diff --git a/setup-signage.sh b/setup-signage.sh index 6d0ee9c..a355aee 100644 --- a/setup-signage.sh +++ b/setup-signage.sh @@ -15,7 +15,7 @@ SIGNAGE_USER="signage" # The script will create a ~/.profile for the SIGNAGE_USER # where this variable can be set. # For better security, leave it blank here and edit ~/.profile manually after setup. -WAYVNC_PASSWORD_TO_SET="" # Example: "burek123" +WAYVNC_PASSWORD_TO_SET="" # Example: "your_secure_password" WAYVNC_LISTEN_ADDRESS="0.0.0.0" # Listen on all interfaces WAYVNC_PORT="5900" # Default VNC port # --- End Configuration --- @@ -83,7 +83,8 @@ apk add \ linux-firmware \ greetd \ greetd-agreety \ - wayvnc + wayvnc \ + open-vm-tools # open-vm-tools-desktop has been removed echo "-------------------------------------" # 6. Enable & Start D-Bus service @@ -98,9 +99,11 @@ echo "-------------------------------------" # 7. Enable & Start open-vm-tools service (if installed) echo "[Step 6/13] Enabling and starting open-vm-tools service..." -if rc-service open-vm-tools status > /dev/null 2>&1 || apk info open-vm-tools >/dev/null 2>&1; then +if apk info --installed open-vm-tools > /dev/null 2>&1; then if ! rc-service open-vm-tools status > /dev/null 2>&1; then + echo "Enabling open-vm-tools service..." rc-update add open-vm-tools default + echo "Starting open-vm-tools service..." rc-service open-vm-tools start else echo "open-vm-tools service already running or enabled." @@ -110,21 +113,51 @@ else fi echo "-------------------------------------" -# 8. Create the signage user -echo "[Step 7/13] Creating signage user '$SIGNAGE_USER'..." +# 8. Create the signage user and add to necessary groups +echo "[Step 7/13] Creating signage user '$SIGNAGE_USER' and configuring groups..." if ! id -u "$SIGNAGE_USER" >/dev/null 2>&1; then - echo "Creating group '$SIGNAGE_USER'..." - addgroup "$SIGNAGE_USER" + echo "Creating group '$SIGNAGE_USER' (for primary group)..." + addgroup "$SIGNAGE_USER" # Ensure primary group exists echo "Creating user '$SIGNAGE_USER' with shell /bin/sh..." + # -D: no password, don't expire + # -G group: add user to primary group 'group'. Uses existing or creates if not. adduser -D -G "$SIGNAGE_USER" -s /bin/sh -h "/home/$SIGNAGE_USER" "$SIGNAGE_USER" - echo "User '$SIGNAGE_USER' created." + + echo "Adding user '$SIGNAGE_USER' to 'video' supplementary group..." + addgroup "$SIGNAGE_USER" video + echo "Adding user '$SIGNAGE_USER' to 'input' supplementary group..." + addgroup "$SIGNAGE_USER" input + echo "User '$SIGNAGE_USER' created and added to video/input groups." else - echo "User '$SIGNAGE_USER' already exists. Ensuring shell is /bin/sh..." + echo "User '$SIGNAGE_USER' already exists. Ensuring shell is /bin/sh and group memberships..." usermod -s /bin/sh "$SIGNAGE_USER" + + # Ensure primary group exists (original script's safeguard) if ! getent group "$SIGNAGE_USER" >/dev/null 2>&1; then - echo "Group '$SIGNAGE_USER' not found, creating it." + echo "Primary group '$SIGNAGE_USER' not found, creating it." addgroup "$SIGNAGE_USER" - adduser "$SIGNAGE_USER" "$SIGNAGE_USER" # Ensure user is in their group + # If primary group was missing, ensure user is member. + # This typically means user's GID needs to be updated with usermod -g if primary group was truly lost and recreated. + # For now, just ensuring membership in the group by name. + if ! groups "$SIGNAGE_USER" | grep -q -w "$SIGNAGE_USER"; then + addgroup "$SIGNAGE_USER" "$SIGNAGE_USER" + fi + fi + + echo "Ensuring $SIGNAGE_USER is in 'video' supplementary group..." + if ! groups "$SIGNAGE_USER" | grep -q -w video; then + addgroup "$SIGNAGE_USER" video + echo "$SIGNAGE_USER added to 'video'." + else + echo "$SIGNAGE_USER already in 'video'." + fi + + echo "Ensuring $SIGNAGE_USER is in 'input' supplementary group..." + if ! groups "$SIGNAGE_USER" | grep -q -w input; then + addgroup "$SIGNAGE_USER" input + echo "$SIGNAGE_USER added to 'input'." + else + echo "$SIGNAGE_USER already in 'input'." fi fi SIGNAGE_HOME="/home/$SIGNAGE_USER" @@ -192,25 +225,33 @@ chmod 700 "$SIGNAGE_CONFIG_DIR" # Restrict access chmod 700 "$SIGNAGE_SWAY_CONFIG_DIR" echo "Creating $SIGNAGE_SWAY_CONFIG_FILE..." -# Note: KIOSK_URL, WAYVNC_LISTEN_ADDRESS, WAYVNC_PORT are expanded when this heredoc is created. -# SIGNAGE_USER is also expanded for the chromium user-data-dir example cat > "$SIGNAGE_SWAY_CONFIG_FILE" << EOF # Sway configuration for Alpine Signage Kiosk # --- Basic Setup --- -set \$mod Mod4 # Super key +# Set the Super key as the modifier +set \$mod Mod4 +# Set default font font pango:DejaVu Sans Mono 10 # --- Output Configuration --- -output * dpms off # Disable screen blanking / DPMS +# Explicitly enable all outputs and set power state to on +# This is important for ensuring the display activates correctly at boot. +output * enable +output * power on +# The old 'output * dpms off' command is equivalent to 'output * power on'. +# Adding 'output * enable' provides an extra layer of assurance. + # To set a specific mode for an output (name from 'swaymsg -t get_outputs'): # output Virtual-1 mode 1280x800@60hz -# output * bg /usr/share/backgrounds/sway/Sway_Wallpaper_Blue_1920x1080.png fill # Optional: if swaybg is installed +# Optional: set a background if swaybg is installed +# output * bg /usr/share/backgrounds/sway/Sway_Wallpaper_Blue_1920x1080.png fill # --- Input Configuration --- -# Hide mouse cursor when typing and after 1 second of inactivity -seat * hide_cursor when-typing -seat * hide_cursor 1000 # You can adjust the timeout (milliseconds) +# Hide mouse cursor after 1000ms (1 second) of inactivity +seat * hide_cursor 1000 +# Alternative: always hide (uncomment below, comment line above) +# seat * hide_cursor always # --- Autostart Applications --- # Chromium in Kiosk Mode @@ -230,9 +271,9 @@ exec /usr/bin/chromium \\ --password-store=basic \\ --enable-zero-copy \\ --ignore-gpu-blocklist \\ - --disable-gpu \\ - # --enable-unsafe-webgpu \\ - # --disable-gpu-vsync \\ + --disable-gpu + # --enable-unsafe-webgpu + # --disable-gpu-vsync # --user-data-dir=/home/$SIGNAGE_USER/.config/chromium-kiosk # WayVNC for remote access @@ -240,8 +281,11 @@ exec /usr/bin/chromium \\ exec wayvnc --render-cursor $WAYVNC_LISTEN_ADDRESS $WAYVNC_PORT # --- Keybindings (Minimal, mostly for debugging) --- +# Kill focused window bindsym \$mod+Shift+q kill +# Reload sway config bindsym \$mod+Shift+c reload +# Exit sway (logs out the user) bindsym \$mod+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end the kiosk session.' -B 'Yes, exit sway' 'swaymsg exit' # --- General Settings --- @@ -329,7 +373,12 @@ if [ -n "$PAM_TARGET_FILE" ]; then cp "$PAM_TARGET_FILE" "$PAM_TARGET_FILE.bak.signage" echo "Backed up $PAM_TARGET_FILE to $PAM_TARGET_FILE.bak.signage" fi - awk '/^session/{if(!p++) print; print "session optional pam_elogind.so"; next} 1' "$PAM_TARGET_FILE" > "$PAM_TARGET_FILE.tmp" && mv "$PAM_TARGET_FILE.tmp" "$PAM_TARGET_FILE" + # Add pam_elogind.so after the first 'session' line, or as the first session line if none exist + if grep -q "^session" "$PAM_TARGET_FILE"; then + awk '/^session/{if(!p++) print; print "session optional pam_elogind.so"; next} 1' "$PAM_TARGET_FILE" > "$PAM_TARGET_FILE.tmp" && mv "$PAM_TARGET_FILE.tmp" "$PAM_TARGET_FILE" + else + echo "session optional pam_elogind.so" >> "$PAM_TARGET_FILE" # Fallback if no session lines + fi echo "PAM module added." else echo "'$PAM_MODULE' already present in $PAM_TARGET_FILE." @@ -346,16 +395,17 @@ echo " Alpine Linux Signage Setup Script Finished!" echo "-----------------------------------------------------" echo " SUMMARY:" echo " * Packages installed (Sway, Chromium, Greetd, WayVNC, open-vm-tools etc.)." -echo " * User '$SIGNAGE_USER' created/configured with shell /bin/sh." +echo " * User '$SIGNAGE_USER' created/configured with shell /bin/sh and added to 'video' and 'input' groups." echo " * Sway configured in $SIGNAGE_SWAY_CONFIG_FILE." +echo " -> Output explicitly enabled, power state set to ON." echo " -> Chromium will start with --disable-gpu. Edit this file to change." -echo " -> Mouse cursor configured to hide when typing and after 1s inactivity." +echo " -> Mouse cursor configured to hide after 1s inactivity." echo " * WayVNC configured to launch via Sway, listening on $WAYVNC_LISTEN_ADDRESS:$WAYVNC_PORT." echo " * IMPORTANT: WayVNC password MUST be set in $SIGNAGE_PROFILE for security." echo " * Autologin configured via greetd ($GREETD_CONFIG_FILE)." echo " * /etc/inittab modified to launch greetd on tty1." echo " * Attempted to configure PAM for elogind." -echo " * open-vm-tools service enabled (if applicable)." +echo " * open-vm-tools service enabled (if applicable, open-vm-tools-desktop was NOT installed)." echo "" echo " !!! IMPORTANT !!!" echo " * If you saw a WARNING about 'nomodeset' earlier, the graphical kiosk" @@ -376,7 +426,7 @@ echo " 1. Log in as root on TTY2 (Alt+F2) or SSH." echo " 2. Check greetd logs: grep greetd /var/log/messages | tail -n 20" echo " 3. Check Sway log: cat $SWAY_LOG_PATH_IN_GREETD" echo " 4. Check Sway config syntax (as root, or as user if paths adjusted):" -echo " sway -C -c $SIGNAGE_SWAY_CONFIG_FILE" +echo " su - $SIGNAGE_USER -c \"export XDG_RUNTIME_DIR=/run/user/\$(id -u $SIGNAGE_USER) && sway -C -c $SIGNAGE_SWAY_CONFIG_FILE\"" echo " 5. Check XDG_RUNTIME_DIR: ls -ld /run/user/\$(id -u $SIGNAGE_USER)" echo " 6. Check services: rc-service elogind status && rc-service dbus status && rc-service open-vm-tools status" echo " 7. Check inittab: grep ^tty1 /etc/inittab" @@ -386,6 +436,7 @@ echo "10. Check WayVNC: ps aux | grep wayvnc ; netstat -tulnp | grep :$WAYVNC_PO echo " Ensure WAYVNC_PASSWORD is set in $SIGNAGE_PROFILE" echo "11. Manually test Sway as $SIGNAGE_USER on TTY2 (stop greetd first: rc-service greetd stop):" echo " su - $SIGNAGE_USER -c \"dbus-run-session sway -d\"" +echo "12. Check user groups: groups $SIGNAGE_USER (should include 'video' and 'input')" echo "-----------------------------------------------------" exit 0 \ No newline at end of file