BetterCorp/BetterFrame
1
0
Fork 0
mirror of https://github.com/BetterCorp/BetterFrame.git synced 2026-05-26 19:06:34 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10
BetterFrame/deploy/systemd/betterframe-kiosk.service
Mitchell R a1727547df
feat(harden): transparent cursor + full VT lockdown + auto-reboot + purge all setup wizards 
1. Transparent cursor theme: 1x1 pixel Xcursor for every shape, set as
   system default via XCURSOR_THEME=betterframe-empty. Nuclear fix for
   Pi 5 GPU ignoring XCURSOR_SIZE.

2. Full VT lockdown: mask ALL gettys (tty1-6 + templates), logind
   NAutoVTs=0 + ReserveVT=0, mask emergency/rescue targets. Ctrl+Alt+Fx
   reaches nothing. No login screen ever.

3. Auto-reboot: FailureAction=reboot-force + StartLimitAction=reboot-force
   on kiosk unit. If cage/app can't stay running → system reboots rather
   than showing a blank screen or login prompt.

4. Purge ALL Pi setup wizards: piwiz, userconf-pi, rpi-first-boot-wizard,
   initial-setup, pi-greeter, rpd-plym-splash. Nuke autostart files,
   mask systemd units. "Configure your Raspberry" never shows.
2026-05-22 21:38:42 +02:00

66 lines
2.8 KiB
Desktop File
Raw Blame History

[Unit]
Description=BetterFrame Kiosk (cage + betterframe-kiosk)
Documentation=https://github.com/BetterCorp/BetterFrame
After=systemd-user-sessions.service plymouth-quit-wait.service network-online.target seatd.service
Wants=network-online.target
Conflicts=getty@tty1.service
After=getty@tty1.service
# After 10 fast restarts in 60s, back off so a broken binary doesn't burn CPU.
StartLimitIntervalSec=60
StartLimitBurst=10
[Service]
Type=simple
User=bfkiosk
Group=bfkiosk
SupplementaryGroups=video render input audio
PAMName=cage
TTYPath=/dev/tty1
TTYReset=yes
TTYVHangup=yes
TTYVTDisallocate=yes
StandardInput=tty-fail
StandardOutput=journal
StandardError=journal
UtmpIdentifier=tty1
UtmpMode=user
WorkingDirectory=/home/bfkiosk
EnvironmentFile=-/etc/default/betterframe-kiosk
Environment=XDG_SESSION_TYPE=wayland
Environment=XDG_SESSION_CLASS=user
Environment=GST_DEBUG=1
# Cursor: cage/wlroots draws a sprite in the gap between compositor start
# and first kiosk frame. Collapse to 1px transparent + force software
# fallback so XCURSOR_SIZE actually applies (HW cursors ignore size on
# some GPUs, leaving a default white-arrow visible in the corner).
# Invisible cursor: transparent theme + 1px size + software fallback.
# Three layers because Pi 5 GPU ignores XCURSOR_SIZE for HW cursors.
Environment=XCURSOR_THEME=betterframe-empty
Environment=XCURSOR_SIZE=1
Environment=WLR_NO_HARDWARE_CURSORS=1
# Let the unprivileged kiosk process control the Pi fan PWM sysfs files.
ExecStartPre=+/bin/sh -c 'for d in /sys/class/hwmon/hwmon*; do [ -e "$d/pwm1" ] || continue; chgrp bfkiosk "$d/pwm1" "$d/pwm1_enable" 2>/dev/null || true; chmod g+w "$d/pwm1" "$d/pwm1_enable" 2>/dev/null || true; done'
ExecStartPre=+/usr/local/sbin/betterframe-firmware-rollback.sh
ExecStart=/usr/bin/cage -s -- /opt/betterframe/kiosk/betterframe-kiosk
Restart=always
RestartSec=2
# If cage/kiosk exits or crashes and systemd can't restart it after the
# burst limit (10 in 60s per [Unit]), force a full system reboot. This
# covers scenarios where the app isn't foreground (e.g. cage died, VT
# switched, GPU fault) — the kiosk should NEVER show anything other than
# our app. A reboot is less alarming than a login prompt or blank screen.
FailureAction=reboot-force
StartLimitAction=reboot-force
# WebKitGTK uses bubblewrap for its web-content sandbox. bwrap aborts with
# "Unexpected capabilities but not setuid" when launched from a process that
# still carries CAP_* bits. Strip caps + lock NoNewPrivileges so WebKit's
# sandbox can initialise cleanly. Without this WebKit cells crash on load.
CapabilityBoundingSet=
AmbientCapabilities=
NoNewPrivileges=yes
# Fallback if the above isn't enough on a given distro (disables WebKit sandbox):
#Environment=WEBKIT_DISABLE_SANDBOX_THIS_IS_DANGEROUS=1
[Install]
WantedBy=multi-user.target
Reference in a new issue View git blame Copy permalink