rc/fri-alpine-signage
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Enhance setup script: update WayVNC password example, ensure user groups for signage user, and improve service checks

Browse source
This commit is contained in:
FallingLights 2025-05-07 19:50:54 +02:00
parent 2254b9bd74
commit 3d78640e5d
1 changed files with 78 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

103
setup-signage.sh
View file

@ -15,7 +15,7 @@ SIGNAGE_USER="signage"
# The script will create a ~/.profile for the SIGNAGE_USER # The script will create a ~/.profile for the SIGNAGE_USER
# where this variable can be set. # where this variable can be set.
# For better security, leave it blank here and edit ~/.profile manually after setup. # For better security, leave it blank here and edit ~/.profile manually after setup.
WAYVNC_PASSWORD_TO_SET="" # Example: "burek123" WAYVNC_PASSWORD_TO_SET="" # Example: "your_secure_password"
WAYVNC_LISTEN_ADDRESS="0.0.0.0" # Listen on all interfaces WAYVNC_LISTEN_ADDRESS="0.0.0.0" # Listen on all interfaces
WAYVNC_PORT="5900" # Default VNC port WAYVNC_PORT="5900" # Default VNC port
# --- End Configuration --- # --- End Configuration ---
@ -83,7 +83,8 @@ apk add \
linux-firmware \ linux-firmware \
greetd \ greetd \
greetd-agreety \ greetd-agreety \
wayvnc wayvnc \
open-vm-tools # open-vm-tools-desktop has been removed
echo "-------------------------------------" echo "-------------------------------------"
# 6. Enable & Start D-Bus service # 6. Enable & Start D-Bus service
@ -98,9 +99,11 @@ echo "-------------------------------------"
# 7. Enable & Start open-vm-tools service (if installed) # 7. Enable & Start open-vm-tools service (if installed)
echo "[Step 6/13] Enabling and starting open-vm-tools service..." echo "[Step 6/13] Enabling and starting open-vm-tools service..."
if rc-service open-vm-tools status > /dev/null 2>&1 || apk info open-vm-tools >/dev/null 2>&1; then if apk info --installed open-vm-tools > /dev/null 2>&1; then
if ! rc-service open-vm-tools status > /dev/null 2>&1; then if ! rc-service open-vm-tools status > /dev/null 2>&1; then
echo "Enabling open-vm-tools service..."
rc-update add open-vm-tools default rc-update add open-vm-tools default
echo "Starting open-vm-tools service..."
rc-service open-vm-tools start rc-service open-vm-tools start
else else
echo "open-vm-tools service already running or enabled." echo "open-vm-tools service already running or enabled."
@ -110,21 +113,51 @@ else
fi fi
echo "-------------------------------------" echo "-------------------------------------"
# 8. Create the signage user # 8. Create the signage user and add to necessary groups
echo "[Step 7/13] Creating signage user '$SIGNAGE_USER'..." echo "[Step 7/13] Creating signage user '$SIGNAGE_USER' and configuring groups..."
if ! id -u "$SIGNAGE_USER" >/dev/null 2>&1; then if ! id -u "$SIGNAGE_USER" >/dev/null 2>&1; then
echo "Creating group '$SIGNAGE_USER'..." echo "Creating group '$SIGNAGE_USER' (for primary group)..."
addgroup "$SIGNAGE_USER" addgroup "$SIGNAGE_USER" # Ensure primary group exists
echo "Creating user '$SIGNAGE_USER' with shell /bin/sh..." echo "Creating user '$SIGNAGE_USER' with shell /bin/sh..."
# -D: no password, don't expire
# -G group: add user to primary group 'group'. Uses existing or creates if not.
adduser -D -G "$SIGNAGE_USER" -s /bin/sh -h "/home/$SIGNAGE_USER" "$SIGNAGE_USER" adduser -D -G "$SIGNAGE_USER" -s /bin/sh -h "/home/$SIGNAGE_USER" "$SIGNAGE_USER"
echo "User '$SIGNAGE_USER' created."
echo "Adding user '$SIGNAGE_USER' to 'video' supplementary group..."
addgroup "$SIGNAGE_USER" video
echo "Adding user '$SIGNAGE_USER' to 'input' supplementary group..."
addgroup "$SIGNAGE_USER" input
echo "User '$SIGNAGE_USER' created and added to video/input groups."
else else
echo "User '$SIGNAGE_USER' already exists. Ensuring shell is /bin/sh..." echo "User '$SIGNAGE_USER' already exists. Ensuring shell is /bin/sh and group memberships..."
usermod -s /bin/sh "$SIGNAGE_USER" usermod -s /bin/sh "$SIGNAGE_USER"
# Ensure primary group exists (original script's safeguard)
if ! getent group "$SIGNAGE_USER" >/dev/null 2>&1; then if ! getent group "$SIGNAGE_USER" >/dev/null 2>&1; then
echo "Group '$SIGNAGE_USER' not found, creating it." echo "Primary group '$SIGNAGE_USER' not found, creating it."
addgroup "$SIGNAGE_USER" addgroup "$SIGNAGE_USER"
adduser "$SIGNAGE_USER" "$SIGNAGE_USER" # Ensure user is in their group # If primary group was missing, ensure user is member.
# This typically means user's GID needs to be updated with usermod -g if primary group was truly lost and recreated.
# For now, just ensuring membership in the group by name.
if ! groups "$SIGNAGE_USER" | grep -q -w "$SIGNAGE_USER"; then
addgroup "$SIGNAGE_USER" "$SIGNAGE_USER"
fi
fi
echo "Ensuring $SIGNAGE_USER is in 'video' supplementary group..."
if ! groups "$SIGNAGE_USER" | grep -q -w video; then
addgroup "$SIGNAGE_USER" video
echo "$SIGNAGE_USER added to 'video'."
else
echo "$SIGNAGE_USER already in 'video'."
fi
echo "Ensuring $SIGNAGE_USER is in 'input' supplementary group..."
if ! groups "$SIGNAGE_USER" | grep -q -w input; then
addgroup "$SIGNAGE_USER" input
echo "$SIGNAGE_USER added to 'input'."
else
echo "$SIGNAGE_USER already in 'input'."
fi fi
fi fi
SIGNAGE_HOME="/home/$SIGNAGE_USER" SIGNAGE_HOME="/home/$SIGNAGE_USER"
@ -192,25 +225,33 @@ chmod 700 "$SIGNAGE_CONFIG_DIR" # Restrict access
chmod 700 "$SIGNAGE_SWAY_CONFIG_DIR" chmod 700 "$SIGNAGE_SWAY_CONFIG_DIR"
echo "Creating $SIGNAGE_SWAY_CONFIG_FILE..." echo "Creating $SIGNAGE_SWAY_CONFIG_FILE..."
# Note: KIOSK_URL, WAYVNC_LISTEN_ADDRESS, WAYVNC_PORT are expanded when this heredoc is created.
# SIGNAGE_USER is also expanded for the chromium user-data-dir example
cat > "$SIGNAGE_SWAY_CONFIG_FILE" << EOF cat > "$SIGNAGE_SWAY_CONFIG_FILE" << EOF
# Sway configuration for Alpine Signage Kiosk # Sway configuration for Alpine Signage Kiosk
# --- Basic Setup --- # --- Basic Setup ---
set \$mod Mod4 # Super key # Set the Super key as the modifier
set \$mod Mod4
# Set default font
font pango:DejaVu Sans Mono 10 font pango:DejaVu Sans Mono 10
# --- Output Configuration --- # --- Output Configuration ---
output * dpms off # Disable screen blanking / DPMS # Explicitly enable all outputs and set power state to on
# This is important for ensuring the display activates correctly at boot.
output * enable
output * power on
# The old 'output * dpms off' command is equivalent to 'output * power on'.
# Adding 'output * enable' provides an extra layer of assurance.
# To set a specific mode for an output (name from 'swaymsg -t get_outputs'): # To set a specific mode for an output (name from 'swaymsg -t get_outputs'):
# output Virtual-1 mode 1280x800@60hz # output Virtual-1 mode 1280x800@60hz
# output * bg /usr/share/backgrounds/sway/Sway_Wallpaper_Blue_1920x1080.png fill # Optional: if swaybg is installed # Optional: set a background if swaybg is installed
# output * bg /usr/share/backgrounds/sway/Sway_Wallpaper_Blue_1920x1080.png fill
# --- Input Configuration --- # --- Input Configuration ---
# Hide mouse cursor when typing and after 1 second of inactivity # Hide mouse cursor after 1000ms (1 second) of inactivity
seat * hide_cursor when-typing seat * hide_cursor 1000
seat * hide_cursor 1000 # You can adjust the timeout (milliseconds) # Alternative: always hide (uncomment below, comment line above)
# seat * hide_cursor always
# --- Autostart Applications --- # --- Autostart Applications ---
# Chromium in Kiosk Mode # Chromium in Kiosk Mode
@ -230,9 +271,9 @@ exec /usr/bin/chromium \\
--password-store=basic \\ --password-store=basic \\
--enable-zero-copy \\ --enable-zero-copy \\
--ignore-gpu-blocklist \\ --ignore-gpu-blocklist \\
--disable-gpu \\ --disable-gpu
# --enable-unsafe-webgpu \\ # --enable-unsafe-webgpu
# --disable-gpu-vsync \\ # --disable-gpu-vsync
# --user-data-dir=/home/$SIGNAGE_USER/.config/chromium-kiosk # --user-data-dir=/home/$SIGNAGE_USER/.config/chromium-kiosk
# WayVNC for remote access # WayVNC for remote access
@ -240,8 +281,11 @@ exec /usr/bin/chromium \\
exec wayvnc --render-cursor $WAYVNC_LISTEN_ADDRESS $WAYVNC_PORT exec wayvnc --render-cursor $WAYVNC_LISTEN_ADDRESS $WAYVNC_PORT
# --- Keybindings (Minimal, mostly for debugging) --- # --- Keybindings (Minimal, mostly for debugging) ---
# Kill focused window
bindsym \$mod+Shift+q kill bindsym \$mod+Shift+q kill
# Reload sway config
bindsym \$mod+Shift+c reload bindsym \$mod+Shift+c reload
# Exit sway (logs out the user)
bindsym \$mod+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end the kiosk session.' -B 'Yes, exit sway' 'swaymsg exit' bindsym \$mod+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end the kiosk session.' -B 'Yes, exit sway' 'swaymsg exit'
# --- General Settings --- # --- General Settings ---
@ -329,7 +373,12 @@ if [ -n "$PAM_TARGET_FILE" ]; then
cp "$PAM_TARGET_FILE" "$PAM_TARGET_FILE.bak.signage" cp "$PAM_TARGET_FILE" "$PAM_TARGET_FILE.bak.signage"
echo "Backed up $PAM_TARGET_FILE to $PAM_TARGET_FILE.bak.signage" echo "Backed up $PAM_TARGET_FILE to $PAM_TARGET_FILE.bak.signage"
fi fi
# Add pam_elogind.so after the first 'session' line, or as the first session line if none exist
if grep -q "^session" "$PAM_TARGET_FILE"; then
awk '/^session/{if(!p++) print; print "session optional pam_elogind.so"; next} 1' "$PAM_TARGET_FILE" > "$PAM_TARGET_FILE.tmp" && mv "$PAM_TARGET_FILE.tmp" "$PAM_TARGET_FILE" awk '/^session/{if(!p++) print; print "session optional pam_elogind.so"; next} 1' "$PAM_TARGET_FILE" > "$PAM_TARGET_FILE.tmp" && mv "$PAM_TARGET_FILE.tmp" "$PAM_TARGET_FILE"
else
echo "session optional pam_elogind.so" >> "$PAM_TARGET_FILE" # Fallback if no session lines
fi
echo "PAM module added." echo "PAM module added."
else else
echo "'$PAM_MODULE' already present in $PAM_TARGET_FILE." echo "'$PAM_MODULE' already present in $PAM_TARGET_FILE."
@ -346,16 +395,17 @@ echo " Alpine Linux Signage Setup Script Finished!"
echo "-----------------------------------------------------" echo "-----------------------------------------------------"
echo " SUMMARY:" echo " SUMMARY:"
echo " * Packages installed (Sway, Chromium, Greetd, WayVNC, open-vm-tools etc.)." echo " * Packages installed (Sway, Chromium, Greetd, WayVNC, open-vm-tools etc.)."
echo " * User '$SIGNAGE_USER' created/configured with shell /bin/sh." echo " * User '$SIGNAGE_USER' created/configured with shell /bin/sh and added to 'video' and 'input' groups."
echo " * Sway configured in $SIGNAGE_SWAY_CONFIG_FILE." echo " * Sway configured in $SIGNAGE_SWAY_CONFIG_FILE."
echo " -> Output explicitly enabled, power state set to ON."
echo " -> Chromium will start with --disable-gpu. Edit this file to change." echo " -> Chromium will start with --disable-gpu. Edit this file to change."
echo " -> Mouse cursor configured to hide when typing and after 1s inactivity." echo " -> Mouse cursor configured to hide after 1s inactivity."
echo " * WayVNC configured to launch via Sway, listening on $WAYVNC_LISTEN_ADDRESS:$WAYVNC_PORT." echo " * WayVNC configured to launch via Sway, listening on $WAYVNC_LISTEN_ADDRESS:$WAYVNC_PORT."
echo " * IMPORTANT: WayVNC password MUST be set in $SIGNAGE_PROFILE for security." echo " * IMPORTANT: WayVNC password MUST be set in $SIGNAGE_PROFILE for security."
echo " * Autologin configured via greetd ($GREETD_CONFIG_FILE)." echo " * Autologin configured via greetd ($GREETD_CONFIG_FILE)."
echo " * /etc/inittab modified to launch greetd on tty1." echo " * /etc/inittab modified to launch greetd on tty1."
echo " * Attempted to configure PAM for elogind." echo " * Attempted to configure PAM for elogind."
echo " * open-vm-tools service enabled (if applicable)." echo " * open-vm-tools service enabled (if applicable, open-vm-tools-desktop was NOT installed)."
echo "" echo ""
echo " !!! IMPORTANT !!!" echo " !!! IMPORTANT !!!"
echo " * If you saw a WARNING about 'nomodeset' earlier, the graphical kiosk" echo " * If you saw a WARNING about 'nomodeset' earlier, the graphical kiosk"
@ -376,7 +426,7 @@ echo " 1. Log in as root on TTY2 (Alt+F2) or SSH."
echo " 2. Check greetd logs: grep greetd /var/log/messages | tail -n 20" echo " 2. Check greetd logs: grep greetd /var/log/messages | tail -n 20"
echo " 3. Check Sway log: cat $SWAY_LOG_PATH_IN_GREETD" echo " 3. Check Sway log: cat $SWAY_LOG_PATH_IN_GREETD"
echo " 4. Check Sway config syntax (as root, or as user if paths adjusted):" echo " 4. Check Sway config syntax (as root, or as user if paths adjusted):"
echo " sway -C -c $SIGNAGE_SWAY_CONFIG_FILE" echo " su - $SIGNAGE_USER -c \"export XDG_RUNTIME_DIR=/run/user/\$(id -u $SIGNAGE_USER) && sway -C -c $SIGNAGE_SWAY_CONFIG_FILE\""
echo " 5. Check XDG_RUNTIME_DIR: ls -ld /run/user/\$(id -u $SIGNAGE_USER)" echo " 5. Check XDG_RUNTIME_DIR: ls -ld /run/user/\$(id -u $SIGNAGE_USER)"
echo " 6. Check services: rc-service elogind status && rc-service dbus status && rc-service open-vm-tools status" echo " 6. Check services: rc-service elogind status && rc-service dbus status && rc-service open-vm-tools status"
echo " 7. Check inittab: grep ^tty1 /etc/inittab" echo " 7. Check inittab: grep ^tty1 /etc/inittab"
@ -386,6 +436,7 @@ echo "10. Check WayVNC: ps aux | grep wayvnc ; netstat -tulnp | grep :$WAYVNC_PO
echo " Ensure WAYVNC_PASSWORD is set in $SIGNAGE_PROFILE" echo " Ensure WAYVNC_PASSWORD is set in $SIGNAGE_PROFILE"
echo "11. Manually test Sway as $SIGNAGE_USER on TTY2 (stop greetd first: rc-service greetd stop):" echo "11. Manually test Sway as $SIGNAGE_USER on TTY2 (stop greetd first: rc-service greetd stop):"
echo " su - $SIGNAGE_USER -c \"dbus-run-session sway -d\"" echo " su - $SIGNAGE_USER -c \"dbus-run-session sway -d\""
echo "12. Check user groups: groups $SIGNAGE_USER (should include 'video' and 'input')"
echo "-----------------------------------------------------" echo "-----------------------------------------------------"
exit 0 exit 0