dustin/photoframe2
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Compare commits

base: dustin:9ab95e37d2593ccd31681b06c0a6d0ed1082b3ae
Branches Tags
dustin:main dustin:kiosk
..
compare: dustin:43e1df1a936bb32577db5902a1f30293376a6c10
Branches Tags
dustin:kiosk dustin:main

8 Commits
9ab95e37d2 ... 43e1df1a93

Author SHA1 Message Date
Dustin C. Hatch
43e1df1a93 Update Aimee OS
All checks were successful
dustin/photoframe2/pipeline/pr-main This commit looks good
Details
2025-01-02 13:15:42 -06:00
Dustin C. Hatch
c0158d134d prepare: Never sync Portage repos 
To minimize unexpected changes between builds, I'm going to schedule a
separate task to sync the Portage repositories.  This way, we know that
two runs in a row from the same source will have the same packages,
unless we have specifically updated Portage.
 2025-01-02 13:15:29 -06:00
Dustin C. Hatch
bab1684198 overlay: Add authorized SSH keys for root 
Adding my personal keys so I can manage the system remotely.
 2025-01-02 13:15:29 -06:00
Dustin C. Hatch
ddf7626283 kernel: Enable user namespaces for Firefox 
Firefox complains about "security features" not working if this is not
enabled.
 2025-01-02 13:15:29 -06:00
Dustin C. Hatch
61f254b594 exclude: Omit systemd-ssh-generator 
This thing is pointless.

Unfortunately, we cannot use Portage's `INSTALL_MASK` feature as it
doesn't work for symbolic links. Since _systemd_ installs symlinks in
`/etc/ssh` that point to files we would mask, those symlinks would point
to nothing, which would cause `sshd` to fail to start as it is unable to
open those files.  Thus, we have to omit these files by excluding them
from the squashfs image.
 2025-01-02 13:15:29 -06:00
Dustin C. Hatch
dd89e700b0 kernel: Enable BPF firewall for systemd 
_systemd_ complains if this is not enabled, as it prevents certain
sandbox features from working.
 2025-01-02 13:15:29 -06:00
Dustin C. Hatch
6212c04f6b kernel/firmware: Support RPi GPU, touchscreen 
Getting the Raspberry Pi 4 GPU and 7-inch Touch Display 2 working was
quite challenging.  Several kernel drivers are needed, beyond the
obvious VC4 and V3D, like voltage regulators and backlight controls.
Even with all the drivers enabled, I still had trouble getting
`/dev/dri/card1` (the display device, as opposed to `/dev/dri/card0`,
the 3D rendering device) to appear until I explicitly enabled the
`vc4-kms-dsi-ili9881-7inch` device tree overlay.  I am not entirely sure
why this is necessary, since `display_auto_detect` supposedly should
have added this overlay automatically.  I am also not sure how it would
work if I wanted to use an HDMI monitor instead of the DSI panel, but
fortunately, for this project, that's not necessary.
 2025-01-02 13:15:29 -06:00
Dustin C. Hatch
b3fa910a6a Begin implementing kiosk browser 
This commit introduces the _kiosk.service_ unit, which launches `sway`
to start a Wayland session, which in turn launches Firefox.  The
`policies.json` file configures Firefox in a sort of kiosk mode,
disabling most features and blocking all but the desginated sites.
Unfortunately, running `firefox --kiosk` doesn't actually work: Firefox
apparently runs, but doesn't draw anything on the screen.

Note that we have to launch Firefox by its "real" path, since
`/usr/bin/firefox` is a Bash script, and Bash is not installed.
Fortunately, the wrapper script doesn't do anything we really care
about, so bypassing it is fine.
 2025-01-02 12:59:57 -06:00
2 changed files with 0 additions and 4 deletions
Expand all files Collapse all files

3
overlay/etc/firefox/policies/policies.json
View File

@@ -37,9 +37,6 @@
"browser.sessionstore.resume_from_crash": { "browser.sessionstore.resume_from_crash": {
"Value": false "Value": false
}, },
"browser.startup.couldRestoreSession.cound": {
"Value": -1
},
"datareporting.policy.dataSubmissionPolicyBypassNotification": { "datareporting.policy.dataSubmissionPolicyBypassNotification": {
"Value": true "Value": true
}, },

1
overlay/etc/systemd/network/95-default.network
View File

@@ -5,7 +5,6 @@ Type=ether wlan
DHCP=yes DHCP=yes
[DHCPv4] [DHCPv4]
ClientIdentifier=mac
UseDomains=yes UseDomains=yes
[DHCPv6] [DHCPv6]