Added to the firefox policy

Added a systemd service, as well as sway
2025-12-18 22:44:07 +01:00 · 2025-12-18 21:20:35 +01:00
2 changed files with 137 additions and 16 deletions
--- a/post_install.sh
+++ b/post_install.sh
@ -1,14 +1,30 @@
 printf "[daemon]\nAutomaticLoginEnable=true\nAutomaticLogin=kiosk\n\n[security]\n\n[xdmcp]\n\n[chooser]\n\n[debug]\n" > /etc/gdm3/daemon.conf
+
+
+# Firefox policy
+# (I used to put this in /etc/firefox/policies/policies.json instead)
 mkdir -p /usr/lib/firefox-esr/distribution 
 tee /usr/lib/firefox-esr/distribution/policies.json > /dev/null <<'EOF' 
 {
  "policies": {
+    "AppAutoUpdate": true,
+    "BackgroundAppUpdate": true,
+    "BlockAboutAddons": true,
+    "BlockAboutConfig": true,
+    "BlockAboutProfiles": true,
+    "BlockAboutSupport": true,
    "DisableDeveloperTools": true,
    "BlockAboutAddons": true,
    "BlockAboutConfig": true,
    "BlockAboutProfiles": true,
    "BlockAboutSupport": true,
+    "DisableFeedbackCommands": true,
    "DisableFirefoxAccounts": true,
+    "DisableFirefoxScreenshots": true,
+    "DisableFirefoxStudies": true,
+    "DisableForgetButton": true,
+    "DisableFormHistory": true,
+    "DisablePocket": true,
    "DisablePrivateBrowsing": true,
    "DisableProfileImport": true,
    "DisableProfileRefresh": true,
@ -16,10 +32,33 @@ tee /usr/lib/firefox-esr/distribution/policies.json > /dev/null <<'EOF'
    "DisablePocket": true,
    "DisableFirefoxScreenshots": true,
    "DisableSetDesktopBackground": true,
+    "DisableTelemetry": true,
+    "DisplayBookmarksToolbar": "never",
+    "DisplayMenuBar": "never",
+    "EnableTrackingProtection": {
+      "Cryptomining": true,
+      "Fingerprinting": true,
+      "Value": true
+    },
+    "ExtensionSettings": {
+      "*": {
+        "installation_mode": "allowed"
+      }
+    },
+    "FirefoxHome": {
+      "Highlights": false,
+      "Pocket": false,
+      "Search": false,
+      "SponsoredPocket": false,
+      "SponsoredTopSites": false,
+      "TopSites": false
+    },
    "Homepage": {
+      "StartPage": "homepage",
      "URL": "https://mahn.ke",
      "Locked": true
    },
+    "ManualAppUpdateOnly": true,
    "NewTabPage": {
      "Enabled": false
    },
@ -27,6 +66,21 @@ tee /usr/lib/firefox-esr/distribution/policies.json > /dev/null <<'EOF'
      "Path": "C:\\KioskDownloads",
      "Locked": true
    },
+    "PictureInPicture": {
+      "Enabled": false
+    },
+    "Preferences": {
+      "extensions.getAddons.showPane": {
+        "Status": "locked",
+        "Type": "boolean",
+        "Value": false
+      },
+      "ui.key.menuAccessKeyFocuses": {
+        "Status": "locked",
+        "Type": "boolean",
+        "Value": false
+      }
+    },
    "PromptForDownloadLocation": false,
    "StartDownloadsInTempDirectory": false,
    "DisableAppUpdate": true,
@ -36,27 +90,93 @@ tee /usr/lib/firefox-esr/distribution/policies.json > /dev/null <<'EOF'
      "Location": "deny",
      "Notifications": "deny"
    },
+    "SanitizeOnShutdown": {
+      "Cache": true,
+      "Cookies": true,
+      "Downloads": true,
+      "FormData": true,
+      "History": true,
+      "OfflineApps": true,
+      "Sessions": true,
+      "SiteSettings": true
+    },
    "ShowHomeButton": false,
+    "UserMessaging": {
+      "ExtensionRecommendations": false,
+      "FeatureRecommendations": false,
+      "MoreFromMozilla": false,
+      "SkipOnboarding": false,
+      "UrlbarInterventions": false,
+      "WhatsNew": false,
+      "FirefoxLabs": false,
+      "Locked": false
+    },
    "DisplayMenuBar": false,
    "DisplayBookmarksToolbar": false,
-    "policies": {
-        "UserMessaging": {
-            "ExtensionRecommendations": false,
-            "FeatureRecommendations": false,
-            "UrlbarInterventions": false,
-            "SkipOnboarding": false,
-            "MoreFromMozilla": false,
-            "FirefoxLabs": false,
-            "Locked": false
-        }
+    "WebsiteFilter": {
+      "Block": [
+        "<all_urls>"
+      ],
+      "Exceptions": [
+        "*://*.c3nav.de/*",
+        "*://*.hvv.de/*",
+        "*://engel.events.ccc.de/*",
+        "*://*.chaos.social/*",
+        "*://*.events.ccc.de/*"
+      ]
    }
  }
 }
 EOF
-chown -R kiosk:kiosk /home/kiosk/.config

+# Bash autostart of sway
 tee /home/kiosk/.bash_profile > /dev/null <<'EOF'
 if [ -z "$WAYLAND_DISPLAY" ] && [ "$(tty)" = "/dev/tty1" ]; then
-    exec cage firefox --kiosk https://c3nav.de
+    exec sway 
 fi
 EOF
+
+# Sway config
+mkdir -p /home/kiosk/.config/sway/
+tee /home/kiosk/.config/sway/config > /dev/null <<'EOF'
+input type:pointer {
+    events disabled
+}
+
+input type:keyboard {
+    events disabled
+}
+
+input type:touch {
+    events enabled
+}
+
+input * xkb_layout de
+
+## This may not be needed if there is a systemd unit
+# exec_always firefox --wayland --kiosk
+EOF
+
+
+# Systemd unit
+mkdir -p /home/kiosk/.config/systemd/user/
+tee /home/kiosk/.config/systemd/user/firefox-kiosk.service > /dev/null <<'EOF'
+service
+[Unit]
+Description=Firefox im Kiosk-Mode
+
+[Service]
+Type=simple
+TimeoutStartSec=0
+ExecStart=/usr/bin/firefox --kiosk
+Environment=DISPLAY=:0
+Restart=always
+
+[Install]
+WantedBy=default.target
+EOF
+mkdir -p /home/kiosk/.config/systemd/user/default.target.wants/
+ln -s /home/kiosk/.config/systemd/user/firefox-kiosk.service /home/kiosk/.config/systemd/user/default.target.wants/firefox-kiosk.service
+
+
+chown -R kiosk:kiosk /home/kiosk/.config
--- a/preseed.cfg
+++ b/preseed.cfg
@ -53,7 +53,8 @@ d-i pkgsel/include string \
    sudo \
    cage \
    firefox-esr \
-    curl
+    curl \
+    sway 

 d-i pkgsel/exclude string gnome-software
Author	SHA1	Message	Date
n0th1ng	fff52cfcee	Added to the firefox policy	2025-12-18 22:44:07 +01:00
n0th1ng	46a73dfb9e	Added a systemd service, as well as sway	2025-12-18 21:20:35 +01:00