From: Benjamin Braatz Date: Wed, 4 Jan 2023 04:35:07 +0000 (+0100) Subject: Image for MaschinenplatzPi. X-Git-Url: http://git.graph-it.com/?a=commitdiff_plain;h=b44f3f66a4363445734ed62eded73b263f01f96d;p=graphit%2Fcontrolpi-image.git Image for MaschinenplatzPi. --- diff --git a/doc/index.md b/doc/index.md index 4005e75..016b43b 100644 --- a/doc/index.md +++ b/doc/index.md @@ -31,17 +31,20 @@ fakeroot gcc git i2c-tools +jq inetutils linux-rpi make openssh pacman-contrib parted +pcsclite python raspberrypi-bootloader raspberrypi-firmware rsync sudo +swig vim ``` @@ -59,18 +62,17 @@ Standard-Benutzer von `alarm` zu `pi` umbenennen und Passwörter vergeben: ``` ## Installation von pigpio -Bauen des Paketes als Benutzer: +Bauen und Installieren des Paketes: ```console # su - pi $ git clone https://aur.archlinux.org/pigpio.git $ cd pigpio/ $ makepkg -s +$ mv pigpio-79-1-armv7h.pkg.tar.xz ~/ +$ cd ~/ +$ rm -r pigpio/ $ exit -``` - -Installation des gebauten Pakets: -```console -# pacman -U /home/pi/pigpio/pigpio-XX-X-armv7h.pkg.tar.xz +# pacman -U /home/pi/pigpio-79-1-armv7h.pkg.tar.xz ``` Paket-Cache leeren: @@ -90,11 +92,12 @@ $ pip install -U pip setuptools wheel ControlPi-Pakete installieren: ```console $ pip install git+git://git.graph-it.com/graphit/controlpi.git -$ pip install git+git://git.graph-it.com/graphit/controlpi-pinio.git -$ pip install git+git://git.graph-it.com/graphit/controlpi-modbus.git +$ pip install git+git://git.graph-it.com/graphit/controlpi-statemachine.git $ pip install git+git://git.graph-it.com/graphit/controlpi-wsclient.git $ pip install git+git://git.graph-it.com/graphit/controlpi-wsserver.git -$ pip install git+git://git.graph-it.com/graphit/controlpi-statemachine.git +$ pip install git+git://git.graph-it.com/graphit/controlpi-pinio.git +$ pip install git+git://git.graph-it.com/graphit/controlpi-modbus.git +$ pip install git+git://git.graph-it.com/graphit/controlpi-nfc.git $ exit ``` @@ -112,6 +115,10 @@ Innerhalb des chroot eventuell Berechtigungen und Eigentürmer reparieren: $ chmod -R go-rx .ssh/ ``` +In `/home/pi/.ssh/authorized_keys` sollten die Public-Keys derjenigen +hinterlegt sein, die initial Zugriff per SSH haben sollen, da die +Konfiguration das Einloggen mit Passwort komplett unterbindet. + ## Image erstellen und aufspielen Von außerhalb des chroot: ```console @@ -132,3 +139,6 @@ $ sudo umount /mnt $ sudo losetup --detach /dev/loop0 $ sudo dd if=20YY-MM-DD-controlpi-arch.img of=/dev/mmcblk0 bs=1M oflag=sync status=progress ``` + +## Spezialisierte Images +* [MaschinenplatzPi](graphit/controlpi-image/maschinenplatzpi.md) diff --git a/doc/maschinenplatzpi.md b/doc/maschinenplatzpi.md new file mode 100644 index 0000000..3c89548 --- /dev/null +++ b/doc/maschinenplatzpi.md @@ -0,0 +1,139 @@ +# Zusätzliche Konfiguration für MaschinenplatzPi +Ein MaschinenplatzPi erfüllt zusätzlich zum generischen ControlPi-Image die +folgenden Funktionen: +* Er verwaltet ein internes Netzwerk des Maschinenplatzes, in dem alle + weiteren ControlPis sich anmelden. +* Er betreibt einen angeschlossenen Bildschirm mit Maus und numerischer + Tastatur als Kiosk-System. + +## Konfiguration des Netzwerk-Switches +Wir verwenden einen [Netgear +GS308E](https://www.netgear.de/support/product/gs308e.aspx) als +VLAN-fähigen Switch. + +In der Web-Oberfläche des Switches wird zunächst das Default-Passwort +(`password`) geändert und der Switch-Name auf den in unserem Netzwerk +vergebenen angepasst. + +Im Bereich VLAN → 802.1Q → Advanced werden folgende Einstellungen +vorgenommen: +* Enable +* VLAN Configuration VLAN ID 23 – Add +* Port PVID für Ports 3–8 auf 23 – Apply +* VLAN Membership VLAN ID 1, Port 1 U(ntagged), Port 2 T(agged), + Ports 3–8 nichts – Apply +* VLAN Membershio VLAN ID 23, Port 1 nichts, Port 2 T(agged), + Ports 3–8 U(ntagged) – Apply + +An Port 1 soll also das externe Netzwerk, an Port 2 der MaschinenplatzPi +und an Ports 3 bis 8 die weiteren ControlPis angeschlossen werden. +Die Verbindung zwischen MaschinenplatzPi und externem Netzwerk bekommt die +VLAN-ID 1 und das interne Netzwerk die VLAN-ID 23. + +## Internes Netz +Der MaschinenplatzPi stellt den DHCP-Service und einen NTP-Server +(`chrony`) für das interne Netzwerk bereit. +Mit `networkctl status intern` können die im internen Netz aktuell +vergebenen IP-Adressen angezeigt werden. + +Da keiner der User auf dem MaschinenplatzPi einen Private-Key für eine +Verbindung zu den ControlPis in seinem internen Netz hat, muss für solche +Verbindungen – von einem Account mit einer solchen Berechtigung aus – der +MaschinenplatzPi als Jump-Host verwendet werden: +```console +ssh -J pi@maschinenplatzpi.site pi@192.168.23.23 +``` + +Optional kann mit `systemctl start iptables` und `systemctl stop iptables` +auf dem MaschinenplatzPi das Masqerading bzw. NAT für das interne Netz an- +und ausgeschaltet werden, falls die ControlPis im internen Netz Verbindung +zum externen Netz benötigen. + +## Kiosk-System +Das Kiosk-System verwendet den Kiosk-Wayland-Compositor +[Cage](https://github.com/Hjdskes/cage), um den Kiosk-Browser +[qiosk](https://github.com/Salamek/qiosk) zu starten. + +Das Kiosk-System ist so eingerichtet, dass es beim Start des Pi automatisch +die Datei `/home/pi/index.html` anzeigt (diese kann mit einem +HTML-Meta-Refresh dann auf die tatsächlich anzuzeigende Webseite +weiterleiten). +Dies kann in einem nächsten Schritt durch eine von der lokal laufenden +ControlPi-Instanz generierte Oberfläche geändert werden. + +## Anpassungen gegenüber dem generischen Image +`chrony` (der NTP-Server für das interne Netzwerk) und `cage` (der +Kiosk-Wayland-Compositor) können direkt aus den Arch-Linux-ARM-Repositories +installiert werden: +```console +# pacman -S chrony cage +``` + +Zum Zeitpunkt des Schreibens muss wegen eines Bugs (`qt5-webengine` nach +Update von Abhängigkeiten nicht selbst geupdatet) noch `qt5-webengine` +selbst gebaut werden (Achtung! Dauert sehr lange!): +```console +# pacman -S bison flex pkgconf debugedit +# su - pi +$ git clone https://github.com/archlinuxarm/PKGBUILDs.git +$ cd PKGBUILDs/extra/qt5-webengine/ +$ makepkg -sA +$ mv qt5-webengine-5.15.11-3-armv7h.pkg.tar.xz ~/ +$ cd ~/ +$ rm -r PKGBUILDs/ +$ exit +# pacman -U /home/pi/qt5-webengine-5.15.11-3-armv7h.pkg.tar.xz +``` + +Jetzt kann `qiosk` kompiliert und installiert werden: +```console +# su - pi +$ git clone https://github.com/Salamek/qiosk.git +$ cd qiosk/archlinux/ +$ makepkg -sA +$ mv qiosk-1.1.16-1-armv7h.pkg.tar.xz ~/ +$ cd ~/ +$ rm -r qiosk/ +$ exit +# pacman -U /home/pi/qiosk-1.1.16-1-armv7h.pkg.tar.xz +``` + +Die Konfigurations-Dateien werden – wie auch beim generischen Image – aus +diesem git-Repository synchronisiert: +```console +$ sudo rsync -rlp maschinenplatzpi/etc /tmp/controlpi/ +$ rsync -rlp maschinenplatzpi/home/pi /tmp/controlpi/home/ +``` + +Im Einzelnen sind dies: +```console +maschinenplatzpi/ +├── etc +│   ├── chrony.conf +│   ├── iptables +│   │   └── iptables.rules +│   ├── pam.d +│   │   └── cage +│   ├── sysctl.d +│   │   └── 60-router.conf +│   └── systemd +│   ├── network +│   │   ├── 00-extern.netdev +│   │   ├── 00-intern.netdev +│   │   ├── 10-eth0.network +│   │   ├── 20-extern.network +│   │   └── 20-intern.network +│   └── system +│   ├── cage@.service +│   ├── default.target -> /usr/lib/systemd/system/graphical.target +│   ├── graphical.target.wants +│   │   └── cage@tty1.service -> /etc/systemd/system/cage@.service +│   └── multi-user.target.wants +│   └── chronyd.service -> /usr/lib/systemd/system/chronyd.service +└── home + └── pi + └── index.html +``` + +Das Erstellen und Aufspielen des Images funktioniert dann genau wie für das +[generische Image](graphit/controlpi-image). diff --git a/maschinenplatzpi/etc/chrony.conf b/maschinenplatzpi/etc/chrony.conf new file mode 100644 index 0000000..2609d13 --- /dev/null +++ b/maschinenplatzpi/etc/chrony.conf @@ -0,0 +1,335 @@ +####################################################################### +# +# This is an example chrony configuration file. You should copy it to +# /etc/chrony.conf after uncommenting and editing the options that you +# want to enable. The more obscure options are not included. Refer +# to the documentation for these. +# +####################################################################### +### COMMENTS +# Any of the following lines are comments (you have a choice of +# comment start character): +# a comment +% a comment +! a comment +; a comment +# +# Below, the '!' form is used for lines that you might want to +# uncomment and edit to make your own chrony.conf file. +# +####################################################################### +####################################################################### +### SPECIFY YOUR NTP SERVERS +# Most computers using chrony will send measurement requests to one or +# more 'NTP servers'. You will probably find that your Internet Service +# Provider or company have one or more NTP servers that you can specify. +# Failing that, there are a lot of public NTP servers. There is a list +# you can access at http://support.ntp.org/bin/view/Servers/WebHome or +# you can use servers from the pool.ntp.org project. + +! server 0.arch.pool.ntp.org iburst +! server 1.arch.pool.ntp.org iburst +! server 3.arch.pool.ntp.org iburst + +pool 2.arch.pool.ntp.org iburst + +####################################################################### +### AVOIDING POTENTIALLY BOGUS CHANGES TO YOUR CLOCK +# +# To avoid changes being made to your computer's gain/loss compensation +# when the measurement history is too erratic, you might want to enable +# one of the following lines. The first seems good with servers on the +# Internet, the second seems OK for a LAN environment. + +! maxupdateskew 100 +! maxupdateskew 5 + +# If you want to increase the minimum number of selectable sources +# required to update the system clock in order to make the +# synchronisation more reliable, uncomment (and edit) the following +# line. + +! minsources 2 + +# If your computer has a good stable clock (e.g. it is not a virtual +# machine), you might also want to reduce the maximum assumed drift +# (frequency error) of the clock (the value is specified in ppm). + +! maxdrift 100 + +# By default, chronyd allows synchronisation to an unauthenticated NTP +# source (i.e. specified without the nts and key options) if it agrees with +# a majority of authenticated NTP sources, or if no authenticated source is +# specified. If you don't want chronyd to ever synchronise to an +# unauthenticated NTP source, uncomment the first from the following lines. +# If you don't want to synchronise to an unauthenticated NTP source only +# when an authenticated source is specified, uncomment the second line. +# If you want chronyd to ignore authentication in the source selection, +# uncomment the third line. + +! authselectmode require +! authselectmode prefer +! authselectmode ignore + +####################################################################### +### FILENAMES ETC +# Chrony likes to keep information about your computer's clock in files. +# The 'driftfile' stores the computer's clock gain/loss rate in parts +# per million. When chronyd starts, the system clock can be tuned +# immediately so that it doesn't gain or lose any more time. You +# generally want this, so it is uncommented. + +driftfile /var/lib/chrony/drift + +# If you want to enable NTP authentication with symmetric keys, you will need +# to uncomment the following line and edit the file to set up the keys. + +! keyfile /etc/chrony.keys + +# If you specify an NTP server with the nts option to enable authentication +# with the Network Time Security (NTS) mechanism, or enable server NTS with +# the ntsservercert and ntsserverkey directives below, the following line will +# allow the client/server to save the NTS keys and cookies in order to reduce +# the number of key establishments (NTS-KE sessions). + +ntsdumpdir /var/lib/chrony + +# If chronyd is configured to act as an NTP server and you want to enable NTS +# for its clients, you will need a TLS certificate and private key. Uncomment +# and edit the following lines to specify the locations of the certificate and +# key. + +! ntsservercert /etc/.../foo.example.net.crt +! ntsserverkey /etc/.../foo.example.net.key + +# chronyd can save the measurement history for the servers to files when +# it exits. This is useful in 2 situations: +# +# 1. If you stop chronyd and restart it with the '-r' option (e.g. after +# an upgrade), the old measurements will still be relevant when chronyd +# is restarted. This will reduce the time needed to get accurate +# gain/loss measurements. +# +# 2. On Linux, if you use the RTC support and start chronyd with +# '-r -s' on bootup, measurements from the last boot will still be +# useful (the real time clock is used to 'flywheel' chronyd between +# boots). +# +# Uncomment the following line to use this. + +! dumpdir /var/lib/chrony + +# chronyd writes its process ID to a file. If you try to start a second +# copy of chronyd, it will detect that the process named in the file is +# still running and bail out. If you want to change the path to the PID +# file, uncomment this line and edit it. The default path is shown. + +! pidfile /var/run/chrony/chronyd.pid + +# If the system timezone database is kept up to date and includes the +# right/UTC timezone, chronyd can use it to determine the current +# TAI-UTC offset and when will the next leap second occur. + +leapsectz right/UTC + +####################################################################### +### INITIAL CLOCK CORRECTION +# This option is useful to quickly correct the clock on start if it's +# off by a large amount. The value '1.0' means that if the error is less +# than 1 second, it will be gradually removed by speeding up or slowing +# down your computer's clock until it is correct. If the error is above +# 1 second, an immediate time jump will be applied to correct it. The +# value '3' means the step is allowed only in the first three updates of +# the clock. Some software can get upset if the system clock jumps +# (especially backwards), so be careful! + +makestep 1.0 3 + +####################################################################### +### LEAP SECONDS +# A leap second is an occasional one-second correction of the UTC +# time scale. By default, chronyd tells the kernel to insert/delete +# the leap second, which makes a backward/forward step to correct the +# clock for it. As with the makestep directive, this jump can upset +# some applications. If you prefer chronyd to make a gradual +# correction, causing the clock to be off for a longer time, uncomment +# the following line. + +! leapsecmode slew + +####################################################################### +### LOGGING +# If you want to log information about the time measurements chronyd has +# gathered, you might want to enable the following lines. You probably +# only need this if you really enjoy looking at the logs, you want to +# produce some graphs of your system's timekeeping performance, or you +# need help in debugging a problem. + +! logdir /var/log/chrony +! log measurements statistics tracking + +# If you have real time clock support enabled (see below), you might want +# this line instead: + +! log measurements statistics tracking rtc + +####################################################################### +### ACTING AS AN NTP SERVER +# You might want the computer to be an NTP server for other computers. +# +# By default, chronyd does not allow any clients to access it. You need +# to explicitly enable access using 'allow' and 'deny' directives. +# +# e.g. to enable client access from the 192.168.*.* class B subnet, + +! allow 192.168/16 +allow 192.168.23/24 + +# .. but disallow the 192.168.100.* subnet of that, + +! deny 192.168.100/24 + +# You can have as many allow and deny directives as you need. The order +# is unimportant. + +# If you want to present your computer's time for others to synchronise +# with, even if you don't seem to be synchronised to any NTP servers +# yourself, enable the following line. The value 10 may be varied +# between 1 and 15. You should avoid small values because you will look +# like a real NTP server. The value 10 means that you appear to be 10 +# NTP 'hops' away from an authoritative source (atomic clock, GPS +# receiver, radio clock etc). + +! local stratum 10 + +# Normally, chronyd will keep track of how many times each client +# machine accesses it. The information can be accessed by the 'clients' +# command of chronyc. You can disable this facility by uncommenting the +# following line. This will save a bit of memory if you have many +# clients and it will also disable support for the interleaved mode. + +! noclientlog + +# The clientlog size is limited to 512KB by default. If you have many +# clients, you might want to increase the limit. + +! clientloglimit 4194304 + +# By default, chronyd tries to respond to all valid NTP requests from +# allowed addresses. If you want to limit the response rate for NTP +# clients that are sending requests too frequently, uncomment and edit +# the following line. + +! ratelimit interval 3 burst 8 + +####################################################################### +### REPORTING BIG CLOCK CHANGES +# Perhaps you want to know if chronyd suddenly detects any large error +# in your computer's clock. This might indicate a fault or a problem +# with the server(s) you are using, for example. +# +# The next option causes a message to be written to syslog when chronyd +# has to correct an error above 0.5 seconds (you can use any amount you +# like). + +! logchange 0.5 + +# The next option will send email to the named person when chronyd has +# to correct an error above 0.5 seconds. (If you need to send mail to +# several people, you need to set up a mailing list or sendmail alias +# for them and use the address of that.) + +! mailonchange wibble@foo.example.net 0.5 + +####################################################################### +### COMMAND ACCESS +# The program chronyc is used to show the current operation of chronyd +# and to change parts of its configuration whilst it is running. + +# By default chronyd binds to the loopback interface. Uncomment the +# following lines to allow receiving command packets from remote hosts. + +! bindcmdaddress 0.0.0.0 +! bindcmdaddress :: + +# Normally, chronyd will only allow connections from chronyc on the same +# machine as itself. This is for security. If you have a subnet +# 192.168.*.* and you want to be able to use chronyc from any machine on +# it, you could uncomment the following line. (Edit this to your own +# situation.) + +! cmdallow 192.168/16 + +# You can add as many 'cmdallow' and 'cmddeny' lines as you like. The +# syntax and meaning is the same as for 'allow' and 'deny', except that +# 'cmdallow' and 'cmddeny' control access to the chronyd's command port. + +# Rate limiting can be enabled also for command packets. (Note, +# commands from localhost are never limited.) + +! cmdratelimit interval -4 burst 16 + +####################################################################### +### HARDWARE TIMESTAMPING +# On Linux, if the network interface controller and its driver support +# hardware timestamping, it can significantly improve the accuracy of +# synchronisation. It can be enabled on specified interfaces only, or it +# can be enabled on all interfaces that support it. + +! hwtimestamp eth0 +! hwtimestamp * + +####################################################################### +### REAL TIME CLOCK +# chronyd can characterise the system's real-time clock. This is the +# clock that keeps running when the power is turned off, so that the +# machine knows the approximate time when it boots again. The error at +# a particular epoch and gain/loss rate can be written to a file and +# used later by chronyd when it is started with the '-s' option. +# +# You need to have 'enhanced RTC support' compiled into your Linux +# kernel. (Note, these options apply only to Linux.) + +! rtcfile /var/lib/chrony/rtc + +# Your RTC can be set to keep Universal Coordinated Time (UTC) or local +# time. (Local time means UTC +/- the effect of your timezone.) If you +# use UTC, chronyd will function correctly even if the computer is off +# at the epoch when you enter or leave summer time (aka daylight saving +# time). However, if you dual boot your system with Microsoft Windows, +# that will work better if your RTC maintains local time. You take your +# pick! + +! rtconutc + +# By default chronyd assumes that the enhanced RTC device is accessed as +# /dev/rtc. If it's accessed somewhere else on your system (e.g. you're +# using devfs), uncomment and edit the following line. + +! rtcdevice /dev/misc/rtc + +# Alternatively, if not using the -s option, this directive can be used +# to enable a mode in which the RTC is periodically set to the system +# time, with no tracking of its drift. + +rtcsync + +####################################################################### +### REAL TIME SCHEDULER +# This directive tells chronyd to use the real-time FIFO scheduler with the +# specified priority (which must be between 0 and 100). This should result +# in reduced latency. You don't need it unless you really have a requirement +# for extreme clock stability. Works only on Linux. Note that the "-P" +# command-line switch will override this. + +! sched_priority 1 + +####################################################################### +### LOCKING CHRONYD INTO RAM +# This directive tells chronyd to use the mlockall() syscall to lock itself +# into RAM so that it will never be paged out. This should result in reduced +# latency. You don't need it unless you really have a requirement +# for extreme clock stability. Works only on Linux. Note that the "-m" +# command-line switch will also enable this feature. + +! lock_all diff --git a/maschinenplatzpi/etc/iptables/iptables.rules b/maschinenplatzpi/etc/iptables/iptables.rules new file mode 100644 index 0000000..a0aff03 --- /dev/null +++ b/maschinenplatzpi/etc/iptables/iptables.rules @@ -0,0 +1,12 @@ +*filter +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +COMMIT +*nat +:PREROUTING ACCEPT [0:0] +:INPUT ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +:POSTROUTING ACCEPT [0:0] +-A POSTROUTING -o extern -j MASQUERADE +COMMIT diff --git a/maschinenplatzpi/etc/pam.d/cage b/maschinenplatzpi/etc/pam.d/cage new file mode 100644 index 0000000..4523a93 --- /dev/null +++ b/maschinenplatzpi/etc/pam.d/cage @@ -0,0 +1,4 @@ +auth required pam_unix.so nullok +account required pam_unix.so +session required pam_unix.so +session required pam_systemd.so diff --git a/maschinenplatzpi/etc/sysctl.d/60-router.conf b/maschinenplatzpi/etc/sysctl.d/60-router.conf new file mode 100644 index 0000000..f9e6d3e --- /dev/null +++ b/maschinenplatzpi/etc/sysctl.d/60-router.conf @@ -0,0 +1,2 @@ +# Enable ipv4 forward +net.ipv4.ip_forward=1 diff --git a/maschinenplatzpi/etc/systemd/network/00-extern.netdev b/maschinenplatzpi/etc/systemd/network/00-extern.netdev new file mode 100644 index 0000000..6fd8165 --- /dev/null +++ b/maschinenplatzpi/etc/systemd/network/00-extern.netdev @@ -0,0 +1,6 @@ +[NetDev] +Name=extern +Kind=vlan + +[VLAN] +Id=1 diff --git a/maschinenplatzpi/etc/systemd/network/00-intern.netdev b/maschinenplatzpi/etc/systemd/network/00-intern.netdev new file mode 100644 index 0000000..2fd5794 --- /dev/null +++ b/maschinenplatzpi/etc/systemd/network/00-intern.netdev @@ -0,0 +1,6 @@ +[NetDev] +Name=intern +Kind=vlan + +[VLAN] +Id=23 diff --git a/maschinenplatzpi/etc/systemd/network/10-eth0.network b/maschinenplatzpi/etc/systemd/network/10-eth0.network new file mode 100644 index 0000000..9b5b0f6 --- /dev/null +++ b/maschinenplatzpi/etc/systemd/network/10-eth0.network @@ -0,0 +1,8 @@ +[Match] +Name=eth0 +Type=ether + +[Network] +VLAN=extern +VLAN=intern +LinkLocalAddressing=no diff --git a/maschinenplatzpi/etc/systemd/network/20-extern.network b/maschinenplatzpi/etc/systemd/network/20-extern.network new file mode 100644 index 0000000..5260702 --- /dev/null +++ b/maschinenplatzpi/etc/systemd/network/20-extern.network @@ -0,0 +1,7 @@ +[Match] +Name=extern +Type=vlan + +[Network] +DHCP=yes +LinkLocalAddressing=no diff --git a/maschinenplatzpi/etc/systemd/network/20-intern.network b/maschinenplatzpi/etc/systemd/network/20-intern.network new file mode 100644 index 0000000..d37c53c --- /dev/null +++ b/maschinenplatzpi/etc/systemd/network/20-intern.network @@ -0,0 +1,16 @@ +[Match] +Name=intern +Type=vlan + +[Network] +DHCPServer=yes +LinkLocalAddressing=no + +[Address] +Address=192.168.23.1/24 + +[DHCPServer] +PoolOffset=32 +PoolSize=32 +EmitNTP=yes +NTP=192.168.23.1 diff --git a/maschinenplatzpi/etc/systemd/system/cage@.service b/maschinenplatzpi/etc/systemd/system/cage@.service new file mode 100644 index 0000000..27f7c4c --- /dev/null +++ b/maschinenplatzpi/etc/systemd/system/cage@.service @@ -0,0 +1,29 @@ +[Unit] +Description=Cage Wayland compositor on %I +After=systemd-user-sessions.service plymouth-quit-wait.service +Before=graphical.target +ConditionPathExists=/dev/tty0 +Wants=dbus.socket systemd-logind.service +After=dbus.socket systemd-logind.service +Conflicts=getty@%i.service +After=getty@%i.service + +[Service] +Type=simple +Environment="XKB_DEFAULT_OPTIONS=numpad:mac" +ExecStart=/usr/bin/cage /usr/bin/qiosk file:///home/pi/index.html +Restart=always +User=pi +UtmpIdentifier=%I +UtmpMode=user +TTYPath=/dev/%I +TTYReset=yes +TTYVHangup=yes +TTYVTDisallocate=yes +StandardInput=tty-fail +PAMName=cage + +[Install] +WantedBy=graphical.target +Alias=display-manager.service +DefaultInstance=tty7 diff --git a/maschinenplatzpi/etc/systemd/system/default.target b/maschinenplatzpi/etc/systemd/system/default.target new file mode 120000 index 0000000..cf9fa51 --- /dev/null +++ b/maschinenplatzpi/etc/systemd/system/default.target @@ -0,0 +1 @@ +/usr/lib/systemd/system/graphical.target \ No newline at end of file diff --git a/maschinenplatzpi/etc/systemd/system/graphical.target.wants/cage@tty1.service b/maschinenplatzpi/etc/systemd/system/graphical.target.wants/cage@tty1.service new file mode 120000 index 0000000..396bbad --- /dev/null +++ b/maschinenplatzpi/etc/systemd/system/graphical.target.wants/cage@tty1.service @@ -0,0 +1 @@ +/etc/systemd/system/cage@.service \ No newline at end of file diff --git a/maschinenplatzpi/etc/systemd/system/multi-user.target.wants/chronyd.service b/maschinenplatzpi/etc/systemd/system/multi-user.target.wants/chronyd.service new file mode 120000 index 0000000..c77d179 --- /dev/null +++ b/maschinenplatzpi/etc/systemd/system/multi-user.target.wants/chronyd.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/chronyd.service \ No newline at end of file diff --git a/maschinenplatzpi/home/pi/index.html b/maschinenplatzpi/home/pi/index.html new file mode 100644 index 0000000..a651574 --- /dev/null +++ b/maschinenplatzpi/home/pi/index.html @@ -0,0 +1 @@ +