From b08263688b2b3e2da4764ad4c5fc794c9607e26b Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Sun, 29 Dec 2024 20:28:06 -0600 Subject: [PATCH] Begin implementing kiosk browser This commit introduces the _kiosk.service_ unit, which launches `sway` to start a Wayland session, which in turn launches Firefox. The `policies.json` file configures Firefox in a sort of kiosk mode, disabling most features and blocking all but the desginated sites. Unfortunately, running `firefox --kiosk` doesn't actually work: Firefox apparently runs, but doesn't draw anything on the screen. Note that we have to launch Firefox by its "real" path, since `/usr/bin/firefox` is a Bash script, and Bash is not installed. Fortunately, the wrapper script doesn't do anything we really care about, so bypassing it is fine. --- aimee-os | 2 +- customize.sh | 2 +- install.packages | 1 + overlay/etc/firefox/policies/policies.json | 57 +++++++++++++++++++ overlay/etc/pam.d/kiosk | 7 +++ overlay/etc/sway/kiosk.conf | 11 ++++ .../lib/systemd/system-preset/70-kiosk.preset | 3 + overlay/usr/lib/systemd/system/kiosk.service | 31 ++++++++++ overlay/usr/lib/sysusers.d/kiosk.conf | 2 + 9 files changed, 114 insertions(+), 2 deletions(-) create mode 100644 overlay/etc/firefox/policies/policies.json create mode 100644 overlay/etc/pam.d/kiosk create mode 100644 overlay/etc/sway/kiosk.conf create mode 100644 overlay/usr/lib/systemd/system-preset/70-kiosk.preset create mode 100644 overlay/usr/lib/systemd/system/kiosk.service create mode 100644 overlay/usr/lib/sysusers.d/kiosk.conf diff --git a/aimee-os b/aimee-os index 554063e..c30da6a 160000 --- a/aimee-os +++ b/aimee-os @@ -1 +1 @@ -Subproject commit 554063e1f4e316a6d3087a27076e0c6d5a34fca1 +Subproject commit c30da6a5ff0d2f9fade417e91b083d7b483f0984 diff --git a/customize.sh b/customize.sh index c27ae19..447106c 100755 --- a/customize.sh +++ b/customize.sh @@ -15,4 +15,4 @@ fi passwd -R /mnt/gentoo -d root -systemctl --root=/mnt/gentoo enable wpa_supplicant@wlan0 +systemctl --root=/mnt/gentoo set-default graphical.target diff --git a/install.packages b/install.packages index 7998e21..1c92159 100644 --- a/install.packages +++ b/install.packages @@ -1,2 +1,3 @@ +gui-wm/sway net-wireless/wpa_supplicant media-video/pipewire diff --git a/overlay/etc/firefox/policies/policies.json b/overlay/etc/firefox/policies/policies.json new file mode 100644 index 0000000..a1aeb90 --- /dev/null +++ b/overlay/etc/firefox/policies/policies.json @@ -0,0 +1,57 @@ +{ + "policies": { + "BlockAboutAddons": true, + "BlockAboutConfig": true, + "BlockAboutProfiles": true, + "CaptivePortal": false, + "DisableDeveloperTools": true, + "DisableFeedbackCommands": true, + "DisableFirefoxScreenshots": true, + "DisableFirefoxSutudies": true, + "DisableFormHistory": true, + "DisableMasterPasswordCreation": true, + "DisablePasswordReveal": true, + "DisablePocket": true, + "DisablePrivateBrowsing": true, + "DisableProfileImport": true, + "DisableProfileRefresh": true, + "DisableSecurityBypass": true, + "DisableSetDesktopBackground": true, + "DNSOverHTTPS": { + "Enabled": false, + "Locked": true + }, + "DontCheckDefaultBrowser": true, + "Homepage": { + "URL": "https://homeassistant.pyrocufflink.blue/", + "Locked": true, + "StartPage": "homepage-locked" + }, + "NewTabPage": false, + "NoDefaultBookmarks": true, + "OfferToSaveLogins": false, + "OverrideFirstRunPage": "", + "OverridePostUpdatePage": "", + "PasswordManagerEnabled": false, + "Preferences": { + "browser.sessionstore.resume_from_crash": { + "Value": false + }, + "browser.startup.couldRestoreSession.count": { + "Value": -1 + }, + "datareporting.policy.dataSubmissionPolicyBypassNotification": { + "Value": true + }, + "extensions.activeThemeID": { + "Value": "firefox-compact-dark@mozilla.org" + } + }, + "WebsiteFilter": { + "Block": [""], + "Exceptions": [ + "https://*.pyrocufflink.blue/*" + ] + } + } +} diff --git a/overlay/etc/pam.d/kiosk b/overlay/etc/pam.d/kiosk new file mode 100644 index 0000000..e36c548 --- /dev/null +++ b/overlay/etc/pam.d/kiosk @@ -0,0 +1,7 @@ +account required pam_localuser.so + +session optional pam_loginuid.so +session required pam_env.so envfile=/etc/profile.env +session required pam_limits.so +session required pam_env.so +session required pam_systemd.so diff --git a/overlay/etc/sway/kiosk.conf b/overlay/etc/sway/kiosk.conf new file mode 100644 index 0000000..590fdde --- /dev/null +++ b/overlay/etc/sway/kiosk.conf @@ -0,0 +1,11 @@ +# vim: set ft=swayconfig : + +output DSI-1 resolution 720x1280 transform 90 + +input * { + map_to_output DSI-1 +} + +exec /usr/lib64/firefox/firefox + +for_window [title="Mozilla Firefox"] fullscreen diff --git a/overlay/usr/lib/systemd/system-preset/70-kiosk.preset b/overlay/usr/lib/systemd/system-preset/70-kiosk.preset new file mode 100644 index 0000000..8d571ce --- /dev/null +++ b/overlay/usr/lib/systemd/system-preset/70-kiosk.preset @@ -0,0 +1,3 @@ +enable wpa_supplicant@.service wlan0 + +enable kiosk.service diff --git a/overlay/usr/lib/systemd/system/kiosk.service b/overlay/usr/lib/systemd/system/kiosk.service new file mode 100644 index 0000000..3eaf046 --- /dev/null +++ b/overlay/usr/lib/systemd/system/kiosk.service @@ -0,0 +1,31 @@ +[Unit] +After=systemd-user-sessions.service plymouth-quit-wait.service +Before=graphical.target +ConditionPathExists=/dev/tty1 +Wants=dbus.socket systemd-logind.service +After=dbus.socket systemd-logind.service +Conflicts=getty@tty1.service +After=getty@tty1.service +Wants=time-sync.target +After=time-sync.target + +[Service] +StateDirectory=%N +CacheDirectory=%N +Environment=XDG_CACHE_HOME=%C/%N +ExecStart=/usr/bin/sway -c /etc/sway/kiosk.conf +User=kiosk +StandardInput=tty +StandardOutput=tty +StandardError=journal +TTYPath=/dev/tty1 +TTYReset=yes +TTYVHangup=yes +TTYVTDisallocate=yes +PAMName=kiosk +UtmpMode=user +UtmpIdentifier=tty1 + +[Install] +WantedBy=graphical.target +Alias=display-manager.service diff --git a/overlay/usr/lib/sysusers.d/kiosk.conf b/overlay/usr/lib/sysusers.d/kiosk.conf new file mode 100644 index 0000000..6cfac69 --- /dev/null +++ b/overlay/usr/lib/sysusers.d/kiosk.conf @@ -0,0 +1,2 @@ +g kiosk - +u kiosk - "Kiosk User" /var/lib/kiosk /bin/sh