root/.ssh/id_rsa.pub hinzugefügt

Signed-off-by: Tim Eertmoed <alientim@noreply.localhost>

.gitignore

@@ -1,15 +0,0 @@
-# ---> Linux
-*~
-
-# temporary files which can be created if a process still has a handle open of a deleted file
-.fuse_hidden*
-
-# KDE directory preferences
-.directory
-
-# Linux trash folder which might appear on any partition or disk
-.Trash-*
-
-# .nfs files are created when an open file is removed but is still being accessed
-.nfs*
-

README.md

@@ -1,2 +1,10 @@
-# RPS-Light-PXE
+# RPS-Client
 
+```bash
+wget -qO- --header 'Authorization:token 9031f8d227dd83ba601680bf3a9f6c2d26c1a970' https://gitea.int.eertmoed.net/WiS/RPS-Client/archive/latest.tar.gz | tar xvz ; bash ./rps-client/install.sh ;
+```
+
+```ruby
+#  Version 1.1:
+#  Created 2024 by Tim Eertmoed, Christian Hampp @ WiS IT-Solutions GmbH, Germany to work on Raspian as custom pxe init script.
+```

boot/firmware/ro-root.sh

@@ -0,0 +1,120 @@
+#!/bin/sh
+
+#  Read-only Root-FS for Raspian using overlayfs
+#  Version 1.1:
+#  Changed to use /proc/mounts rathern than /etc/fstab for deriving the root filesystem.
+#
+#  Version 1:
+#  Created 2017 by Pascal Suter @ DALCO AG, Switzerland to work on Raspian as custom init script
+#  (raspbian does not use an initramfs on boot)
+#
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 3 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see
+#    <http://www.gnu.org/licenses/>.
+#
+#
+#  Tested with Raspbian mini, 2017-01-11
+#
+#  This script will mount the root filesystem read-only and overlay it with a temporary tempfs
+#  which is read-write mounted. This is done using the overlayFS which is part of the linux kernel
+#  since version 3.18.
+#  when this script is in use, all changes made to anywhere in the root filesystem mount will be lost
+#  upon reboot of the system. The SD card will only be accessed as read-only drive, which significantly
+#  helps to prolong its life and prevent filesystem coruption in environments where the system is usually
+#  not shut down properly
+#
+#  Install:
+#  copy this script to /sbin/overlayRoot.sh and add "init=/sbin/overlayRoot.sh" to the cmdline.txt
+#  file in the raspbian image's boot partition.
+#  I strongly recommend to disable swapping before using this. it will work with swap but that just does
+#  not make sens as the swap file will be stored in the tempfs which again resides in the ram.
+#  run these commands on the booted raspberry pi BEFORE you set the init=/sbin/overlayRoot.sh boot option:
+#  sudo dphys-swapfile swapoff
+#  sudo dphys-swapfile uninstall
+#  sudo update-rc.d dphys-swapfile remove
+#
+#  To install software, run upgrades and do other changes to the raspberry setup, simply remove the init=
+#  entry from the cmdline.txt file and reboot, make the changes, add the init= entry and reboot once more.
+
+fail(){
+        echo -e "$1"
+        /bin/bash
+}
+
+# load module
+modprobe overlay
+if [ $? -ne 0 ]; then
+    fail "ERROR: missing overlay kernel module"
+fi
+# mount /proc
+mount -t proc proc /proc
+
+# create a writable fs to then create our mountpoints
+mount -t tmpfs inittemp /mnt
+if [ $? -ne 0 ]; then
+    fail "ERROR: could not create a temporary filesystem to mount the base filesystems for overlayfs"
+fi
+mkdir /mnt/lower
+mkdir /mnt/rw
+mount -t tmpfs root-rw /mnt/rw
+if [ $? -ne 0 ]; then
+    fail "ERROR: could not create tempfs for upper filesystem"
+fi
+mkdir /mnt/rw/upper
+mkdir /mnt/rw/work
+mkdir /mnt/newroot
+
+# mount root filesystem readonly
+rootDev=`awk '$2 == "/" {print $1}' /proc/mounts`
+rootMountOpt=`awk '$2 == "/" {print $4}' /proc/mounts`
+rootFsType=`awk '$2 == "/" {print $3}' /proc/mounts`
+mount -t ${rootFsType} -o ${rootMountOpt},ro ${rootDev} /mnt/lower
+if [ $? -ne 0 ]; then
+    fail "ERROR: could not ro-mount original root partition"
+fi
+mount -t overlay -o lowerdir=/mnt/lower,upperdir=/mnt/rw/upper,workdir=/mnt/rw/work overlayfs-root /mnt/newroot
+if [ $? -ne 0 ]; then
+    fail "ERROR: could not mount overlayFS"
+fi
+# create mountpoints inside the new root filesystem-overlay
+mkdir /mnt/newroot/ro
+mkdir /mnt/newroot/rw
+# remove root mount from fstab (this is already a non-permanent modification)
+grep -v "$rootDev" /mnt/lower/etc/fstab > /mnt/newroot/etc/fstab
+echo "#the original root mount has been removed by overlayRoot.sh" >> /mnt/newroot/etc/fstab
+echo "#this is only a temporary modification, the original fstab" >> /mnt/newroot/etc/fstab
+echo "#stored on the disk can be found in /ro/etc/fstab" >> /mnt/newroot/etc/fstab
+# change to the new overlay root
+cd /mnt/newroot
+pivot_root . mnt
+exec chroot . sh -c "$(cat <<END
+# move ro and rw mounts to the new root
+mount --move /mnt/mnt/lower/ /ro
+if [ $? -ne 0 ]; then
+    echo "ERROR: could not move ro-root into newroot"
+    /bin/bash
+fi
+mount --move /mnt/mnt/rw /rw
+if [ $? -ne 0 ]; then
+    echo "ERROR: could not move tempfs rw mount into newroot"
+    /bin/bash
+fi
+# unmount unneeded mounts so we can unmout the old readonly root
+umount /mnt/mnt
+umount /mnt/proc
+umount -l -f /mnt/dev
+umount -l -f /mnt
+# continue with regular init
+exec /sbin/init
+END
+)"

boot/ro-root.sh

@@ -0,0 +1,120 @@
+#!/bin/sh
+
+#  Read-only Root-FS for Raspian using overlayfs
+#  Version 1.1:
+#  Changed to use /proc/mounts rathern than /etc/fstab for deriving the root filesystem.
+#
+#  Version 1:
+#  Created 2017 by Pascal Suter @ DALCO AG, Switzerland to work on Raspian as custom init script
+#  (raspbian does not use an initramfs on boot)
+#
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 3 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see
+#    <http://www.gnu.org/licenses/>.
+#
+#
+#  Tested with Raspbian mini, 2017-01-11
+#
+#  This script will mount the root filesystem read-only and overlay it with a temporary tempfs
+#  which is read-write mounted. This is done using the overlayFS which is part of the linux kernel
+#  since version 3.18.
+#  when this script is in use, all changes made to anywhere in the root filesystem mount will be lost
+#  upon reboot of the system. The SD card will only be accessed as read-only drive, which significantly
+#  helps to prolong its life and prevent filesystem coruption in environments where the system is usually
+#  not shut down properly
+#
+#  Install:
+#  copy this script to /sbin/overlayRoot.sh and add "init=/sbin/overlayRoot.sh" to the cmdline.txt
+#  file in the raspbian image's boot partition.
+#  I strongly recommend to disable swapping before using this. it will work with swap but that just does
+#  not make sens as the swap file will be stored in the tempfs which again resides in the ram.
+#  run these commands on the booted raspberry pi BEFORE you set the init=/sbin/overlayRoot.sh boot option:
+#  sudo dphys-swapfile swapoff
+#  sudo dphys-swapfile uninstall
+#  sudo update-rc.d dphys-swapfile remove
+#
+#  To install software, run upgrades and do other changes to the raspberry setup, simply remove the init=
+#  entry from the cmdline.txt file and reboot, make the changes, add the init= entry and reboot once more.
+
+fail(){
+        echo -e "$1"
+        /bin/bash
+}
+
+# load module
+modprobe overlay
+if [ $? -ne 0 ]; then
+    fail "ERROR: missing overlay kernel module"
+fi
+# mount /proc
+mount -t proc proc /proc
+
+# create a writable fs to then create our mountpoints
+mount -t tmpfs inittemp /mnt
+if [ $? -ne 0 ]; then
+    fail "ERROR: could not create a temporary filesystem to mount the base filesystems for overlayfs"
+fi
+mkdir /mnt/lower
+mkdir /mnt/rw
+mount -t tmpfs root-rw /mnt/rw
+if [ $? -ne 0 ]; then
+    fail "ERROR: could not create tempfs for upper filesystem"
+fi
+mkdir /mnt/rw/upper
+mkdir /mnt/rw/work
+mkdir /mnt/newroot
+
+# mount root filesystem readonly
+rootDev=`awk '$2 == "/" {print $1}' /proc/mounts`
+rootMountOpt=`awk '$2 == "/" {print $4}' /proc/mounts`
+rootFsType=`awk '$2 == "/" {print $3}' /proc/mounts`
+mount -t ${rootFsType} -o ${rootMountOpt},ro ${rootDev} /mnt/lower
+if [ $? -ne 0 ]; then
+    fail "ERROR: could not ro-mount original root partition"
+fi
+mount -t overlay -o lowerdir=/mnt/lower,upperdir=/mnt/rw/upper,workdir=/mnt/rw/work overlayfs-root /mnt/newroot
+if [ $? -ne 0 ]; then
+    fail "ERROR: could not mount overlayFS"
+fi
+# create mountpoints inside the new root filesystem-overlay
+mkdir /mnt/newroot/ro
+mkdir /mnt/newroot/rw
+# remove root mount from fstab (this is already a non-permanent modification)
+grep -v "$rootDev" /mnt/lower/etc/fstab > /mnt/newroot/etc/fstab
+echo "#the original root mount has been removed by overlayRoot.sh" >> /mnt/newroot/etc/fstab
+echo "#this is only a temporary modification, the original fstab" >> /mnt/newroot/etc/fstab
+echo "#stored on the disk can be found in /ro/etc/fstab" >> /mnt/newroot/etc/fstab
+# change to the new overlay root
+cd /mnt/newroot
+pivot_root . mnt
+exec chroot . sh -c "$(cat <<END
+# move ro and rw mounts to the new root
+mount --move /mnt/mnt/lower/ /ro
+if [ $? -ne 0 ]; then
+    echo "ERROR: could not move ro-root into newroot"
+    /bin/bash
+fi
+mount --move /mnt/mnt/rw /rw
+if [ $? -ne 0 ]; then
+    echo "ERROR: could not move tempfs rw mount into newroot"
+    /bin/bash
+fi
+# unmount unneeded mounts so we can unmout the old readonly root
+umount /mnt/mnt
+umount /mnt/proc
+umount -l -f /mnt/dev
+umount -l -f /mnt
+# continue with regular init
+exec /sbin/init
+END
+)"

etc/chromium/policies/managed/disable_password_saving.json

@@ -2,3 +2,6 @@
   "PasswordManagerEnabled": false,
   "PasswordManagerAllowShowPasswords": false
 }
+
+#  Version 1.0:
+#  Created 2024 by Tim Eertmoed, Christian Hampp @ WiS IT-Solutions GmbH, Germany to work on Raspian as custom pxe init script.

etc/dhcp/dhclient.conf

@@ -11,3 +11,6 @@ request subnet-mask, broadcast-address, time-offset, routers,
 	dhcp6.name-servers, dhcp6.domain-search, dhcp6.fqdn, dhcp6.sntp-servers,
 	netbios-name-servers, netbios-scope, interface-mtu,
 	rfc3442-classless-static-routes, ntp-servers, url, monitor, watchdog, screen;
+	
+#  Version 1.0:
+#  Created 2024 by Tim Eertmoed, Christian Hampp @ WiS IT-Solutions GmbH, Germany to work on Raspian as custom pxe init script.

etc/systemd/system/chromium-monitor.service

@@ -3,12 +3,16 @@ Description=A Service to monitor the Kiosk's current site
 After=network.target getty@tty1.service
 
 [Service]
-# Wait until Chromium is running
-ExecStartPre=-/bin/bash -c 'while ! pgrep -f chromium-browser > /dev/null; do sleep 5; done'
-ExecStartPre=-/usr/bin/sleep 20
+ExecStartPre=-/bin/sleep 120
 Type=simple
-User=loginuser
 ExecStart=/usr/bin/chromium-monitor
+Restart=on-failure
+RestartSec=5s
+StandardOutput=append:/var/log/chromium-monitor
+StandardError=append:/var/log/chromium-monitor
 
 [Install]
 WantedBy=multi-user.target
+
+#  Version 1.1:
+#  Created 2024 by Tim Eertmoed, Christian Hampp @ WiS IT-Solutions GmbH, Germany to work on Raspian as custom pxe init script.

etc/systemd/system/getty@tty1.service.d/override.conf

@@ -1,3 +1,6 @@
 [Service]
 ExecStart=
 ExecStart=-/sbin/agetty --autologin loginuser --noclear %I $TERM
+
+#  Version 1.0:
+#  Created 2024 by Tim Eertmoed, Christian Hampp @ WiS IT-Solutions GmbH, Germany to work on Raspian as custom pxe init script.

etc/systemd/system/watchdog.service

@@ -7,6 +7,12 @@ ExecStartPre=-/bin/sleep 120
 Type=simple
 ExecStart=/usr/bin/watchdog
 Restart=on-failure
+RestartSec=5s
+StandardOutput=append:/var/log/watchdog
+StandardError=append:/var/log/watchdog
 
 [Install]
 WantedBy=multi-user.target
+
+#  Version 1.1:
+#  Created 2024 by Tim Eertmoed, Christian Hampp @ WiS IT-Solutions GmbH, Germany to work on Raspian as custom pxe init script.

home/loginuser/.bash_profile

@@ -4,3 +4,6 @@ then
   exit
   sudo reboot
 fi
+
+#  Version 1.0:
+#  Created 2024 by Tim Eertmoed, Christian Hampp @ WiS IT-Solutions GmbH, Germany to work on Raspian as custom pxe init script.

home/loginuser/.xinitrc

@@ -47,3 +47,6 @@ chromium-browser $WBS \
   --user-data-dir=/tmp/chromium-profile
 
 exit
+
+#  Version 1.0:
+#  Created 2024 by Tim Eertmoed, Christian Hampp @ WiS IT-Solutions GmbH, Germany to work on Raspian as custom pxe init script.

home/wis/.ssh/id_rsa.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCYDmONGe644a3bWKAyX1W704B8fCwlj4x/QjwyJX6gKpX2hmtrxZtusK729wTxP0lr1Gzll9A8LAEGqW5/sxxJqwtYDMOEfINsgE8fmvg9XSmJ9t5zOxJAuQfJB/dmE2a2mX3VSH740czvJ6NKlf9BUeu+41ZZUilyHngfgpVxEIED/6ZHRrkMUfaY09IfvwmNiYPTtK4cufLBdeEoNJPQvYdY1i+N+cJstUzlDRs179w8CqLPuPhIb0iQ3WO1S1XXQH4vUm4MaMmK+hDR4J/pfhuI3DXulwE04rZFU2izXQwl5VdYLv8w31gcegyRz68p+LprusY4QiDP62yaUCTE6JdrjjQSxbEag+OqCzozfvoO+SxMdWsxg2eViM4sKTODc0cQBSA4HJcDWeag5LU9k4WGeuVVj8BCCBqh+93IqylqyK7AKMztVZNiftSBEbfK8ZoHawg5PM26LtCTz6YcmGhn/dHpcpyC8606+SHSTl5YinDaRjarCBM4nppD3o5pizVFKutI28Ys3wkVAe96njnJqIi/J5tNQgrbJmteCE3/9SWhpsXjnuZX1RaZYLE3bBg8Gisz/sm7rN3acVXe6QD03PIxwn9Xp8r3avzDkQKo4vqxoYK6JF6j3vs+U4WLElq+NtvuMewfAWF2cgL2quognLWUM5s0p1/zLzxa8w==

install.sh

@@ -1,143 +1,86 @@
+#!/bin/bash
+
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+NC='\033[0m' # No Color
+
 clear
-echo "Starte Systemupdate..."
-sudo apt update && sudo apt upgrade -y && sudo apt dist-upgrade -y && sudo apt autoremove -y && sudo apt clean -y
-echo "Starte Systemupdate..."
-echo "Systemupdate erfolgreich..."
-echo "Installierse benötigte Pakete..."
-sudo apt install --no-install-recommends xserver-xorg x11-xserver-utils xinit chromium-browser fonts-noto-color-emoji nfs-common watchdog xdotool rsync -y
-clear
-echo "Starte Systemupdate..."
-echo "Systemupdate erfolgreich..."
-echo "Installierse benötigte Pakete..."
-echo "Alle Pakete wurden installiert..."
-echo "Lege den Benutzer \"loginuser\" an..."
-sudo adduser --disabled-password --gecos "" loginuser
-clear
-echo "Starte Systemupdate..."
-echo "Systemupdate erfolgreich..."
-echo "Installierse benötigte Pakete..."
-echo "Alle Pakete wurden installiert..."
-echo "Lege den Benutzer \"loginuser\" an..."
-echo "Loginuser angelegt..."
-echo "Setze Rechte für \"loginuser\""
+
+# Function to print status with a checkmark
+print_status() {
+    echo -e "${GREEN}✔${NC} ${1} completed."
+}
+
+echo -e "${RED}→${NC} Starting System Update..."
+sudo apt update >>/var/log/install 2>&1 && print_status "System Update"
+sudo apt upgrade -y >>/var/log/install 2>&1 && print_status "System Upgrade"
+sudo apt dist-upgrade -y >>/var/log/install 2>&1 && print_status "System Dist-Upgrade"
+sudo apt autoremove -y >>/var/log/install 2>&1 && print_status "Autoremove"
+sudo apt clean >>/var/log/install 2>&1 && print_status "Clean"
+
+echo -e "${RED}→${NC} Installing required packages..."
+sudo apt install --no-install-recommends xserver-xorg x11-xserver-utils xinit chromium-browser fonts-noto-color-emoji nfs-common watchdog xdotool rsync -y >>/var/log/install 2>&1 && print_status "Required packages installed"
+sudo apt install realvnc-vnc-server overlayroot -y >>/var/log/install 2>&1 && print_status "VNC and Overlayroot installed"
+
+echo -e "${RED}→${NC} Creating user 'loginuser'..."
+sudo adduser --disabled-password --gecos "" loginuser >>/var/log/install 2>&1 && print_status "User 'loginuser' created"
+
+echo -e "${RED}→${NC} Setting permissions for 'loginuser'..."
 sudo tee /etc/sudoers.d/loginuser >/dev/null << 'EOF'
-loginuser ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart watchdog
-loginuser ALL=(ALL) NOPASSWD: /usr/bin/echo
-loginuser ALL=(ALL) NOPASSWD: /usr/bin/cp
-loginuser ALL=(ALL) NOPASSWD: /usr/bin/sed
-loginuser ALL=(ALL) NOPASSWD: /usr/sbin/reboot
-loginuser ALL=(ALL) NOPASSWD: /usr/sbin/dhclient eth0
-loginuser ALL=(ALL) NOPASSWD: /usr/bin/fbset
+loginuser ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart watchdog, /usr/bin/systemctl restart chromium-monitor
+loginuser ALL=(ALL) NOPASSWD: /usr/bin/echo, /usr/bin/cp, /usr/bin/sed
+loginuser ALL=(ALL) NOPASSWD: /usr/sbin/reboot, /usr/sbin/dhclient eth0, /usr/bin/fbset
 loginuser ALL=(ALL) NOPASSWD: /usr/bin/cat /var/lib/dhcp/*
 EOF
-sudo usermod -aG video loginuser
-clear
-echo "Starte Systemupdate..."
-echo "Systemupdate erfolgreich..."
-echo "Installierse benötigte Pakete..."
-echo "Alle Pakete wurden installiert..."
-echo "Lege den Benutzer \"loginuser\" an..."
-echo "Loginuser angelegt..."
-echo "Setze Rechte für \"loginuser\""
-echo "Rechte gesetzt..."
-echo "Verbiete login für ROOT..."
-sudo tee /etc/ssh/sshd_config >> /dev/null << 'EOF'
+sudo usermod -aG video loginuser >>/var/log/install 2>&1 && print_status "Permissions for 'loginuser' set"
+
+echo -e "${RED}→${NC} Disabling root login..."
+sudo tee /etc/ssh/sshd_config >/dev/null << 'EOF'
 PermitRootLogin no
 EOF
-sudo passwd -l root
-clear
-echo "Starte Systemupdate..."
-echo "Systemupdate erfolgreich..."
-echo "Installierse benötigte Pakete..."
-echo "Alle Pakete wurden installiert..."
-echo "Lege den Benutzer \"loginuser\" an..."
-echo "Loginuser angelegt..."
-echo "Setze Rechte für \"loginuser\""
-echo "Rechte gesetzt..."
-echo "Deaktiviere login für ROOT..."
-echo "ROOT login deaktiviert..."
-echo "Kopiere erfoderliche Dateie..."
-rm ./rps-light-pxe/.gitignore ./rps-light-pxe/LICENSE ./rps-light-pxe/README.md
-cp -r ./rps-light-pxe/ /
-clear
-echo "Starte Systemupdate..."
-echo "Systemupdate erfolgreich..."
-echo "Installierse benötigte Pakete..."
-echo "Alle Pakete wurden installiert..."
-echo "Lege den Benutzer \"loginuser\" an..."
-echo "Loginuser angelegt..."
-echo "Setze Rechte für \"loginuser\""
-echo "Rechte gesetzt..."
-echo "Deaktiviere login für ROOT..."
-echo "ROOT login deaktiviert..."
-echo "Spiele erforderliche Daten ein..."
-echo "Alle Daten wurden eingespielt..."
-echo "Setze alle Dateiberechtigungen..."
-sudo chown loginuser:loginuser /home/loginuser/.xinitrc
-sudo chown loginuser:loginuser /home/loginuser/.bash_profile
-sudo chmod +x /root/remove_unused_kernel.sh
-sudo chmod +x /usr/bin/watchdog
-sudo chmod +x /usr/bin/chromium-monitor
-clear
-echo "Starte Systemupdate..."
-echo "Systemupdate erfolgreich..."
-echo "Installierse benötigte Pakete..."
-echo "Alle Pakete wurden installiert..."
-echo "Lege den Benutzer \"loginuser\" an..."
-echo "Loginuser angelegt..."
-echo "Setze Rechte für \"loginuser\""
-echo "Rechte gesetzt..."
-echo "Deaktiviere login für ROOT..."
-echo "ROOT login deaktiviert..."
-echo "Spiele erforderliche Daten ein..."
-echo "Alle Daten wurden eingespielt..."
-echo "Setze alle Dateiberechtigungen..."
-echo "Alle Berechtigungen wurden gesetzt..."
-echo "Aktiviere benötigte Services..."
-sudo systemctl daemon-reload
-sudo systemctl enable watchdog
-sudo systemctl enable chromium-monitor
-sudo systemctl enable getty@tty1
-clear
-echo "Starte Systemupdate..."
-echo "Systemupdate erfolgreich..."
-echo "Installierse benötigte Pakete..."
-echo "Alle Pakete wurden installiert..."
-echo "Lege den Benutzer \"loginuser\" an..."
-echo "Loginuser angelegt..."
-echo "Setze Rechte für \"loginuser\""
-echo "Rechte gesetzt..."
-echo "Deaktiviere login für ROOT..."
-echo "ROOT login deaktiviert..."
-echo "Spiele erforderliche Daten ein..."
-echo "Alle Daten wurden eingespielt..."
-echo "Setze alle Dateiberechtigungen..."
-echo "Alle Berechtigungen wurden gesetzt..."
-echo "Aktiviere benötigte Services..."
-echo "Watchdog, Chromium und AutoLogin wurden aktiviert..."
-echo "Lösche nicht mehr benötigte Kernel..."
-sudo bash /root/remove_unused_kernel.sh -u -e
-rm /root/remove_unused_kernel.sh
-clear
-echo "Starte Systemupdate..."
-echo "Systemupdate erfolgreich..."
-echo "Installierse benötigte Pakete..."
-echo "Alle Pakete wurden installiert..."
-echo "Lege den Benutzer \"loginuser\" an..."
-echo "Loginuser angelegt..."
-echo "Setze Rechte für \"loginuser\""
-echo "Rechte gesetzt..."
-echo "Deaktiviere login für ROOT..."
-echo "ROOT login deaktiviert..."
-echo "Spiele erforderliche Daten ein..."
-echo "Alle Daten wurden eingespielt..."
-echo "Setze alle Dateiberechtigungen..."
-echo "Alle Berechtigungen wurden gesetzt..."
-echo "Aktiviere benötigte Services..."
-echo "Watchdog, Chromium und AutoLogin wurden aktiviert..."
-echo "Lösche nicht mehr benötigte Kernel..."
-echo "Alte Kernel gelöscht..."
-echo "Installation komplett..."
-echo "Zum Neustarten bitte eine beliebige Taste drücken..."
+sudo passwd -l root >>/var/log/install 2>&1 && print_status "Root login disabled"
+
+echo -e "${RED}→${NC} Copying required files..."
+sudo rsync -a --numeric-ids --info=progress2 --no-owner --no-group \
+    ./rps-client/boot/ro-root.sh /boot/ro-root.sh \
+    ./rps-client/boot/firmware/ro-root.sh /boot/firmware/ro-root.sh \
+    ./rps-client/etc/dhcp/dhclient.conf /etc/dhcp/dhclient.conf \
+    ./rps-client/etc/systemd/system/watchdog.service /etc/systemd/system/watchdog.service \
+    ./rps-client/etc/systemd/system/chromium-monitor.service /etc/systemd/system/chromium-monitor.service \
+    ./rps-client/etc/systemd/system/getty@tty1.service.d/override.conf /etc/systemd/system/getty@tty1.service.d/override.conf \
+    ./rps-client/etc/chromium/policies/managed/disable_password_saving.json /etc/chromium/policies/managed/disable_password_saving.json \
+    ./rps-client/home/loginuser/.bash_profile /home/loginuser/.bash_profile \
+    ./rps-client/home/loginuser/.xinitrc /home/loginuser/.xinitrc \
+    ./rps-client/home/wis/.ssh/id_rsa.pub /home/wis/.ssh/id_rsa.pub \
+    ./rps-client/root/remove_unused_kernel.sh /root/remove_unused_kernel.sh \
+    ./rps-client/root/.vnc/config.d/vncserver-x11 /root/.vnc/config.d/vncserver-x11 \
+    ./rps-client/usr/bin/chromium-monitor /usr/bin/chromium-monitor \
+    ./rps-client/usr/bin/watchdog /usr/bin/watchdog >>/var/log/install 2>&1 && print_status "Required files copied"
+
+echo -e "${RED}→${NC} Setting file permissions..."
+sudo chown loginuser:loginuser -R /home/loginuser >>/var/log/install 2>&1 && print_status "File permissions set"
+
+echo -e "${RED}→${NC} Enabling services..."
+sudo systemctl daemon-reload >>/var/log/install 2>&1 && print_status "Daemon reloaded"
+sudo systemctl enable watchdog chromium-monitor vncserver-x11-serviced.service >>/var/log/install 2>&1 && print_status "Services enabled"
+sudo systemctl restart getty@tty1 >>/var/log/install 2>&1 && print_status "getty service restarted"
+
+# Ask user about cleaning unused kernels
+echo -e "${RED}→${NC} Do you want to clean up unused kernels? (yes/y/ye to proceed):"
+read -r clean_kernels
+if [[ "$clean_kernels" =~ ^[Yy](e[Ss]?)?$ ]]; then
+    echo -e "${RED}→${NC} Cleaning up unused kernels..."
+    sudo bash /root/remove_unused_kernel.sh -u -e >>/var/log/install 2>&1 && print_status "Unused kernels cleaned up"
+else
+    echo -e "${RED}→${NC} Skipping unused kernel cleanup."
+fi
+
+echo -e "${RED}→${NC} Cleaning up installer..."
+sudo rm -rf ./rps-client >>/var/log/install 2>&1 && print_status "Installer cleaned up"
+
+echo -e "${GREEN}✔${NC} Installation complete. Press any key to reboot..."
 read -n 1 -s
 sudo reboot
+
+# Version 1.2:
+# Created 2024 by Tim Eertmoed, Christian Hampp @ WiS IT-Solutions GmbH, Germany to work on Raspian as custom pxe init script.

root/.ssh/id_rsa.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCYDmONGe644a3bWKAyX1W704B8fCwlj4x/QjwyJX6gKpX2hmtrxZtusK729wTxP0lr1Gzll9A8LAEGqW5/sxxJqwtYDMOEfINsgE8fmvg9XSmJ9t5zOxJAuQfJB/dmE2a2mX3VSH740czvJ6NKlf9BUeu+41ZZUilyHngfgpVxEIED/6ZHRrkMUfaY09IfvwmNiYPTtK4cufLBdeEoNJPQvYdY1i+N+cJstUzlDRs179w8CqLPuPhIb0iQ3WO1S1XXQH4vUm4MaMmK+hDR4J/pfhuI3DXulwE04rZFU2izXQwl5VdYLv8w31gcegyRz68p+LprusY4QiDP62yaUCTE6JdrjjQSxbEag+OqCzozfvoO+SxMdWsxg2eViM4sKTODc0cQBSA4HJcDWeag5LU9k4WGeuVVj8BCCBqh+93IqylqyK7AKMztVZNiftSBEbfK8ZoHawg5PM26LtCTz6YcmGhn/dHpcpyC8606+SHSTl5YinDaRjarCBM4nppD3o5pizVFKutI28Ys3wkVAe96njnJqIi/J5tNQgrbJmteCE3/9SWhpsXjnuZX1RaZYLE3bBg8Gisz/sm7rN3acVXe6QD03PIxwn9Xp8r3avzDkQKo4vqxoYK6JF6j3vs+U4WLElq+NtvuMewfAWF2cgL2quognLWUM5s0p1/zLzxa8w==

root/.vnc/config.d/vncserver-x11

@@ -1 +1,4 @@
 Authentication=None
+
+#  Version 1.0:
+#  Created 2024 by Tim Eertmoed, Christian Hampp @ WiS IT-Solutions GmbH, Germany to work on Raspian as custom pxe init script.

usr/bin/chromium-monitor

@@ -22,12 +22,15 @@ while true; do
         new_monitor_md5=$(echo -n ${new_monitor^^} | sed -e 's/^[[:space:]]*//' | md5sum | awk '{print $1}')
         current_md5=$(echo -n ${new_current^^} | sed -e 's/^[[:space:]]*//' | md5sum | awk '{print $1}')
         if [ "$new_monitor_md5" != "$monitor_md5" ] && [ "$current_md5" != "$monitor_md5" ]; then
-            echo "Mismatch detected. Rebooting now."
+            echo "Mismatch detected. Rebooting now." >> /var/log/chromium-monitor
             sudo reboot
             exit 1
         fi
     else
-        echo "Either monitor or current is not available, skipping check."
+        echo "Either monitor or current is not available, skipping check." >> /var/log/chromium-monitor
     fi
     sleep 5s
 done
+
+#  Version 1.0:
+#  Created 2024 by Tim Eertmoed, Christian Hampp @ WiS IT-Solutions GmbH, Germany to work on Raspian as custom pxe init script.

usr/bin/watchdog

@@ -9,11 +9,14 @@ sudo sed -i '/^interval/d' "$config_file"
 echo "interval = 60" | sudo tee -a "$config_file" > /dev/null
 if [ ${#ip_array[@]} -eq 0 ]; then
     sudo sed -i '/interval/d' "$config_file"
-    echo "No IP addresses found. Watchdog configuration cleared." >&2
+    echo "No IP addresses found. Watchdog configuration cleared." >> /var/log/watchdog 2>&1
     sudo systemctl stop watchdog
 else
     for ip in "${ip_array[@]}"; do
         echo "ping = $ip" | sudo tee -a "$config_file" > /dev/null
     done
 fi
-sudo systemctl restart watchdog
+sudo systemctl restart watchdog >> /var/log/watchdog 2>&1
+
+#  Version 1.1:
+#  Created 2024 by Tim Eertmoed @ WiS IT-Solutions GmbH, Germany to work on Raspian as custom pxe init script.