Simplify approach

- OS installation, customized by nerab.raspi
- User service "kiosk" controls Chromium via
  [ChromeDP](https://github.com/chromedp/chromedp)

Author: suhlig

.envrc

@@ -0,0 +1,2 @@
+# use this when using a forked role
+export ANSIBLE_ROLES_PATH=~/workspace/ansible-roles:~/.ansible/roles

.gitignore

@@ -1,2 +1,2 @@
 *.retry
-wifi.yml
+kiosk

.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+  "go.inferGopath": false
+}

README.markdown

@@ -1,6 +1,23 @@
 # Kiosk
 
-Turns a Raspberry Pi into a simple browser kiosk
+Turns a Raspberry Pi into a simple browser kiosk. A Go program controls a full-screen Chromium browser.
+
+Configuring the Pi is described in the `nerab.raspi` role. Make sure the Pi auto-boots into the graphical environment without asking for login credentials (see `raspi-config`).
+
+# TODO
+
+- `unclutter -idle 0.5 -root &` if needed
+- [splash screen at boot](https://github.com/guysoft/FullPageOS/blob/master/src/modules/fullpageos/filesystem/root_init/etc/systemd/system/splashscreen.service)
+
+# Deployment
+
+## Build the `kiosk` binary
+
+For the Raspberry Pi 4, this is
+
+```command
+$ GOARM=7 GOARCH=arm GOOS=linux go build
+```
 
 ## Prerequisites on the Deployer's Workstation
 
@@ -18,34 +35,12 @@ Turns a Raspberry Pi into a simple browser kiosk
   $ ansible-galaxy install -r roles.yml
   ```
 
-* Update `hosts` with the IP address of the host(s) to deploy to. The deploy is more convenient if you can ssh into them without having to enter a password.
-
-## Prerequisites on the Raspi
-
-* Configure some generic settings using `sudo raspi-config`:
-  - Change password of user `pi`
-  - Set the hostname (`kiosk`)
-  - Enable SSH server
-  - Expand root filesystem
-* Connect via Ethernet
-* Copy the public SSH key to the pi with `ssh-copy-id pi@kiosk`.
+* Update `inventory.yml` with the host(s) to deploy to
 
 ## Deploy
 
 Run the playbook:
 
 ```bash
-$ ansible-playbook -i hosts site.yml
+$ ansible-playbook playbook.yml
 ```
-
-## WiFi
-
-If you want to configure the WiFi network, create a file `wifi.yml` with the following contents (adapt it to your WIFI settings):
-
-```yaml
-wlan_country: DE
-wlan_ssid: your-wlan-ssid
-wlan_password: your-wlan-password
-```
-
-If `wifi.yml` is not present, WiFi will not be configured.

ansible.cfg

@@ -0,0 +1,5 @@
+[defaults]
+inventory = inventory.yml
+deprecation_warnings = false
+stdout_callback = yaml
+bin_ansible_callbacks = true

go.mod

@@ -0,0 +1,16 @@
+module uhlig.it/kiosk
+
+go 1.19
+
+require github.com/chromedp/chromedp v0.8.4
+
+require (
+	github.com/chromedp/cdproto v0.0.0-20220812200530-d0d83820bffc // indirect
+	github.com/chromedp/sysutil v1.0.0 // indirect
+	github.com/gobwas/httphead v0.1.0 // indirect
+	github.com/gobwas/pool v0.2.1 // indirect
+	github.com/gobwas/ws v1.1.0 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
+	golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab // indirect
+)

go.sum

@@ -0,0 +1,21 @@
+github.com/chromedp/cdproto v0.0.0-20220812200530-d0d83820bffc h1:xGhCpiX5oNMoZGnzYvv1ne4muVRl2SDHH5fL7oUbZAY=
+github.com/chromedp/cdproto v0.0.0-20220812200530-d0d83820bffc/go.mod h1:5Y4sD/eXpwrChIuxhSr/G20n9CdbCmoerOHnuAf0Zr0=
+github.com/chromedp/chromedp v0.8.4 h1:50NSLCXC38kGsCmLCi8tXZ5V5FtQ3BOV/90u1O06Gq4=
+github.com/chromedp/chromedp v0.8.4/go.mod h1:ikuiJrEMoOnTPFUBu6jV0XZFOGW6W/Nhgk/OZyvh00o=
+github.com/chromedp/sysutil v1.0.0 h1:+ZxhTpfpZlmchB58ih/LBHX52ky7w2VhQVKQMucy3Ic=
+github.com/chromedp/sysutil v1.0.0/go.mod h1:kgWmDdq8fTzXYcKIBqIYvRRTnYb9aNS9moAV0xufSww=
+github.com/gobwas/httphead v0.1.0 h1:exrUm0f4YX0L7EBwZHuCF4GDp8aJfVeBrlLQrs6NqWU=
+github.com/gobwas/httphead v0.1.0/go.mod h1:O/RXo79gxV8G+RqlR/otEwx4Q36zl9rqC5u12GKvMCM=
+github.com/gobwas/pool v0.2.1 h1:xfeeEhW7pwmX8nuLVlqbzVc7udMDrwetjEv+TZIz1og=
+github.com/gobwas/pool v0.2.1/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
+github.com/gobwas/ws v1.1.0 h1:7RFti/xnNkMJnrK7D1yQ/iCIB5OrrY/54/H930kIbHA=
+github.com/gobwas/ws v1.1.0/go.mod h1:nzvNcVha5eUziGrbxFCo6qFIojQHjJV5cLYIbezhfL0=
+github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
+github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
+github.com/ledongthuc/pdf v0.0.0-20220302134840-0c2507a12d80 h1:6Yzfa6GP0rIo/kULo2bwGEkFvCePZ3qHDDTC3/J9Swo=
+github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
+github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+github.com/orisano/pixelmatch v0.0.0-20220722002657-fb0b55479cde h1:x0TT0RDC7UhAVbbWWBzr41ElhJx5tXPWkIHA2HWPRuw=
+golang.org/x/sys v0.0.0-20201207223542-d4d67f95c62d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab h1:2QkjZIsXupsJbJIdSjjUOgWK3aEtzyuh2mPt3l/CkeU=
+golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

group_vars/all/secrets.yml

@@ -0,0 +1,8 @@
+$ANSIBLE_VAULT;1.1;AES256
+62646361663036373266303863333733363039393735646531333630303465613435396130663932
+6161393832376366616435656339313933396136373063310a306339303764396138333832303164
+61663761333933616666626463653163373331653136346135383336393062323262613233353837
+3065616461633365650a323865633561623262343130663533323466636333303465366561353033
+34666636633962323963356139333237363430383435623634613639383234323839376535363564
+34313865313162303231663539663439653034383230336536663235363033393139666331373233
+633432383434386533343335373938663564

hosts

@@ -0,0 +1,3 @@
+all:
+  hosts:
+    kiosk.local:

inventory.yml

@@ -0,0 +1,100 @@
+// based on https://pkg.go.dev/github.com/chromedp/chromedp#example-ExecAllocator
+package main
+
+/*
+Disabling Chromium's password manager seems not possible in preferences, only by policy:
+
+cat /etc/chromium/policies/managed/no-password-management.json
+{
+	"AutofillAddressEnabled": false,
+	"AutofillCreditCardEnabled": false,
+	"PasswordManagerEnabled": false
+}
+
+old: "AutoFillEnabled": false,
+
+// from https://stackoverflow.com/a/55316111/3212907
+*/
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"os"
+	"os/signal"
+	"syscall"
+
+	"github.com/chromedp/chromedp"
+)
+
+func main() {
+	opts := append(chromedp.DefaultExecAllocatorOptions[:],
+		chromedp.Flag("headless", false),
+		chromedp.Flag("hide-scrollbars", true),
+		chromedp.Flag("enable-automation", false),
+		chromedp.Flag("start-fullscreen", true),
+		chromedp.Flag("kiosk", true),
+		chromedp.Flag("noerrdialogs", true),
+		chromedp.Flag("disable-session-crashed-bubble", true),
+		chromedp.Flag("simulate-outdated-no-au", "Tue, 31 Dec 2099 23:59:59 GMT"),
+		chromedp.Flag("disable-component-update", true),
+		chromedp.Flag("disable-translate", true),
+		chromedp.Flag("disable-infobars", true),
+		chromedp.Flag("disable-features", "Translate"),
+		chromedp.Flag("disk-cache-dir", "/dev/null"),
+	)
+
+	allocCtx, cancelAllocator := chromedp.NewExecAllocator(context.Background(), opts...)
+
+	// also set up a custom logger
+	taskCtx, cancelContext := chromedp.NewContext(allocCtx, chromedp.WithLogf(log.Printf))
+
+	user := os.Getenv("KIOSK_USER")
+
+	if user == "" {
+		fmt.Fprintln(os.Stderr, "Environment variable KIOSK_USER must not be empty")
+		os.Exit(1)
+	}
+
+	password := os.Getenv("KIOSK_PASSWORD")
+
+	if password == "" {
+		fmt.Fprintln(os.Stderr, "Environment variable KIOSK_PASSWORD must not be empty")
+		os.Exit(1)
+	}
+
+	actions := []chromedp.Action{
+		chromedp.Navigate(`https://grafana.uhlig.it/login`),
+		typeText(`//input[@name="user"]`, user),
+		typeText(`//input[@name="password"]`, password),
+		chromedp.Click(`//button[@type='submit']`, chromedp.NodeVisible),
+		chromedp.WaitVisible(`//a[@href='/profile']`),
+		chromedp.Navigate(`https://grafana.uhlig.it/d/yP_VJJmVz/power?refresh=30s&from=now-1h&to=now&kiosk`),
+	}
+
+	err := chromedp.Run(taskCtx, actions...)
+
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	var quit = make(chan struct{})
+
+	c := make(chan os.Signal)
+	signal.Notify(c, os.Interrupt, syscall.SIGTERM)
+	go func() {
+		<-c
+		cancelAllocator()
+		cancelContext()
+		close(quit)
+	}()
+
+	<-quit
+}
+
+func typeText(selector, value string) chromedp.Tasks {
+	return chromedp.Tasks{
+		chromedp.WaitVisible(selector),
+		chromedp.SendKeys(selector, value),
+	}
+}

main.go

@@ -0,0 +1,40 @@
+---
+- name: Kiosk
+  hosts: all
+
+  roles:
+    - role: nerab.raspi
+      become: true
+      tags: [ kiosk, nerab ]
+    - role: kiosk
+      become: true
+      tags: [ kiosk, software ]
+    - role: suhlig.simple_systemd_service
+      become: true
+      vars:
+        service_binary: kiosk
+        program:
+          name: kiosk
+          description: Display kiosk
+          runtime_user: "{{ ansible_user_id }}"
+          binary: "{{ service_binary }}"
+          environment:
+            - KIOSK_USER="{{ kiosk.user }}"
+            - KIOSK_PASSWORD="{{ kiosk.password }}"
+            - DISPLAY=:0.0
+      tags: [ kiosk, systemd, service ]
+    - role: geerlingguy.ntp
+      vars:
+        ntp_timezone: Europe/Berlin
+        ntp_manage_config: true
+        ntp_servers:
+          - ptbtime1.ptb.de iburst
+          - ptbtime2.ptb.de iburst
+          - ptbtime3.ptb.de iburst
+      become: true
+    - role: jnv.unattended-upgrades
+      vars:
+        unattended_origins_patterns:
+          - 'origin=Raspbian,codename=${distro_codename},label=Raspbian'
+        unattended_automatic_reboot_time: "05:46"
+      become: true

playbook.yml

@@ -0,0 +1,6 @@
+- src: nerab.raspi
+- src: geerlingguy.ntp
+- src: jnv.unattended-upgrades
+- name: suhlig.simple_systemd_service
+  src: https://github.com/uhlig-it/ansible-role-simple-systemd-service
+  version: master