:kiosk
dustin:main
...
compare: dustin:ad37463416735a73d4b9bbdbd19eb72acd61be44
Branches Tags
dustin:kiosk
dustin:main

10 Commits
9ab95e37d2 ... ad37463416

Author SHA1 Message Date
Dustin ad37463416 photoframe: Start photo slide show on idle
dustin/photoframe2/pipeline/pr-main This commit looks good Details 
The `photoframe` script was based on the one used by the original
Buildroot-based photo frame system.  I've split it into two processes,
though: one to listen to the URL stream and download new photos as
instructed by the server, and another to actually display the photos.
Getting `feh` and Firefox to both be fullscreen at the same time was
difficult, and only works if they are on separate Sway workspaces. Thus,
"activating" the slide show means switching to the workspace where `feh`
is and "deactivating" it means switching back to Firefox's workspace.
 2025-01-04 07:30:23 -06:00
Dustin e24a49a627 network: Use MAC address as DHCP client ID 
_systemd-networkd_ uses a randomly-generated ID as the DHCP client
identifier by default.  On Aimee OS, it is not able to persist this ID
between boots; I think it may derive the value from the machine ID.  To
avoid getting a new IP address every boot, we can configure it to use
the MAC address of the device as the DHCP client ID.
 2025-01-04 07:30:23 -06:00
Dustin fa8c0aec6e Update Aimee OS 2025-01-04 07:30:23 -06:00
Dustin 953db28cfd prepare: Never sync Portage repos 
To minimize unexpected changes between builds, I'm going to schedule a
separate task to sync the Portage repositories.  This way, we know that
two runs in a row from the same source will have the same packages,
unless we have specifically updated Portage.
 2025-01-04 07:30:23 -06:00
Dustin 413e76128a overlay: Add authorized SSH keys for root 
Adding my personal keys so I can manage the system remotely.
 2025-01-04 07:30:23 -06:00
Dustin 4b586b70ad kernel: Enable user namespaces for Firefox 
Firefox complains about "security features" not working if this is not
enabled.
 2025-01-04 07:30:23 -06:00
Dustin e21df5effe exclude: Omit systemd-ssh-generator 
This thing is pointless.

Unfortunately, we cannot use Portage's `INSTALL_MASK` feature as it
doesn't work for symbolic links. Since _systemd_ installs symlinks in
`/etc/ssh` that point to files we would mask, those symlinks would point
to nothing, which would cause `sshd` to fail to start as it is unable to
open those files.  Thus, we have to omit these files by excluding them
from the squashfs image.
 2025-01-04 07:30:23 -06:00
Dustin 10b7901d5d kernel: Enable BPF firewall for systemd 
_systemd_ complains if this is not enabled, as it prevents certain
sandbox features from working.
 2025-01-04 07:30:23 -06:00
Dustin 001c471567 kernel/firmware: Support RPi GPU, touchscreen 
Getting the Raspberry Pi 4 GPU and 7-inch Touch Display 2 working was
quite challenging.  Several kernel drivers are needed, beyond the
obvious VC4 and V3D, like voltage regulators and backlight controls.
Even with all the drivers enabled, I still had trouble getting
`/dev/dri/card1` (the display device, as opposed to `/dev/dri/card0`,
the 3D rendering device) to appear until I explicitly enabled the
`vc4-kms-dsi-ili9881-7inch` device tree overlay.  I am not entirely sure
why this is necessary, since `display_auto_detect` supposedly should
have added this overlay automatically.  I am also not sure how it would
work if I wanted to use an HDMI monitor instead of the DSI panel, but
fortunately, for this project, that's not necessary.
 2025-01-04 07:30:23 -06:00
Dustin b08263688b Begin implementing kiosk browser 
This commit introduces the _kiosk.service_ unit, which launches `sway`
to start a Wayland session, which in turn launches Firefox.  The
`policies.json` file configures Firefox in a sort of kiosk mode,
disabling most features and blocking all but the desginated sites.
Unfortunately, running `firefox --kiosk` doesn't actually work: Firefox
apparently runs, but doesn't draw anything on the screen.

Note that we have to launch Firefox by its "real" path, since
`/usr/bin/firefox` is a Bash script, and Bash is not installed.
Fortunately, the wrapper script doesn't do anything we really care
about, so bypassing it is fine.
 2025-01-04 07:30:23 -06:00
17 changed files with 255 additions and 19 deletions
Show Stats Expand all files Collapse all files

2
aimee-os

@ -1 +1 @@
Subproject commit 554063e1f4e316a6d3087a27076e0c6d5a34fca1 Subproject commit b43e8319f4655ccef463100f198e45c30401c27b

14
config.txt
View File

@ -1,12 +1,8 @@
arm_64bit=1 arm_64bit=1
arm_boost=1
start_x=1 start_x=1
bootcode_delay=0
boot_delay=0
gpu_mem=32
kernel=u-boot.bin kernel=u-boot.bin
enable_uart=1 enable_uart=1
@ -14,4 +10,10 @@ dtoverlay=miniuart-bt
dtparam i2c_arm=on dtparam i2c_arm=on
device_tree=bcm2711-rpi-4-b.dtb display_auto_detect=1
dtoverlay=vc4-kms-v3d
dtoverlay=vc4-kms-dsi-ili9881-7inch
max_framebuffers=2
disable_fw_kms_setup=1
disable_overscan=1
dtparam=audio=on

2
customize.sh
View File

@ -15,4 +15,4 @@ fi
passwd -R /mnt/gentoo -d root passwd -R /mnt/gentoo -d root
systemctl --root=/mnt/gentoo enable wpa_supplicant@wlan0 systemctl --root=/mnt/gentoo set-default graphical.target

6
install.packages
View File

@ -1,2 +1,6 @@
net-wireless/wpa_supplicant gui-apps/swayidle
gui-wm/sway
media-gfx/feh
media-video/pipewire media-video/pipewire
net-misc/curl
net-wireless/wpa_supplicant

63
linux.config
View File

@ -45,12 +45,65 @@ CONFIG_IPV6=y
CONFIG_IPV6_SIT=m CONFIG_IPV6_SIT=m
CONFIG_IPV6_SIT_6RD=m CONFIG_IPV6_SIT_6RD=m
CONFIG_INPUT_TOUCHSCREEN=y
CONFIG_TOUCHSCREEN_GOODIX=m
CONFIG_TOUCHSCREEN_EDT_FT5X06=m
CONFIG_TOUCHSCREEN_RASPBERRYPI_FW=m
CONFIG_REGULATOR_RASPBERRYPI_TOUCHSCREEN_ATTINY=m
CONFIG_REGULATOR_RASPBERRYPI_TOUCHSCREEN_V2=m
# CONFIG_MEDIA_CEC_SUPPORT is not set # CONFIG_MEDIA_CEC_SUPPORT is not set
# CONFIG_MEDIA_SUPPORT is not set # CONFIG_MEDIA_SUPPORT is not set
# CONFIG_SOUND is not set CONFIG_DRM=m
# CONFIG_SND is not set CONFIG_DRM_KMS_HELPER=m
# CONFIG_SND_SOC is not set CONFIG_DRM_LOAD_EDID_FIRMWARE=y
CONFIG_DRM_DISPLAY_HELPER=m
CONFIG_DRM_GEM_SHMEM_HELPER=m
CONFIG_DRM_SCHED=m
CONFIG_DRM_PANEL_SIMPLE=m
CONFIG_DRM_PANEL_ILITEK_ILI9806E=m
CONFIG_DRM_PANEL_ILITEK_ILI9881C=m
CONFIG_DRM_PANEL_RASPBERRYPI_TOUCHSCREEN=y
CONFIG_DRM_DISPLAY_CONNECTOR=m
CONFIG_DRM_TOSHIBA_TC358762=m
CONFIG_DRM_SIMPLE_BRIDGE=m
CONFIG_DRM_V3D=m
CONFIG_VC4=m
CONFIG_DRM_VC4_HDMI_CEC=y
CONFIG_DRM_RP1_DSI=m
CONFIG_DRM_RP1_DPI=m
CONFIG_DRM_RP1_VEC=m
CONFIG_DRM_PANEL_ORIENTATION_QUIRKS=m
CONFIG_FB_BCM2708=y
CONFIG_FB_SIMPLE=y
CONFIG_FB_SSD1307=m
CONFIG_FB_RPISENSE=m
CONFIG_FB_CFB_FILLRECT=y
CONFIG_FB_CFB_COPYAREA=y
CONFIG_FB_CFB_IMAGEBLIT=y
CONFIG_FB_IOMEM_HELPERS=y
CONFIG_FB_BACKLIGHT=m
CONFIG_BACKLIGHT_CLASS_DEVICE=m
CONFIG_BACKLIGHT_PWM=m
CONFIG_BACKLIGHT_RPI=m
CONFIG_BACKLIGHT_LM3630A=m
CONFIG_BACKLIGHT_GPIO=m
CONFIG_FRAMEBUFFER_CONSOLE_ROTATION=y
CONFIG_BCM_VC_SM_CMA=m
CONFIG_SOUND=y
CONFIG_SND=m
# CONFIG_SND_PCM_TIMER is not set
# CONFIG_SND_SUPPORT_OLD_API is not set
# CONFIG_SND_PROC_FS is not set
# CONFIG_SND_CTL_FAST_LOOKUP is not set
# CONFIG_SND_DRIVERS is not set
# CONFIG_SND_PCI is not set
# CONFIG_SND_SPI is not set
# CONFIG_SND_USB is not set
CONFIG_SND_SOC=m
CONFIG_SND_BCM2835_SOC_I2S=m
CONFIG_AUDIT=y CONFIG_AUDIT=y
CONFIG_SECURITY=y CONFIG_SECURITY=y
@ -59,11 +112,15 @@ CONFIG_SECURITY_SELINUX=y
CONFIG_DEFAULT_SECURITY_SELINUX=y CONFIG_DEFAULT_SECURITY_SELINUX=y
# DEFAULT_SECURITY_DAC is not set # DEFAULT_SECURITY_DAC is not set
CONFIG_BPF_SYSCALL=y
CONFIG_POSIX_MQUEUE=y CONFIG_POSIX_MQUEUE=y
CONFIG_MEMCG=y CONFIG_MEMCG=y
CONFIG_CGROUP_PIDS=y CONFIG_CGROUP_PIDS=y
CONFIG_CGROUP_BPF=y
CONFIG_BLK_CGROUP=y CONFIG_BLK_CGROUP=y
CONFIG_USER_NS=y
CONFIG_I2C_HID_OF_GOODIX=m
CONFIG_USB_DWC2=m CONFIG_USB_DWC2=m
CONFIG_USB_DWC2_PCI=m CONFIG_USB_DWC2_PCI=m
CONFIG_USB_ACM=m CONFIG_USB_ACM=m

57
overlay/etc/firefox/policies/policies.json Normal file
View File

@ -0,0 +1,57 @@
{
"policies": {
"BlockAboutAddons": true,
"BlockAboutConfig": true,
"BlockAboutProfiles": true,
"CaptivePortal": false,
"DisableDeveloperTools": true,
"DisableFeedbackCommands": true,
"DisableFirefoxScreenshots": true,
"DisableFirefoxSutudies": true,
"DisableFormHistory": true,
"DisableMasterPasswordCreation": true,
"DisablePasswordReveal": true,
"DisablePocket": true,
"DisablePrivateBrowsing": true,
"DisableProfileImport": true,
"DisableProfileRefresh": true,
"DisableSecurityBypass": true,
"DisableSetDesktopBackground": true,
"DNSOverHTTPS": {
"Enabled": false,
"Locked": true
},
"DontCheckDefaultBrowser": true,
"Homepage": {
"URL": "https://homeassistant.pyrocufflink.blue/",
"Locked": true,
"StartPage": "homepage-locked"
},
"NewTabPage": false,
"NoDefaultBookmarks": true,
"OfferToSaveLogins": false,
"OverrideFirstRunPage": "",
"OverridePostUpdatePage": "",
"PasswordManagerEnabled": false,
"Preferences": {
"browser.sessionstore.resume_from_crash": {
"Value": false
},
"browser.startup.couldRestoreSession.count": {
"Value": -1
},
"datareporting.policy.dataSubmissionPolicyBypassNotification": {
"Value": true
},
"extensions.activeThemeID": {
"Value": "firefox-compact-dark@mozilla.org"
}
},
"WebsiteFilter": {
"Block": ["<all_urls>"],
"Exceptions": [
"https://*.pyrocufflink.blue/*"
]
}
}
}

7
overlay/etc/pam.d/kiosk Normal file
View File

@ -0,0 +1,7 @@
account required pam_localuser.so
session optional pam_loginuid.so
session required pam_env.so envfile=/etc/profile.env
session required pam_limits.so
session required pam_env.so
session required pam_systemd.so

19
overlay/etc/sway/kiosk.conf Normal file
View File

@ -0,0 +1,19 @@
# vim: set ft=swayconfig :
output DSI-1 resolution 720x1280 transform 90
input * {
map_to_output DSI-1
}
exec /usr/lib64/firefox/firefox
exec /usr/bin/photoframe stream
exec swayidle -w \
timeout 120 'photoframe show' resume 'photoframe hide'
for_window [title="Mozilla Firefox"] fullscreen
for_window [class="photoframe"] fullscreen
assign [title="Mozilla Firefox"] 1
assign [class="photoframe"] 2

1
overlay/etc/systemd/network/95-default.network
View File

@ -5,6 +5,7 @@ Type=ether wlan
DHCP=yes DHCP=yes
[DHCPv4] [DHCPv4]
ClientIdentifier=mac
UseDomains=yes UseDomains=yes
[DHCPv6] [DHCPv6]

4
overlay/root/.ssh/authorized_keys Normal file
View File

@ -0,0 +1,4 @@
sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINZCN2cxMDwedJ1Ke23Z3CZRcOYjqW8fFqsooRus7RK0AAAABHNzaDo= dustin@rosalina.p
yrocufflink.blue
sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAB6xTCSNz+AcQCWcyVKs84tThXN4wpLgCo2Lc48L6EsAAAABHNzaDo= dustin@luma.pyroc
ufflink.blue

46
overlay/usr/bin/photoframe Executable file
View File

@ -0,0 +1,46 @@
#!/bin/sh
photoframe_hide() {
swaymsg 'workspace 1'
}
photoframe_show() {
# Run on a separate workspace so Firefox can stay fullscreen, too
swaymsg 'workspace 2'
if [ -f /tmp/photoframe.pid ]; then
# feh is already running
return 0
fi
if [ ! -f /tmp/photoframe-current ]; then
cp /usr/share/feh/images/feh.png /tmp/photoframe-current
fi
feh -FZ --draw-exif --class photoframe /tmp/photoframe-current &
# Wait for the feh window to actually appear ...
swaymsg -t subscribe '["window"]'
# Sometimes, Sway's `for_window ... fullscreen` doesn't work?
swaymsg fullscreen
echo $! > /tmp/photoframe.pid
}
photoframe_stream() {
while :; do
curl -NsS https://photos.pyrocufflink.blue/stream |
while read url; do
curl -fsL -o /tmp/photoframe-next "${url}" || continue
mv /tmp/photoframe-next /tmp/photoframe-current
done
sleep 30
done
}
case $1 in
show)
photoframe_show
;;
hide)
photoframe_hide
;;
stream)
photoframe_stream
;;
esac

3
overlay/usr/lib/systemd/system-preset/70-kiosk.preset Normal file
View File

@ -0,0 +1,3 @@
enable wpa_supplicant@.service wlan0
enable kiosk.service

31
overlay/usr/lib/systemd/system/kiosk.service Normal file
View File

@ -0,0 +1,31 @@
[Unit]
After=systemd-user-sessions.service plymouth-quit-wait.service
Before=graphical.target
ConditionPathExists=/dev/tty1
Wants=dbus.socket systemd-logind.service
After=dbus.socket systemd-logind.service
Conflicts=getty@tty1.service
After=getty@tty1.service
Wants=time-sync.target
After=time-sync.target
[Service]
StateDirectory=%N
CacheDirectory=%N
Environment=XDG_CACHE_HOME=%C/%N
ExecStart=/usr/bin/sway -c /etc/sway/kiosk.conf
User=kiosk
StandardInput=tty
StandardOutput=tty
StandardError=journal
TTYPath=/dev/tty1
TTYReset=yes
TTYVHangup=yes
TTYVTDisallocate=yes
PAMName=kiosk
UtmpMode=user
UtmpIdentifier=tty1
[Install]
WantedBy=graphical.target
Alias=display-manager.service

2
overlay/usr/lib/sysusers.d/kiosk.conf Normal file
View File

@ -0,0 +1,2 @@
g kiosk -
u kiosk - "Kiosk User" /var/lib/kiosk /bin/sh

5
portage/package.use/photoframe Normal file
View File

@ -0,0 +1,5 @@
gui-apps/swayidle -systemd
gui-libs/wlroots X
gui-wm/sway X
media-gfx/feh exif inotify
net-misc/curl -alt-svc -ftp -hsts -http3 -imap -pop3 -progress-meter -psl -quic -smtp -tftp -websockets -adns -http2 CURL_QUIC: -*

7
prepare.sh
View File

@ -2,13 +2,6 @@
. "${CONFIGDIR:=${PWD}}"/config . "${CONFIGDIR:=${PWD}}"/config
if [ ! -f /var/db/repos/gentoo/metadata/timestamp ]; then
emerge-webrsync
fi
if [ "$(find /var/db/repos/gentoo/metadata -newermt '-24 hours' | wc -l)" -eq 0 ]; then
emaint sync
fi
mkdir -p /etc/portage/package.use mkdir -p /etc/portage/package.use
mkdir -p /etc/portage/make.conf mkdir -p /etc/portage/make.conf
echo 'virtual/libudev systemd' >> /etc/portage/package.use/systemd echo 'virtual/libudev systemd' >> /etc/portage/package.use/systemd

5
squashfs.exclude Normal file
View File

@ -0,0 +1,5 @@
etc/ssh/ssh_config.d/20-systemd-ssh-proxy.conf
etc/ssh/sshd_config.d/20-systemd-userdb.conf
usr/lib/systemd/ssh_config.d
usr/lib/systemd/sshd_config.d
usr/lib/systemd/system-generators/systemd-ssh-generator