From 157bd398137603148d3a30fac749fc15bf2cb9b8 Mon Sep 17 00:00:00 2001
From: Vincent Mahnke <vincent@mahn.ke>
Date: Thu, 18 Dec 2025 10:34:46 +0100
Subject: [PATCH] chore: Initial commit

---
 post_install.sh | 74 +++++++++++++++++++++++++++++++++++++++++++++++++
 preseed.cfg     | 66 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 140 insertions(+)
 create mode 100644 post_install.sh
 create mode 100644 preseed.cfg

diff --git a/post_install.sh b/post_install.sh
new file mode 100644
index 0000000..4ff2943
--- /dev/null
+++ b/post_install.sh
@@ -0,0 +1,74 @@
+printf "[daemon]\nAutomaticLoginEnable=true\nAutomaticLogin=kiosk\n\n[security]\n\n[xdmcp]\n\n[chooser]\n\n[debug]\n" > /etc/gdm3/daemon.conf
+mkdir -p /usr/lib/firefox-esr/distribution
+tee /usr/lib/firefox-esr/distribution/policies.json > /dev/null <<'EOF'
+{
+  "policies": {
+    "DisableDeveloperTools": true,
+    "BlockAboutAddons": true,
+    "BlockAboutConfig": true,
+    "BlockAboutProfiles": true,
+    "BlockAboutSupport": true,
+    "DisableFirefoxAccounts": true,
+    "DisablePrivateBrowsing": true,
+    "DisableProfileImport": true,
+    "DisableProfileRefresh": true,
+    "DisableSafeMode": true,
+    "DisablePocket": true,
+    "DisableFirefoxScreenshots": true,
+    "DisableSetDesktopBackground": true,
+    "Homepage": {
+      "URL": "https://mahn.ke",
+      "Locked": true
+    },
+    "NewTabPage": {
+      "Enabled": false
+    },
+    "DownloadDirectory": {
+      "Path": "C:\\KioskDownloads",
+      "Locked": true
+    },
+    "PromptForDownloadLocation": false,
+    "StartDownloadsInTempDirectory": false,
+    "DisableAppUpdate": true,
+    "Permissions": {
+      "Camera": "deny",
+      "Microphone": "deny",
+      "Location": "deny",
+      "Notifications": "deny"
+    },
+    "ShowHomeButton": false,
+    "DisplayMenuBar": false,
+    "DisplayBookmarksToolbar": false,
+    "policies": {
+        "UserMessaging": {
+            "ExtensionRecommendations": false,
+            "FeatureRecommendations": false,
+            "UrlbarInterventions": false,
+            "SkipOnboarding": false,
+            "MoreFromMozilla": false,
+            "FirefoxLabs": false,
+            "Locked": false
+        }
+    }
+  }
+}
+EOF
+chown -R kiosk:kiosk /home/kiosk/.config
+tee /etc/systemd/system/firefox-kiosk.service > /dev/null <<'EOF'
+[Unit]
+Description=Firefox Kiosk
+After=graphical.target
+Wants=graphical.target
+
+[Service]
+User=kiosk
+Type=simple
+ExecStart=/usr/bin/firefox --kiosk https://mahn.ke
+Restart=always
+RestartSec=5
+Environment=DISPLAY=:0
+
+[Install]
+WantedBy=graphical.target
+EOF
+systemctl enable firefox-kiosk.service
\ No newline at end of file
diff --git a/preseed.cfg b/preseed.cfg
new file mode 100644
index 0000000..4d2ba36
--- /dev/null
+++ b/preseed.cfg
@@ -0,0 +1,66 @@
+#_preseed_V1
+d-i localechooser/language string en
+d-i localechooser/language-name string English
+d-i localechooser/supported-locales multiselect en_US.UTF-8
+
+d-i debian-installer/language string en
+d-i debian-installer/country string US
+d-i debian-installer/locale string en_US.UTF-8
+d-i keyboard-configuration/xkb-keymap select en
+
+d-i debian-installer/locale string en_US.UTF-8
+d-i console-setup/ask_detect boolean false
+d-i keyboard-configuration/layoutcode string us
+d-i time/zone string UTC
+
+d-i netcfg/choose_interface select auto
+d-i netcfg/get_hostname string kiosk
+d-i netcfg/get_domain string local
+
+d-i mirror/country string manual
+d-i mirror/http/hostname string deb.debian.org
+d-i mirror/http/directory string /debian
+d-i mirror/http/proxy string
+
+d-i passwd/root-login boolean false
+d-i passwd/user-fullname string Kiosk User
+d-i passwd/username string kiosk
+d-i passwd/user-password password kiosk
+d-i passwd/user-password-again password kiosk
+d-i user-setup/allow-password-weak boolean true
+
+d-i clock-setup/utc boolean true
+d-i clock-setup/ntp boolean true
+
+d-i partman-auto/disk string /dev/sda
+d-i partman-auto/method string regular
+d-i partman-auto/choose_recipe select atomic
+d-i partman/confirm_write_new_label boolean true
+d-i partman/choose_partition select finish
+d-i partman/confirm boolean true
+d-i partman/confirm_nooverwrite boolean true
+
+d-i apt-setup/use_mirror boolean true
+d-i apt-setup/cdrom/set-first boolean false
+d-i apt-setup/cdrom/set-next boolean false
+d-i apt-setup/cdrom/set-failed boolean false
+d-i apt-setup/disable-cdrom-entries boolean true
+
+tasksel tasksel/first multiselect standard, ssh-server
+d-i pkgsel/include string \
+    xorg \
+    openbox \
+    chromium \
+    sudo \
+    curl
+
+d-i pkgsel/exclude string gnome-software
+
+d-i grub-installer/only_debian boolean true
+d-i grub-installer/bootdev string default
+
+d-i finish-install/reboot_in_progress note
+d-i preseed/late_command string \
+    in-target curl -o /tmp/post_install.sh https://git.hamburg.ccc.de/ViMaSter/preseed/raw/branch/main/post_install.sh; \
+    in-target chmod +x /tmp/post_install.sh; \
+    in-target /tmp/post_install.sh