diff --git a/post_install.sh b/post_install.sh index 8c9659e..5b8c7fc 100644 --- a/post_install.sh +++ b/post_install.sh @@ -1,14 +1,30 @@ printf "[daemon]\nAutomaticLoginEnable=true\nAutomaticLogin=kiosk\n\n[security]\n\n[xdmcp]\n\n[chooser]\n\n[debug]\n" > /etc/gdm3/daemon.conf -mkdir -p /usr/lib/firefox-esr/distribution -tee /usr/lib/firefox-esr/distribution/policies.json > /dev/null <<'EOF' + + +# Firefox policy +# (I used to put this in /etc/firefox/policies/policies.json instead) +mkdir -p /usr/lib/firefox-esr/distribution +tee /usr/lib/firefox-esr/distribution/policies.json > /dev/null <<'EOF' { "policies": { + "AppAutoUpdate": true, + "BackgroundAppUpdate": true, + "BlockAboutAddons": true, + "BlockAboutConfig": true, + "BlockAboutProfiles": true, + "BlockAboutSupport": true, "DisableDeveloperTools": true, "BlockAboutAddons": true, "BlockAboutConfig": true, "BlockAboutProfiles": true, "BlockAboutSupport": true, + "DisableFeedbackCommands": true, "DisableFirefoxAccounts": true, + "DisableFirefoxScreenshots": true, + "DisableFirefoxStudies": true, + "DisableForgetButton": true, + "DisableFormHistory": true, + "DisablePocket": true, "DisablePrivateBrowsing": true, "DisableProfileImport": true, "DisableProfileRefresh": true, @@ -16,10 +32,33 @@ tee /usr/lib/firefox-esr/distribution/policies.json > /dev/null <<'EOF' "DisablePocket": true, "DisableFirefoxScreenshots": true, "DisableSetDesktopBackground": true, + "DisableTelemetry": true, + "DisplayBookmarksToolbar": "never", + "DisplayMenuBar": "never", + "EnableTrackingProtection": { + "Cryptomining": true, + "Fingerprinting": true, + "Value": true + }, + "ExtensionSettings": { + "*": { + "installation_mode": "allowed" + } + }, + "FirefoxHome": { + "Highlights": false, + "Pocket": false, + "Search": false, + "SponsoredPocket": false, + "SponsoredTopSites": false, + "TopSites": false + }, "Homepage": { + "StartPage": "homepage", "URL": "https://mahn.ke", "Locked": true }, + "ManualAppUpdateOnly": true, "NewTabPage": { "Enabled": false }, @@ -27,6 +66,21 @@ tee /usr/lib/firefox-esr/distribution/policies.json > /dev/null <<'EOF' "Path": "C:\\KioskDownloads", "Locked": true }, + "PictureInPicture": { + "Enabled": false + }, + "Preferences": { + "extensions.getAddons.showPane": { + "Status": "locked", + "Type": "boolean", + "Value": false + }, + "ui.key.menuAccessKeyFocuses": { + "Status": "locked", + "Type": "boolean", + "Value": false + } + }, "PromptForDownloadLocation": false, "StartDownloadsInTempDirectory": false, "DisableAppUpdate": true, @@ -36,27 +90,93 @@ tee /usr/lib/firefox-esr/distribution/policies.json > /dev/null <<'EOF' "Location": "deny", "Notifications": "deny" }, + "SanitizeOnShutdown": { + "Cache": true, + "Cookies": true, + "Downloads": true, + "FormData": true, + "History": true, + "OfflineApps": true, + "Sessions": true, + "SiteSettings": true + }, "ShowHomeButton": false, + "UserMessaging": { + "ExtensionRecommendations": false, + "FeatureRecommendations": false, + "MoreFromMozilla": false, + "SkipOnboarding": false, + "UrlbarInterventions": false, + "WhatsNew": false, + "FirefoxLabs": false, + "Locked": false + }, "DisplayMenuBar": false, "DisplayBookmarksToolbar": false, - "policies": { - "UserMessaging": { - "ExtensionRecommendations": false, - "FeatureRecommendations": false, - "UrlbarInterventions": false, - "SkipOnboarding": false, - "MoreFromMozilla": false, - "FirefoxLabs": false, - "Locked": false - } + "WebsiteFilter": { + "Block": [ + "" + ], + "Exceptions": [ + "*://*.c3nav.de/*", + "*://*.hvv.de/*", + "*://engel.events.ccc.de/*", + "*://*.chaos.social/*", + "*://*.events.ccc.de/*" + ] } } } EOF -chown -R kiosk:kiosk /home/kiosk/.config +# Bash autostart of sway tee /home/kiosk/.bash_profile > /dev/null <<'EOF' if [ -z "$WAYLAND_DISPLAY" ] && [ "$(tty)" = "/dev/tty1" ]; then - exec cage firefox --kiosk https://c3nav.de + exec sway fi -EOF \ No newline at end of file +EOF + +# Sway config +mkdir -p /home/kiosk/.config/sway/ +tee /home/kiosk/.config/sway/config > /dev/null <<'EOF' +input type:pointer { + events disabled +} + +input type:keyboard { + events disabled +} + +input type:touch { + events enabled +} + +input * xkb_layout de + +## This may not be needed if there is a systemd unit +# exec_always firefox --wayland --kiosk +EOF + + +# Systemd unit +mkdir -p /home/kiosk/.config/systemd/user/ +tee /home/kiosk/.config/systemd/user/firefox-kiosk.service > /dev/null <<'EOF' +service +[Unit] +Description=Firefox im Kiosk-Mode + +[Service] +Type=simple +TimeoutStartSec=0 +ExecStart=/usr/bin/firefox --kiosk +Environment=DISPLAY=:0 +Restart=always + +[Install] +WantedBy=default.target +EOF +mkdir -p /home/kiosk/.config/systemd/user/default.target.wants/ +ln -s /home/kiosk/.config/systemd/user/firefox-kiosk.service /home/kiosk/.config/systemd/user/default.target.wants/firefox-kiosk.service + + +chown -R kiosk:kiosk /home/kiosk/.config \ No newline at end of file diff --git a/preseed.cfg b/preseed.cfg index b934651..9845da0 100644 --- a/preseed.cfg +++ b/preseed.cfg @@ -53,7 +53,8 @@ d-i pkgsel/include string \ sudo \ cage \ firefox-esr \ - curl + curl \ + sway d-i pkgsel/exclude string gnome-software