Merge pull request 'debian10' (#2) from debian10 into master

Reviewed-on: Lebenshilfe/thinclient#2

README.md

@@ -2,17 +2,26 @@
 
 Repo fuer Raspi Image bzw. andere Thinclients
 
+## FAQ
+Wenn der X11/Xorg Server nicht startet, mal in hosts/hostname ob der korrekt Name server angegeben ist.
+
 ## ToDo
 - boot Scripte / config xinitrc fuer Raspi
 - Script fuer hostname / hosts - fuer eindeutigen Rechnernamen
 - kleine Ankeitung fuer ReadOnly unter Raspi
 - Installation von lighttpd + fastcgi / php fuer lokale Loginseite
 - Settings fuer Chrome 
-- VNC Server mit passendem Passwort installieren
+- ~~VNC Server mit passendem Passwort installieren~~ -> Einrichtung muss noch getestet werden!
+- alternative mit XRDP? Mal durch testen? (xrdp/x11rdp)
+ - Vorteil: performanter, nicht soviel Bandbreite, kann ggf. auch VNC sich verbinden
 - ansibel Scripte fuer Rollout
 - Netzwerkboot fuer Raspis inkl. Anleitung
 - Druckerunterstützung inklusive DokumentenBox
-- LDAP Authentifizierug (?) <- mach das Sinn? Müsste ggf. Serverseitig gelöst werden
+- ~~LDAP Authentifizierug (?) <- mach das Sinn? Müsste ggf. Serverseitig gelöst werden~~ Wird bei der Variante mit Chrome nicht benoetigt.
+- CUPS mit einrichten und vorbereiten, das der die Drucker im Netzwerkfindet und anbietet?
 
 ## Links 
 - chrome://chrome-urls/ 
+- https://debian-handbook.info/browse/de-DE/stable/sect.automated-installation.html
+- https://www.elektronik-kompendium.de/sites/raspberry-pi/2011121.htm
+- https://wiki.ubuntuusers.de/laptop-mode-tools/ 

README.x86.md

@@ -0,0 +1,65 @@
+
+## Debian als ThinClient für x86
+- Partitionslayout funktioniert auf UEFI und Legacy - auf drei Konsumer-HP's getestet mit AMDE3 und Intel
+ - optional sollte ein kleiner WLAN USB Stick vorgehalten werden, der von Debian/Linux nativ unterstuetzt wird.
+- einen Benutzer mit Namen thinnote anlegen. Kann auch ggf. ein andere Benutzer sein. Dann muss aber xinitrc und rc.local  angepasst werden. 
+
+### Partitionslayout
+
+Part|Size|Type|FSType|Optional
+---|---|---|----|---
+1|1GB|boot|ext4|Bootflag fuar x86 legacy setzen
+2|1GB|EFS|vfat|Wenn EFI Boot
+3|8GB|root|ext4|
+
+### Pakete Liste Debian 10
+
+```bash
+apt install acl adduser adwaita-icon-theme alsa-utils apt apt-listchanges apt-transport-https apt-utils aptitude aptitude-common at-spi2-core avahi-daemon base-files base-passwd bash bash-completion bind9-host binutils bluez bluez-firmware bridge-utils bsd-mailx bsdmainutils bsdutils build-essential busybox bzip2 ca-certificates cabextract chromium chromium-l10n  console-setup console-setup-linux coreutils cpio crda cron curl dash dbus dc dconf-gsettings-backend dconf-service debconf debconf-i18n debconf-utils debianutils debsums device-tree-compiler dhcpcd5 diffutils dirmngr distro-info-data dmidecode dosfstools dpkg dpkg-dev e2fsprogs ed fbset file findutils firmware-atheros firmware-brcm80211 firmware-realtek fonts-dejavu-core gconf2-common gdb gdbserver gettext-base gnome-icon-theme gnupg gnupg-agent gnupg-l10n gpgv grep groff-base gsettings-desktop-schemas gtk-update-icon-cache gzip hardlink hicolor-icon-theme hostname ifupdown info init init-system-helpers initramfs-tools initramfs-tools-core initscripts insserv install-info iproute2 iptables iputils-ping isc-dhcp-client isc-dhcp-common iso-codes iw joe kbd keyboard-configuration keyutils kmod less linux-base locales login logrotate lsb-base lsb-release lsof lua5.1 luajit make makedev man-db manpages manpages-dev matchbox matchbox-common matchbox-desktop matchbox-keyboard matchbox-keyboard-im matchbox-panel matchbox-panel-manager matchbox-window-manager mawk mc mc-data mime-support mount multiarch-support nano ncdu ncurses-base ncurses-bin ncurses-term net-tools netbase netcat-openbsd netcat-traditional nfs-common ntp openresolv openssh-client openssh-server openssh-sftp-server openssl parted passwd patch perl perl-base perl-modules perl-openssl-defaults pinentry-curses plymouth procps psmisc publicsuffix python python-minimal python2.7 python2.7-minimal python3 python3-minimal python3.5 python3.5-minimal rename rfkill rpcbind samba-common sed sensible-utils sgml-base shared-mime-info sqlite3 startpar strace sudo systemd systemd-sysv sysv-rc sysvinit-utils tar tasksel tasksel-data tcpd traceroute tree triggerhappy ttf-mscorefonts-installer tzdata ucf udev unzip usb-modeswitch usb-modeswitch-data usbutils util-linux v4l-utils vim-common vim-tiny wget whiptail wireless-regdb wireless-tools wpasupplicant x11-common x11-utils x11-xkb-utils x11-xserver-utils xauth xdg-user-dirs xdg-utils xfonts-base xfonts-encodings xfonts-utils xinit xkb-data xml-core xserver-common xserver-xorg xserver-xorg-core xserver-xorg-input-all xserver-xorg-input-wacom xserver-xorg-legacy xserver-xorg-video-fbdev  xwit xxd xz-utils busybox-syslogd xserver-xorg-video-intel xserver-xorg-input-synaptics xserver-xorg-video-vesa grub-splashimages
+```
+
+```bash
+apt install $(apt-cache search ^firmware | grep -v microbit | cut -f 1 -d " ")
+```
+### rc.local unter Debian
+
+```bash
+cp etc/systemd/system/rc-local.service /etc/systemd/system/rc-local.service
+cp etc/rc.local /etc/rc.local
+sudo chmod +x /etc/rc.local
+sudo systemctl enable rc-local
+sudo update-grub
+sudo usermod -aG tty thinnote
+sudo usermod -aG video thinnote
+sudo rm /etc/chromium/master_preferences
+sudo apt install laptop-mode-tools #Tools für Akkumanagment am Laptop https://wiki.ubuntuusers.de/laptop-mode-tools/
+```
+
+### VNC fuer die Fernwartung
+```
+sudo apt install x11vnc
+sudo x11vnc -storepasswd /etc/x11vnc.pass  #Password fuer x11vnc setzen
+sudo cat << EOF > /etc/systemd/system/x11vnc.service
+[Unit]
+Description=Start X11VNC
+After=multi-user.target
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/x11vnc -display :0 -forever -localhost -loop -noxdamage -repeat -rfbauth /etc/x11vnc.pass -rfbport 5900 -shared
+
+[Install]
+WantedBy=multi-user.target
+EOF
+sudo systemctl enable x11vnc.service
+
+#für RDP kann noch xrdp nach installiert und eingerichtet werden.
+#VNC ist aktuell nur über 127.0.0.1 erreichbar
+
+sudo apt install xrdp 
+sudo systemctl enable xrdp
+
+#dann die xrdp.ini entsprechend anpassen -> einfach unter /etc/xrdp/xrdp.ini schauen
+
+sudo systemctl restart xrdp
+```

boot/client-cfg/xinitrc

@@ -3,21 +3,34 @@
 while true; do
 
 	# Clean up previously running apps, gracefully at first then harshly
-	killall -TERM chromium 2>/dev/null;
+	which chromium /dev/null && killall -TERM chromium 2>/dev/null;
+	which chromium-browser /dev/null && killall -TERM chromium-browser 2>/dev/null;
 	killall -TERM matchbox-window-manager 2>/dev/null;
 	sleep 2;
-	killall -9 chromium 2>/dev/null;
+	which chromium > /dev/null && killall -9 chromium 2>/dev/null;
+	which chromium-browser > /dev/null && killall -9 chromium-browser 2>/dev/null;
 	killall -9 matchbox-window-manager 2>/dev/null;
 
 	# Clean out existing profile information
-	rm -rf /home/pi/.cache;
+	if [ -d /home/pi ]; then
-	rm -rf /home/pi/.config;
+		rm -rf /home/pi/.cache;
-	rm -rf /home/pi/.pki;
+		rm -rf /home/pi/.config;
+		rm -rf /home/pi/.pki;
+	else
+		rm -rf /home/thinnote/.cache;
+		rm -rf /home/thinnote/.config;
+		rm -rf /home/thinnote/.pki;
+	fi
+
 
 	# Generate the bare minimum to keep Chromium happy!
-	mkdir -p /home/pi/.config/chromium/Default
+	if [ -d /home/pi ]; then
-	sqlite3 /home/pi/.config/chromium/Default/Web\ Data "CREATE TABLE meta(key LONGVARCHAR NOT NULL UNIQUE PRIMARY KEY, value LONGVARCHAR); INSERT INTO meta VALUES('version','46'); CREATE TABLE keywords (foo INTEGER);";
+		mkdir -p /home/pi/.config/chromium/Default
-
+		sqlite3 /home/pi/.config/chromium/Default/Web\ Data "CREATE TABLE meta(key LONGVARCHAR NOT NULL UNIQUE PRIMARY KEY, value LONGVARCHAR); INSERT INTO meta VALUES('version','46'); CREATE TABLE keywords (foo INTEGER);";
+	else
+		mkdir -p /home/thinnote/.config/chromium/Default
+		sqlite3 /home/thinnote/.config/chromium/Default/Web\ Data "CREATE TABLE meta(key LONGVARCHAR NOT NULL UNIQUE PRIMARY KEY, value LONGVARCHAR); INSERT INTO meta VALUES('version','46'); CREATE TABLE keywords (foo INTEGER);";
+	fi
 	# Disable DPMS / Screen blanking
 	xset -dpms
 	xset s off
@@ -35,6 +48,7 @@ while true; do
 
 	# Start the browser (See http://peter.sh/experiments/chromium-command-line-switches/)
 
-	chromium-browser  --app="https://wiki.lebenshilfe-bbg.de/wiki/doku.php?id=hidden:portal"
+	which chromium-browser > /dev/null && chromium-browser  --app="https://wiki.lebenshilfe-bbg.de/wiki/doku.php?id=hidden:portal"
+	which chromium > /dev/null && chromium  --app="https://wiki.lebenshilfe-bbg.de/wiki/doku.php?id=hidden:portal"
 
-done;
+done;

etc/X11/Xwrapper.config

@@ -0,0 +1,16 @@
+# Xwrapper.config (Debian X Window System server wrapper configuration file)
+#
+# This file was generated by the post-installation script of the
+# xserver-xorg-legacy package using values from the debconf database.
+#
+# See the Xwrapper.config(5) manual page for more information.
+#
+# This file is automatically updated on upgrades of the xserver-xorg-legacy
+# package *only* if it has not been modified since the last upgrade of that
+# package.
+#
+# If you have edited this file but would like it to be automatically updated
+# again, run the following command as root:
+#   dpkg-reconfigure xserver-xorg-legacy
+allowed_users=anybody
+needs_root_rights=yes

etc/apt/source.list

@@ -0,0 +1,22 @@
+/etc/apt/sources.list
+# 
+
+# deb cdrom:[Debian GNU/Linux 10.10.0 _Buster_ - Official amd64 NETINST 20210619-16:11]/ buster main contrib non-free
+
+#deb cdrom:[Debian GNU/Linux 10.10.0 _Buster_ - Official amd64 NETINST 20210619-16:11]/ buster main contrib non-free
+
+deb http://deb.debian.org/debian/ buster main contrib non-free
+deb-src http://deb.debian.org/debian/ buster main contrib non-free
+
+deb http://security.debian.org/debian-security buster/updates main contrib non-free
+deb-src http://security.debian.org/debian-security buster/updates main contrib non-free
+
+# buster-updates, previously known as 'volatile'
+deb http://deb.debian.org/debian/ buster-updates main contrib non-free
+deb-src http://deb.debian.org/debian/ buster-updates main contrib non-free
+
+# This system was installed using small removable media
+# (e.g. netinst, live or single CD). The matching "deb cdrom"
+# entries were disabled at the end of the installation process.
+# For information about how to configure apt package sources,
+# see the sources.list(5) manual.

etc/default/grub

@@ -0,0 +1,32 @@
+i# If you change this file, run 'update-grub' afterwards to update
+# /boot/grub/grub.cfg.
+# For full documentation of the options in this file, see:
+#   info -f grub -n 'Simple configuration'
+
+GRUB_DEFAULT=0
+GRUB_TIMEOUT=1
+GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
+GRUB_CMDLINE_LINUX_DEFAULT="net.ifnames=0 quiet splash acpi_osi="
+GRUB_CMDLINE_LINUX=""
+
+# Uncomment to enable BadRAM filtering, modify to suit your needs
+# This works with Linux (no patch required) and with any kernel that obtains
+# the memory map information from GRUB (GNU Mach, kernel of FreeBSD ...)
+#GRUB_BADRAM="0x01234567,0xfefefefe,0x89abcdef,0xefefefef"
+
+# Uncomment to disable graphical terminal (grub-pc only)
+#GRUB_TERMINAL=console
+
+# The resolution used on graphical terminal
+# note that you can use only modes which your graphic card supports via VBE
+# you can see them in real GRUB with the command `vbeinfo'
+#GRUB_GFXMODE=640x480
+
+# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux
+#GRUB_DISABLE_LINUX_UUID=true
+
+# Uncomment to disable generation of recovery mode menu entries
+#GRUB_DISABLE_RECOVERY="true"
+
+# Uncomment to get a beep at grub start
+#GRUB_INIT_TUNE="480 440 1"

etc/network/interfaces.d/wlan0

@@ -0,0 +1,3 @@
+allow-hotplug wlan0
+iface wlan0 inet dhcp
+	wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

etc/rc.local

@@ -11,6 +11,8 @@
 #
 # By default this script does nothing.
 
+which chromium-browser > /dev/null && [ -d /etc/chromium ] && mv /etc/chromium/ /etc/chromium-browser
+
 sleep 10
 
 
@@ -26,7 +28,14 @@ fi
 #fi
 
 #Hostname wird anhand des WLAN0 erstell / kann auch entsprechend auf anderes Geraet umgestellt werden
-echo rpi$(cat /sys/class/net/wlan0/address | sed '/://g') > /tmp/hostname && hostname --file /tmp/hostname
+#ip a s wlan1 2&>1 /dev/null || 
+#Check einbauen der aktive Verbindung prüft
+if [ -d /home/pi ]; then
+	echo pi$(cat /sys/class/net/wlan0/address | sed '/://g') > /tmp/hostname && hostname --file /tmp/hostname
+else
+	echo thin$(cat /sys/class/net/wlan0/address | sed '/://g') > /tmp/hostname && hostname --file /tmp/hostname
+fi
+
 #Fuer eth0, wenn kein WLAN vorhanden ist. Kann dann auskommentiert werden. 
 #echo rpi$(cat /sys/class/net/eth0/address | sed '/://g') > /tmp/hostname && hostname --file /tmp/hostname
 
@@ -34,8 +43,13 @@ echo rpi$(cat /sys/class/net/wlan0/address | sed '/://g') > /tmp/hostname && hos
 
 # start X environment
 if [ -f /boot/client-cfg/xinitrc ]; then
-	ln -fs /boot/client-cfg/xinitrc /home/pi/.xinitrc;
+	if [ -d /home/pi ]; then
-	su -l pi -s /bin/bash -c 'startx' &
+		ln -fs /boot/client-cfg/xinitrc /home/pi/.xinitrc;
+		su -l pi -s /bin/bash -c 'startx -- vt1' &
+	else
+		ln -fs /boot/client-cfg/xinitrc /home/thinnote/.xinitrc;
+		su -l thinnote -s /bin/bash -c 'startx -- vt1' &
+	fi
 fi
 
 exit 0

etc/systemd/system/rc-local.service

@@ -0,0 +1,15 @@
+# /etc/systemd/system/rc-local.service
+[Unit]
+ Description=/etc/rc.local Compatibility
+ ConditionPathExists=/etc/rc.local
+
+[Service]
+ Type=forking
+ ExecStart=/etc/rc.local start
+ TimeoutSec=0
+ StandardOutput=tty
+ RemainAfterExit=yes
+ SysVStartPriority=99
+
+[Install]
+ WantedBy=multi-user.target

etc/systemd/system/x11vnc.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=Start X11VNC
+After=multi-user.target
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/x11vnc -xkb -noxrecord -noxfixes -noxdamage -display :0 -localhost -forever -loop -repeat -rfbauth /etc/x11vnc.pass -rfbport 5900 -noipv6 -shared
+ExecStop=/usr/bin/killall x11vnc
+Restart=on-failure
+Restart-sec=2
+
+[Install]
+WantedBy=multi-user.target

etc/wpa_supplicant/wpa_supplicant.conf

@@ -0,0 +1,9 @@
+#ctrl_interface=/run/wpa_supplicant 
+#update_config=1
+
+network={
+        ssid="SSID"
+	#key_mgmt=NONE #verwenden, wenn ein offnes WLAN genutzt werden soll. Dann psk auskommentieren.
+	psk="WPA-KEY"
+	scan_ssid=1
+}

etc/xrdp/xrdp.ini

@@ -0,0 +1,201 @@
+[Globals]
+; xrdp.ini file version number
+ini_version=1
+
+; fork a new process for each incoming connection
+fork=true
+; tcp port to listen
+port=3389
+; 'port' above should be connected to with vsock instead of tcp
+use_vsock=false
+; regulate if the listening socket use socket option tcp_nodelay
+; no buffering will be performed in the TCP stack
+tcp_nodelay=true
+; regulate if the listening socket use socket option keepalive
+; if the network connection disappear without close messages the connection will be closed
+tcp_keepalive=true
+#tcp_send_buffer_bytes=32768
+#tcp_recv_buffer_bytes=32768
+
+; security layer can be 'tls', 'rdp' or 'negotiate'
+; for client compatible layer
+security_layer=negotiate
+; minimum security level allowed for client
+; can be 'none', 'low', 'medium', 'high', 'fips'
+crypt_level=high
+; X.509 certificate and private key
+; openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365
+certificate=
+key_file=
+; set SSL protocols
+; can be comma separated list of 'SSLv3', 'TLSv1', 'TLSv1.1', 'TLSv1.2', 'TLSv1.3'
+ssl_protocols=TLSv1.2, TLSv1.3
+; set TLS cipher suites
+#tls_ciphers=HIGH
+
+; Section name to use for automatic login if the client sends username
+; and password. If empty, the domain name sent by the client is used.
+; If empty and no domain name is given, the first suitable section in
+; this file will be used.
+autorun=
+
+allow_channels=true
+allow_multimon=true
+bitmap_cache=true
+bitmap_compression=true
+bulk_compression=true
+#hidelogwindow=true
+max_bpp=32
+new_cursors=true
+; fastpath - can be 'input', 'output', 'both', 'none'
+use_fastpath=both
+; when true, userid/password *must* be passed on cmd line
+#require_credentials=true
+; You can set the PAM error text in a gateway setup (MAX 256 chars)
+#pamerrortxt=change your password according to policy at http://url
+
+;
+; colors used by windows in RGB format
+;
+blue=009cb5
+grey=dedede
+#black=000000
+#dark_grey=808080
+#blue=08246b
+#dark_blue=08246b
+#white=ffffff
+#red=ff0000
+#green=00ff00
+#background=626c72
+
+;
+; configure login screen
+;
+
+; Login Screen Window Title
+#ls_title=My Login Title
+
+; top level window background color in RGB format
+ls_top_window_bg_color=009cb5
+
+; width and height of login screen
+ls_width=350
+ls_height=430
+
+; login screen background color in RGB format
+ls_bg_color=dedede
+
+; optional background image filename (bmp format).
+#ls_background_image=
+
+; logo
+; full path to bmp-file or file in shared folder
+ls_logo_filename=
+ls_logo_x_pos=55
+ls_logo_y_pos=50
+
+; for positioning labels such as username, password etc
+ls_label_x_pos=30
+ls_label_width=65
+
+; for positioning text and combo boxes next to above labels
+ls_input_x_pos=110
+ls_input_width=210
+
+; y pos for first label and combo box
+ls_input_y_pos=220
+
+; OK button
+ls_btn_ok_x_pos=142
+ls_btn_ok_y_pos=370
+ls_btn_ok_width=85
+ls_btn_ok_height=30
+
+; Cancel button
+ls_btn_cancel_x_pos=237
+ls_btn_cancel_y_pos=370
+ls_btn_cancel_width=85
+ls_btn_cancel_height=30
+
+[Logging]
+LogFile=xrdp.log
+LogLevel=DEBUG
+EnableSyslog=true
+SyslogLevel=DEBUG
+; LogLevel and SysLogLevel could by any of: core, error, warning, info or debug
+
+[Channels]
+; Channel names not listed here will be blocked by XRDP.
+; You can block any channel by setting its value to false.
+; IMPORTANT! All channels are not supported in all use
+; cases even if you set all values to true.
+; You can override these settings on each session type
+; These settings are only used if allow_channels=true
+rdpdr=true
+rdpsnd=true
+drdynvc=true
+cliprdr=true
+rail=true
+xrdpvr=true
+tcutils=true
+
+; for debugging xrdp, in section xrdp1, change port=-1 to this:
+#port=/tmp/.xrdp/xrdp_display_10
+
+; for debugging xrdp, add following line to section xrdp1
+#chansrvport=/tmp/.xrdp/xrdp_chansrv_socket_7210
+
+
+;
+; Session types
+;
+
+; Some session types such as Xorg, X11rdp and Xvnc start a display server.
+; Startup command-line parameters for the display server are configured
+; in sesman.ini. See and configure also sesman.ini.
+;[Xorg]
+;name=Xorg
+;lib=libxup.so
+;username=ask
+;password=ask
+;ip=127.0.0.1
+;port=-1
+;code=20
+
+;[Xvnc]
+;name=Xvnc
+;lib=libvnc.so
+;username=ask
+;password=ask
+;ip=127.0.0.1
+;port=-1
+#xserverbpp=24
+#delay_ms=2000
+
+[vnc-any]
+name=vnc-any
+lib=libvnc.so
+ip=127.0.0.1
+port=5900
+username=na
+password=ask
+#pamusername=asksame
+#pampassword=asksame
+#pamsessionmng=127.0.0.1
+#delay_ms=2000
+
+;[neutrinordp-any]
+;name=neutrinordp-any
+;lib=libxrdpneutrinordp.so
+;ip=ask
+;port=ask3389
+;username=ask
+;password=ask
+
+; You can override the common channel settings for each session type
+#channel.rdpdr=true
+#channel.rdpsnd=true
+#channel.drdynvc=true
+#channel.cliprdr=true
+#channel.rail=true
+#channel.xrdpvr=true

home/pi/xinitrc

@@ -1 +0,0 @@
-../../boot/client-cfg/xinitrc