network: Use MAC address as DHCP client ID

_systemd-networkd_ uses a randomly-generated ID as the DHCP client
identifier by default.  On Aimee OS, it is not able to persist this ID
between boots; I think it may derive the value from the machine ID.  To
avoid getting a new IP address every boot, we can configure it to use
the MAC address of the device as the DHCP client ID.

aimee-os

@@ -1 +1 @@
-Subproject commit 554063e1f4e316a6d3087a27076e0c6d5a34fca1
+Subproject commit b43e8319f4655ccef463100f198e45c30401c27b

config.txt

@@ -1,12 +1,8 @@
 arm_64bit=1
+arm_boost=1
 
 start_x=1
 
-bootcode_delay=0
-boot_delay=0
-
-gpu_mem=32
-
 kernel=u-boot.bin
 
 enable_uart=1
@@ -14,4 +10,10 @@ dtoverlay=miniuart-bt
 
 dtparam i2c_arm=on
 
-device_tree=bcm2711-rpi-4-b.dtb
+display_auto_detect=1
+dtoverlay=vc4-kms-v3d
+dtoverlay=vc4-kms-dsi-ili9881-7inch
+max_framebuffers=2
+disable_fw_kms_setup=1
+disable_overscan=1
+dtparam=audio=on

customize.sh

@@ -15,4 +15,4 @@ fi
 
 passwd -R /mnt/gentoo -d root
 
-systemctl --root=/mnt/gentoo enable wpa_supplicant@wlan0
+systemctl --root=/mnt/gentoo set-default graphical.target

install.packages

@@ -1,2 +1,3 @@
+gui-wm/sway
 net-wireless/wpa_supplicant
 media-video/pipewire

linux.config

@@ -45,12 +45,65 @@ CONFIG_IPV6=y
 CONFIG_IPV6_SIT=m
 CONFIG_IPV6_SIT_6RD=m
 
+CONFIG_INPUT_TOUCHSCREEN=y
+CONFIG_TOUCHSCREEN_GOODIX=m
+CONFIG_TOUCHSCREEN_EDT_FT5X06=m
+CONFIG_TOUCHSCREEN_RASPBERRYPI_FW=m
+
+CONFIG_REGULATOR_RASPBERRYPI_TOUCHSCREEN_ATTINY=m
+CONFIG_REGULATOR_RASPBERRYPI_TOUCHSCREEN_V2=m
 # CONFIG_MEDIA_CEC_SUPPORT is not set
 # CONFIG_MEDIA_SUPPORT is not set
 
-# CONFIG_SOUND is not set
-# CONFIG_SND is not set
-# CONFIG_SND_SOC is not set
+CONFIG_DRM=m
+CONFIG_DRM_KMS_HELPER=m
+CONFIG_DRM_LOAD_EDID_FIRMWARE=y
+CONFIG_DRM_DISPLAY_HELPER=m
+CONFIG_DRM_GEM_SHMEM_HELPER=m
+CONFIG_DRM_SCHED=m
+CONFIG_DRM_PANEL_SIMPLE=m
+CONFIG_DRM_PANEL_ILITEK_ILI9806E=m
+CONFIG_DRM_PANEL_ILITEK_ILI9881C=m
+CONFIG_DRM_PANEL_RASPBERRYPI_TOUCHSCREEN=y
+CONFIG_DRM_DISPLAY_CONNECTOR=m
+CONFIG_DRM_TOSHIBA_TC358762=m
+CONFIG_DRM_SIMPLE_BRIDGE=m
+CONFIG_DRM_V3D=m
+CONFIG_VC4=m
+CONFIG_DRM_VC4_HDMI_CEC=y
+CONFIG_DRM_RP1_DSI=m
+CONFIG_DRM_RP1_DPI=m
+CONFIG_DRM_RP1_VEC=m
+CONFIG_DRM_PANEL_ORIENTATION_QUIRKS=m
+CONFIG_FB_BCM2708=y
+CONFIG_FB_SIMPLE=y
+CONFIG_FB_SSD1307=m
+CONFIG_FB_RPISENSE=m
+CONFIG_FB_CFB_FILLRECT=y
+CONFIG_FB_CFB_COPYAREA=y
+CONFIG_FB_CFB_IMAGEBLIT=y
+CONFIG_FB_IOMEM_HELPERS=y
+CONFIG_FB_BACKLIGHT=m
+CONFIG_BACKLIGHT_CLASS_DEVICE=m
+CONFIG_BACKLIGHT_PWM=m
+CONFIG_BACKLIGHT_RPI=m
+CONFIG_BACKLIGHT_LM3630A=m
+CONFIG_BACKLIGHT_GPIO=m
+CONFIG_FRAMEBUFFER_CONSOLE_ROTATION=y
+CONFIG_BCM_VC_SM_CMA=m
+
+CONFIG_SOUND=y
+CONFIG_SND=m
+# CONFIG_SND_PCM_TIMER is not set
+# CONFIG_SND_SUPPORT_OLD_API is not set
+# CONFIG_SND_PROC_FS is not set
+# CONFIG_SND_CTL_FAST_LOOKUP is not set
+# CONFIG_SND_DRIVERS is not set
+# CONFIG_SND_PCI is not set
+# CONFIG_SND_SPI is not set
+# CONFIG_SND_USB is not set
+CONFIG_SND_SOC=m
+CONFIG_SND_BCM2835_SOC_I2S=m
 
 CONFIG_AUDIT=y
 CONFIG_SECURITY=y
@@ -59,11 +112,15 @@ CONFIG_SECURITY_SELINUX=y
 CONFIG_DEFAULT_SECURITY_SELINUX=y
 # DEFAULT_SECURITY_DAC is not set
 
+CONFIG_BPF_SYSCALL=y
 CONFIG_POSIX_MQUEUE=y
 CONFIG_MEMCG=y
 CONFIG_CGROUP_PIDS=y
+CONFIG_CGROUP_BPF=y
 CONFIG_BLK_CGROUP=y
+CONFIG_USER_NS=y
 
+CONFIG_I2C_HID_OF_GOODIX=m
 CONFIG_USB_DWC2=m
 CONFIG_USB_DWC2_PCI=m
 CONFIG_USB_ACM=m

overlay/etc/firefox/policies/policies.json

@@ -0,0 +1,57 @@
+{
+  "policies": {
+    "BlockAboutAddons": true,
+    "BlockAboutConfig": true,
+    "BlockAboutProfiles": true,
+    "CaptivePortal": false,
+    "DisableDeveloperTools": true,
+    "DisableFeedbackCommands": true,
+    "DisableFirefoxScreenshots": true,
+    "DisableFirefoxSutudies": true,
+    "DisableFormHistory": true,
+    "DisableMasterPasswordCreation": true,
+    "DisablePasswordReveal": true,
+    "DisablePocket": true,
+    "DisablePrivateBrowsing": true,
+    "DisableProfileImport": true,
+    "DisableProfileRefresh": true,
+    "DisableSecurityBypass": true,
+    "DisableSetDesktopBackground": true,
+    "DNSOverHTTPS": {
+      "Enabled": false,
+      "Locked": true
+    },
+    "DontCheckDefaultBrowser": true,
+    "Homepage": {
+      "URL": "https://homeassistant.pyrocufflink.blue/dashboard-rosalina",
+      "Locked": true,
+      "StartPage": "homepage-locked"
+    },
+    "NewTabPage": false,
+    "NoDefaultBookmarks": true,
+    "OfferToSaveLogins": false,
+    "OverrideFirstRunPage": "",
+    "OverridePostUpdatePage": "",
+    "PasswordManagerEnabled": false,
+    "Preferences": {
+      "browser.sessionstore.resume_from_crash": {
+        "Value": false
+      },
+      "browser.startup.couldRestoreSession.cound": {
+        "Value": -1
+      },
+      "datareporting.policy.dataSubmissionPolicyBypassNotification": {
+        "Value": true
+      },
+      "extensions.activeThemeID": {
+        "Value": "firefox-compact-dark@mozilla.org"
+      }
+    },
+    "WebsiteFilter": {
+      "Block": ["<all_urls>"],
+      "Exceptions": [
+        "https://*.pyrocufflink.blue/*"
+      ]
+    }
+  }
+}

overlay/etc/pam.d/kiosk

@@ -0,0 +1,7 @@
+account required pam_localuser.so
+
+session optional pam_loginuid.so
+session required pam_env.so envfile=/etc/profile.env
+session required pam_limits.so
+session required pam_env.so
+session required pam_systemd.so

overlay/etc/sway/kiosk.conf

@@ -0,0 +1,14 @@
+# vim: set ft=swayconfig :
+
+output DSI-1 resolution 720x1280 transform 90
+
+input * {
+    map_to_output DSI-1
+}
+
+exec gsettings set org.gnome.desktop.interface gtk-theme Adwaita-dark
+exec gsettings set org.gnome.desktop.interface color-scheme prefer-dark
+
+exec /usr/lib64/firefox/firefox
+
+for_window [title="Mozilla Firefox"] fullscreen

overlay/etc/systemd/network/95-default.network

@@ -5,6 +5,7 @@ Type=ether wlan
 DHCP=yes
 
 [DHCPv4]
+ClientIdentifier=mac
 UseDomains=yes
 
 [DHCPv6]

overlay/root/.ssh/authorized_keys

@@ -0,0 +1,4 @@
+sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINZCN2cxMDwedJ1Ke23Z3CZRcOYjqW8fFqsooRus7RK0AAAABHNzaDo= dustin@rosalina.p
+yrocufflink.blue
+sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAB6xTCSNz+AcQCWcyVKs84tThXN4wpLgCo2Lc48L6EsAAAABHNzaDo= dustin@luma.pyroc
+ufflink.blue

overlay/usr/lib/systemd/system-preset/70-kiosk.preset

@@ -0,0 +1,3 @@
+enable wpa_supplicant@.service wlan0
+
+enable kiosk.service

overlay/usr/lib/systemd/system/kiosk.service

@@ -0,0 +1,31 @@
+[Unit]
+After=systemd-user-sessions.service plymouth-quit-wait.service
+Before=graphical.target
+ConditionPathExists=/dev/tty1
+Wants=dbus.socket systemd-logind.service
+After=dbus.socket systemd-logind.service
+Conflicts=getty@tty1.service
+After=getty@tty1.service
+Wants=time-sync.target
+After=time-sync.target
+
+[Service]
+StateDirectory=%N
+CacheDirectory=%N
+Environment=XDG_CACHE_HOME=%C/%N
+ExecStart=/usr/bin/sway -c /etc/sway/kiosk.conf
+User=kiosk
+StandardInput=tty
+StandardOutput=tty
+StandardError=journal
+TTYPath=/dev/tty1
+TTYReset=yes
+TTYVHangup=yes
+TTYVTDisallocate=yes
+PAMName=kiosk
+UtmpMode=user
+UtmpIdentifier=tty1
+
+[Install]
+WantedBy=graphical.target
+Alias=display-manager.service

overlay/usr/lib/sysusers.d/kiosk.conf

@@ -0,0 +1,2 @@
+g kiosk -
+u kiosk - "Kiosk User" /var/lib/kiosk /bin/sh

prepare.sh

@@ -2,13 +2,6 @@
 
 . "${CONFIGDIR:=${PWD}}"/config
 
-if [ ! -f /var/db/repos/gentoo/metadata/timestamp ]; then
-    emerge-webrsync
-fi
-if [ "$(find /var/db/repos/gentoo/metadata -newermt '-24 hours' | wc -l)" -eq 0 ]; then
-    emaint sync
-fi
-
 mkdir -p /etc/portage/package.use
 mkdir -p /etc/portage/make.conf
 echo 'virtual/libudev systemd' >> /etc/portage/package.use/systemd

squashfs.exclude

@@ -0,0 +1,5 @@
+etc/ssh/ssh_config.d/20-systemd-ssh-proxy.conf
+etc/ssh/sshd_config.d/20-systemd-userdb.conf
+usr/lib/systemd/ssh_config.d
+usr/lib/systemd/sshd_config.d
+usr/lib/systemd/system-generators/systemd-ssh-generator