install.sh aktualisiert

Signed-off-by: Tim Eertmoed <alientim@noreply.localhost>

.gitignore

@@ -1,15 +0,0 @@
-# ---> Linux
-*~
-
-# temporary files which can be created if a process still has a handle open of a deleted file
-.fuse_hidden*
-
-# KDE directory preferences
-.directory
-
-# Linux trash folder which might appear on any partition or disk
-.Trash-*
-
-# .nfs files are created when an open file is removed but is still being accessed
-.nfs*
-

README.md

@@ -1,2 +1,10 @@
-# RPS-Light-PXE
+# RPS-Client
 
+```bash
+wget -qO- --header 'Authorization:token 9031f8d227dd83ba601680bf3a9f6c2d26c1a970' https://gitea.int.eertmoed.net/WiS/RPS-Client/archive/latest.tar.gz | tar xvz ; bash ./rps-client/install.sh ;
+```
+
+```ruby
+#  Version 1.1:
+#  Created 2024 by Tim Eertmoed, Christian Hampp @ WiS IT-Solutions GmbH, Germany to work on Raspian as custom pxe init script.
+```

boot/firmware/ro-root.sh

@@ -0,0 +1,120 @@
+#!/bin/sh
+
+#  Read-only Root-FS for Raspian using overlayfs
+#  Version 1.1:
+#  Changed to use /proc/mounts rathern than /etc/fstab for deriving the root filesystem.
+#
+#  Version 1:
+#  Created 2017 by Pascal Suter @ DALCO AG, Switzerland to work on Raspian as custom init script
+#  (raspbian does not use an initramfs on boot)
+#
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 3 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see
+#    <http://www.gnu.org/licenses/>.
+#
+#
+#  Tested with Raspbian mini, 2017-01-11
+#
+#  This script will mount the root filesystem read-only and overlay it with a temporary tempfs
+#  which is read-write mounted. This is done using the overlayFS which is part of the linux kernel
+#  since version 3.18.
+#  when this script is in use, all changes made to anywhere in the root filesystem mount will be lost
+#  upon reboot of the system. The SD card will only be accessed as read-only drive, which significantly
+#  helps to prolong its life and prevent filesystem coruption in environments where the system is usually
+#  not shut down properly
+#
+#  Install:
+#  copy this script to /sbin/overlayRoot.sh and add "init=/sbin/overlayRoot.sh" to the cmdline.txt
+#  file in the raspbian image's boot partition.
+#  I strongly recommend to disable swapping before using this. it will work with swap but that just does
+#  not make sens as the swap file will be stored in the tempfs which again resides in the ram.
+#  run these commands on the booted raspberry pi BEFORE you set the init=/sbin/overlayRoot.sh boot option:
+#  sudo dphys-swapfile swapoff
+#  sudo dphys-swapfile uninstall
+#  sudo update-rc.d dphys-swapfile remove
+#
+#  To install software, run upgrades and do other changes to the raspberry setup, simply remove the init=
+#  entry from the cmdline.txt file and reboot, make the changes, add the init= entry and reboot once more.
+
+fail(){
+        echo -e "$1"
+        /bin/bash
+}
+
+# load module
+modprobe overlay
+if [ $? -ne 0 ]; then
+    fail "ERROR: missing overlay kernel module"
+fi
+# mount /proc
+mount -t proc proc /proc
+
+# create a writable fs to then create our mountpoints
+mount -t tmpfs inittemp /mnt
+if [ $? -ne 0 ]; then
+    fail "ERROR: could not create a temporary filesystem to mount the base filesystems for overlayfs"
+fi
+mkdir /mnt/lower
+mkdir /mnt/rw
+mount -t tmpfs root-rw /mnt/rw
+if [ $? -ne 0 ]; then
+    fail "ERROR: could not create tempfs for upper filesystem"
+fi
+mkdir /mnt/rw/upper
+mkdir /mnt/rw/work
+mkdir /mnt/newroot
+
+# mount root filesystem readonly
+rootDev=`awk '$2 == "/" {print $1}' /proc/mounts`
+rootMountOpt=`awk '$2 == "/" {print $4}' /proc/mounts`
+rootFsType=`awk '$2 == "/" {print $3}' /proc/mounts`
+mount -t ${rootFsType} -o ${rootMountOpt},ro ${rootDev} /mnt/lower
+if [ $? -ne 0 ]; then
+    fail "ERROR: could not ro-mount original root partition"
+fi
+mount -t overlay -o lowerdir=/mnt/lower,upperdir=/mnt/rw/upper,workdir=/mnt/rw/work overlayfs-root /mnt/newroot
+if [ $? -ne 0 ]; then
+    fail "ERROR: could not mount overlayFS"
+fi
+# create mountpoints inside the new root filesystem-overlay
+mkdir /mnt/newroot/ro
+mkdir /mnt/newroot/rw
+# remove root mount from fstab (this is already a non-permanent modification)
+grep -v "$rootDev" /mnt/lower/etc/fstab > /mnt/newroot/etc/fstab
+echo "#the original root mount has been removed by overlayRoot.sh" >> /mnt/newroot/etc/fstab
+echo "#this is only a temporary modification, the original fstab" >> /mnt/newroot/etc/fstab
+echo "#stored on the disk can be found in /ro/etc/fstab" >> /mnt/newroot/etc/fstab
+# change to the new overlay root
+cd /mnt/newroot
+pivot_root . mnt
+exec chroot . sh -c "$(cat <<END
+# move ro and rw mounts to the new root
+mount --move /mnt/mnt/lower/ /ro
+if [ $? -ne 0 ]; then
+    echo "ERROR: could not move ro-root into newroot"
+    /bin/bash
+fi
+mount --move /mnt/mnt/rw /rw
+if [ $? -ne 0 ]; then
+    echo "ERROR: could not move tempfs rw mount into newroot"
+    /bin/bash
+fi
+# unmount unneeded mounts so we can unmout the old readonly root
+umount /mnt/mnt
+umount /mnt/proc
+umount -l -f /mnt/dev
+umount -l -f /mnt
+# continue with regular init
+exec /sbin/init
+END
+)"

boot/ro-root.sh

@@ -0,0 +1,120 @@
+#!/bin/sh
+
+#  Read-only Root-FS for Raspian using overlayfs
+#  Version 1.1:
+#  Changed to use /proc/mounts rathern than /etc/fstab for deriving the root filesystem.
+#
+#  Version 1:
+#  Created 2017 by Pascal Suter @ DALCO AG, Switzerland to work on Raspian as custom init script
+#  (raspbian does not use an initramfs on boot)
+#
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 3 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see
+#    <http://www.gnu.org/licenses/>.
+#
+#
+#  Tested with Raspbian mini, 2017-01-11
+#
+#  This script will mount the root filesystem read-only and overlay it with a temporary tempfs
+#  which is read-write mounted. This is done using the overlayFS which is part of the linux kernel
+#  since version 3.18.
+#  when this script is in use, all changes made to anywhere in the root filesystem mount will be lost
+#  upon reboot of the system. The SD card will only be accessed as read-only drive, which significantly
+#  helps to prolong its life and prevent filesystem coruption in environments where the system is usually
+#  not shut down properly
+#
+#  Install:
+#  copy this script to /sbin/overlayRoot.sh and add "init=/sbin/overlayRoot.sh" to the cmdline.txt
+#  file in the raspbian image's boot partition.
+#  I strongly recommend to disable swapping before using this. it will work with swap but that just does
+#  not make sens as the swap file will be stored in the tempfs which again resides in the ram.
+#  run these commands on the booted raspberry pi BEFORE you set the init=/sbin/overlayRoot.sh boot option:
+#  sudo dphys-swapfile swapoff
+#  sudo dphys-swapfile uninstall
+#  sudo update-rc.d dphys-swapfile remove
+#
+#  To install software, run upgrades and do other changes to the raspberry setup, simply remove the init=
+#  entry from the cmdline.txt file and reboot, make the changes, add the init= entry and reboot once more.
+
+fail(){
+        echo -e "$1"
+        /bin/bash
+}
+
+# load module
+modprobe overlay
+if [ $? -ne 0 ]; then
+    fail "ERROR: missing overlay kernel module"
+fi
+# mount /proc
+mount -t proc proc /proc
+
+# create a writable fs to then create our mountpoints
+mount -t tmpfs inittemp /mnt
+if [ $? -ne 0 ]; then
+    fail "ERROR: could not create a temporary filesystem to mount the base filesystems for overlayfs"
+fi
+mkdir /mnt/lower
+mkdir /mnt/rw
+mount -t tmpfs root-rw /mnt/rw
+if [ $? -ne 0 ]; then
+    fail "ERROR: could not create tempfs for upper filesystem"
+fi
+mkdir /mnt/rw/upper
+mkdir /mnt/rw/work
+mkdir /mnt/newroot
+
+# mount root filesystem readonly
+rootDev=`awk '$2 == "/" {print $1}' /proc/mounts`
+rootMountOpt=`awk '$2 == "/" {print $4}' /proc/mounts`
+rootFsType=`awk '$2 == "/" {print $3}' /proc/mounts`
+mount -t ${rootFsType} -o ${rootMountOpt},ro ${rootDev} /mnt/lower
+if [ $? -ne 0 ]; then
+    fail "ERROR: could not ro-mount original root partition"
+fi
+mount -t overlay -o lowerdir=/mnt/lower,upperdir=/mnt/rw/upper,workdir=/mnt/rw/work overlayfs-root /mnt/newroot
+if [ $? -ne 0 ]; then
+    fail "ERROR: could not mount overlayFS"
+fi
+# create mountpoints inside the new root filesystem-overlay
+mkdir /mnt/newroot/ro
+mkdir /mnt/newroot/rw
+# remove root mount from fstab (this is already a non-permanent modification)
+grep -v "$rootDev" /mnt/lower/etc/fstab > /mnt/newroot/etc/fstab
+echo "#the original root mount has been removed by overlayRoot.sh" >> /mnt/newroot/etc/fstab
+echo "#this is only a temporary modification, the original fstab" >> /mnt/newroot/etc/fstab
+echo "#stored on the disk can be found in /ro/etc/fstab" >> /mnt/newroot/etc/fstab
+# change to the new overlay root
+cd /mnt/newroot
+pivot_root . mnt
+exec chroot . sh -c "$(cat <<END
+# move ro and rw mounts to the new root
+mount --move /mnt/mnt/lower/ /ro
+if [ $? -ne 0 ]; then
+    echo "ERROR: could not move ro-root into newroot"
+    /bin/bash
+fi
+mount --move /mnt/mnt/rw /rw
+if [ $? -ne 0 ]; then
+    echo "ERROR: could not move tempfs rw mount into newroot"
+    /bin/bash
+fi
+# unmount unneeded mounts so we can unmout the old readonly root
+umount /mnt/mnt
+umount /mnt/proc
+umount -l -f /mnt/dev
+umount -l -f /mnt
+# continue with regular init
+exec /sbin/init
+END
+)"

etc/chromium/policies/managed/disable_password_saving.json

@@ -1,4 +1,7 @@
 {
   "PasswordManagerEnabled": false,
   "PasswordManagerAllowShowPasswords": false
-}
+}
+
+#  Version 1.0:
+#  Created 2024 by Tim Eertmoed, Christian Hampp @ WiS IT-Solutions GmbH, Germany to work on Raspian as custom pxe init script.

etc/dhcp/dhclient.conf

@@ -10,4 +10,7 @@ request subnet-mask, broadcast-address, time-offset, routers,
 	domain-name, domain-name-servers, domain-search, host-name,
 	dhcp6.name-servers, dhcp6.domain-search, dhcp6.fqdn, dhcp6.sntp-servers,
 	netbios-name-servers, netbios-scope, interface-mtu,
-	rfc3442-classless-static-routes, ntp-servers, url, monitor, watchdog, screen;
+	rfc3442-classless-static-routes, ntp-servers, url, monitor, watchdog, screen;
+	
+#  Version 1.0:
+#  Created 2024 by Tim Eertmoed, Christian Hampp @ WiS IT-Solutions GmbH, Germany to work on Raspian as custom pxe init script.

etc/systemd/system/chromium-monitor.service

@@ -1,14 +1,14 @@
 [Unit]
 Description=A Service to monitor the Kiosk's current site
-After=network.target getty@tty1.service
+After=network.target
 
 [Service]
-# Wait until Chromium is running
-ExecStartPre=-/bin/bash -c 'while ! pgrep -f chromium-browser > /dev/null; do sleep 5; done'
-ExecStartPre=-/usr/bin/sleep 20
 Type=simple
 User=loginuser
-ExecStart=/usr/bin/chromium-monitor
+ExecStart=/usr/bin/custom/chromium-monitor
 
 [Install]
-WantedBy=multi-user.target
+WantedBy=multi-user.target
+
+#  Version 1.1:
+#  Created 2024 by Tim Eertmoed, Christian Hampp @ WiS IT-Solutions GmbH, Germany to work on Raspian as custom pxe init script.

etc/systemd/system/getty@tty1.service.d/override.conf

@@ -1,3 +1,6 @@
 [Service]
 ExecStart=
-ExecStart=-/sbin/agetty --autologin loginuser --noclear %I $TERM
+ExecStart=-/sbin/agetty --autologin loginuser --noclear %I $TERM
+
+#  Version 1.0:
+#  Created 2024 by Tim Eertmoed, Christian Hampp @ WiS IT-Solutions GmbH, Germany to work on Raspian as custom pxe init script.

etc/systemd/system/hostname.service

@@ -0,0 +1,11 @@
+[Unit]
+Description=Set Hostname from DHCP
+After=network.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/custom/hostname
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target

etc/systemd/system/watchdog-monitor.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=Watchdog Monitor Service
+After=network.target
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/custom/watchdog-monitor
+
+[Install]
+WantedBy=multi-user.target
+
+#  Version 1.1:
+#  Created 2024 by Tim Eertmoed, Christian Hampp @ WiS IT-Solutions GmbH, Germany to work on Raspian as custom pxe init script.

etc/systemd/system/watchdog.service

@@ -1,12 +0,0 @@
-[Unit]
-Description=Watchdog Monitor Service
-After=network.target getty@tty1.service
-
-[Service]
-ExecStartPre=-/bin/sleep 120
-Type=simple
-ExecStart=/usr/bin/watchdog
-Restart=on-failure
-
-[Install]
-WantedBy=multi-user.target

home/loginuser/.bash_profile

@@ -3,4 +3,7 @@ then
   startx -- -nocursor
   exit
   sudo reboot
-fi
+fi
+
+#  Version 1.0:
+#  Created 2024 by Tim Eertmoed, Christian Hampp @ WiS IT-Solutions GmbH, Germany to work on Raspian as custom pxe init script.

home/loginuser/.xinitrc

@@ -46,4 +46,7 @@ chromium-browser $WBS \
   --disable-password-manager \
   --user-data-dir=/tmp/chromium-profile
 
-exit
+exit
+
+#  Version 1.0:
+#  Created 2024 by Tim Eertmoed, Christian Hampp @ WiS IT-Solutions GmbH, Germany to work on Raspian as custom pxe init script.

home/wis/.ssh/id_rsa.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCYDmONGe644a3bWKAyX1W704B8fCwlj4x/QjwyJX6gKpX2hmtrxZtusK729wTxP0lr1Gzll9A8LAEGqW5/sxxJqwtYDMOEfINsgE8fmvg9XSmJ9t5zOxJAuQfJB/dmE2a2mX3VSH740czvJ6NKlf9BUeu+41ZZUilyHngfgpVxEIED/6ZHRrkMUfaY09IfvwmNiYPTtK4cufLBdeEoNJPQvYdY1i+N+cJstUzlDRs179w8CqLPuPhIb0iQ3WO1S1XXQH4vUm4MaMmK+hDR4J/pfhuI3DXulwE04rZFU2izXQwl5VdYLv8w31gcegyRz68p+LprusY4QiDP62yaUCTE6JdrjjQSxbEag+OqCzozfvoO+SxMdWsxg2eViM4sKTODc0cQBSA4HJcDWeag5LU9k4WGeuVVj8BCCBqh+93IqylqyK7AKMztVZNiftSBEbfK8ZoHawg5PM26LtCTz6YcmGhn/dHpcpyC8606+SHSTl5YinDaRjarCBM4nppD3o5pizVFKutI28Ys3wkVAe96njnJqIi/J5tNQgrbJmteCE3/9SWhpsXjnuZX1RaZYLE3bBg8Gisz/sm7rN3acVXe6QD03PIxwn9Xp8r3avzDkQKo4vqxoYK6JF6j3vs+U4WLElq+NtvuMewfAWF2cgL2quognLWUM5s0p1/zLzxa8w==

install.sh

@@ -1,143 +1,167 @@
+#!/bin/bash
+
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+NC='\033[0m' # No Color
+
 clear
-echo "Starte Systemupdate..."
-sudo apt update && sudo apt upgrade -y && sudo apt dist-upgrade -y && sudo apt autoremove -y && sudo apt clean -y
-echo "Starte Systemupdate..."
-echo "Systemupdate erfolgreich..."
-echo "Installierse benötigte Pakete..."
-sudo apt install --no-install-recommends xserver-xorg x11-xserver-utils xinit chromium-browser fonts-noto-color-emoji nfs-common watchdog xdotool rsync -y
-clear
-echo "Starte Systemupdate..."
-echo "Systemupdate erfolgreich..."
-echo "Installierse benötigte Pakete..."
-echo "Alle Pakete wurden installiert..."
-echo "Lege den Benutzer \"loginuser\" an..."
-sudo adduser --disabled-password --gecos "" loginuser
-clear
-echo "Starte Systemupdate..."
-echo "Systemupdate erfolgreich..."
-echo "Installierse benötigte Pakete..."
-echo "Alle Pakete wurden installiert..."
-echo "Lege den Benutzer \"loginuser\" an..."
-echo "Loginuser angelegt..."
-echo "Setze Rechte für \"loginuser\""
-sudo tee /etc/sudoers.d/loginuser > /dev/null << 'EOF'
-loginuser ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart watchdog
-loginuser ALL=(ALL) NOPASSWD: /usr/bin/echo
-loginuser ALL=(ALL) NOPASSWD: /usr/bin/cp
-loginuser ALL=(ALL) NOPASSWD: /usr/bin/sed
-loginuser ALL=(ALL) NOPASSWD: /usr/sbin/reboot
-loginuser ALL=(ALL) NOPASSWD: /usr/sbin/dhclient eth0
-loginuser ALL=(ALL) NOPASSWD: /usr/bin/fbset
+
+# Function to print status with a checkmark
+print_status() {
+    echo -e "${GREEN}✔${NC} ${1} completed."
+}
+
+echo -e "${RED}→${NC} Starting System Update..."
+sudo apt update >>/var/log/install 2>&1 && print_status "System Update"
+sudo apt upgrade -y >>/var/log/install 2>&1 && print_status "System Upgrade"
+sudo apt dist-upgrade -y >>/var/log/install 2>&1 && print_status "System Dist-Upgrade"
+
+echo -e "${RED}→${NC} Installing required packages..."
+sudo apt install --no-install-recommends xserver-xorg x11-xserver-utils xinit chromium-browser fonts-noto-color-emoji nfs-common watchdog xdotool rsync -y >>/var/log/install 2>&1 && print_status "Required packages installed"
+sudo apt install realvnc-vnc-server overlayroot -y >>/var/log/install 2>&1 && print_status "VNC and Overlayroot installed"
+sudo apt autoremove -y >>/var/log/install 2>&1 && print_status "Autoremove"
+sudo apt clean >>/var/log/install 2>&1 && print_status "Clean"
+rm -rf /var/lib/apt/lists/* >>/var/log/install 2>&1 && print_status "Clear cache"
+
+echo -e "${GREEN}→${NC} Configuring Raspberry Pi settings..."
+sudo raspi-config nonint do_camera 0 >> /var/log/install 2>&1 && print_status "Camera disabled"
+sudo raspi-config nonint do_vnc 0 >> /var/log/install 2>&1 && print_status "VNC enabled"
+sudo raspi-config nonint do_spi 0 >> /var/log/install 2>&1 && print_status "SPI disabled"
+sudo raspi-config nonint do_i2c 0 >> /var/log/install 2>&1 && print_status "I2C disabled"
+sudo raspi-config nonint do_serial 0 0 >> /var/log/install 2>&1 && print_status "Serial port disabled"
+sudo raspi-config nonint do_onewire 0 >> /var/log/install 2>&1 && print_status "1-Wire disabled"
+sudo raspi-config nonint do_remote_gpio 0 >> /var/log/install 2>&1 && print_status "Remote GPIO disabled"
+sudo raspi-config nonint do_gpu_memory 256 >> /var/log/install 2>&1 && print_status "GPU memory set to 256MB"
+sudo raspi-config nonint do_locale "de_DE.UTF-8" "de_DE.UTF-8" >> /var/log/install 2>&1 && print_status "Locale set to de_DE.UTF-8"
+sudo raspi-config nonint do_timezone "Europe/Berlin" >> /var/log/install 2>&1 && print_status "Timezone set to Europe/Berlin"
+sudo raspi-config nonint do_boot_order 3 >> /var/log/install 2>&1 && print_status "Boot order set to network boot"
+
+echo -e "${RED}→${NC} Configuring VNC..."
+sudo systemctl enable vncserver-x11-serviced.service >>/var/log/install 2>&1 && print_status "VNC service enabled"
+sudo systemctl start vncserver-x11-serviced.service >>/var/log/install 2>&1 && print_status "VNC service started"
+CONFIG_FILE="/root/.vnc/config.d/vncserver-x11"
+if [ ! -d "$(dirname "$CONFIG_FILE")" ]; then
+    mkdir -p "$(dirname "$CONFIG_FILE")"
+    print_status "Created directory for VNC config." >> /var/log/install 2>&1
+fi
+read -p "Do you want to set a VNC password? (y/n): " -r
+if [[ $REPLY =~ ^[Yy](e[Ss]?)?$ ]]; then
+    vncpasswd
+    print_status "VNC password has been set." >> /var/log/install 2>&1
+else
+    echo -e "${RED}✖${NC} No VNC password will be set." >> /var/log/install 2>&1
+fi
+if [ "$(vncpasswd -o)" = 'none' ]; then
+    echo "Authentication=None" >> "$CONFIG_FILE"
+    echo "Geometry=1920x1080" >> "$CONFIG_FILE"
+    echo "#  Version 1.0:" >> "$CONFIG_FILE"
+    echo "#  Created 2024 by Tim Eertmoed, Christian Hampp @ WiS IT-Solutions GmbH, Germany to work on Raspbian as custom PXE init script." >> "$CONFIG_FILE"
+    print_status "VNC config set to no authentication with geometry 1920x1080." >> /var/log/install 2>&1
+else
+    echo "Authentication=VNC" >> "$CONFIG_FILE"
+    echo "Geometry=1920x1080" >> "$CONFIG_FILE"
+    echo "#  Version 1.0:" >> "$CONFIG_FILE"
+    echo "#  Created 2024 by Tim Eertmoed, Christian Hampp @ WiS IT-Solutions GmbH, Germany to work on Raspbian as custom PXE init script." >> "$CONFIG_FILE"
+    print_status "VNC password is set. Authentication will be required." >> /var/log/install 2>&1
+fi
+sudo raspi-config nonint do_vnc 0 >>/var/log/install 2>&1 && print_status "VNC enabled in raspi-config"
+
+echo -e "${RED}→${NC} Creating user 'loginuser'..."
+sudo adduser --disabled-password --gecos "" loginuser >>/var/log/install 2>&1 && print_status "User 'loginuser' created"
+
+echo -e "${RED}→${NC} Setting permissions for 'loginuser'..."
+sudo tee /etc/sudoers.d/loginuser >/dev/null << 'EOF'
+loginuser ALL=(ALL) NOPASSWD: /usr/bin/systemctl start watchdog, /usr/bin/systemctl stop watchdog, /usr/bin/systemctl restart watchdog
+loginuser ALL=(ALL) NOPASSWD: /usr/bin/systemctl stop watchdog-monitor
 loginuser ALL=(ALL) NOPASSWD: /usr/bin/cat /var/lib/dhcp/*
+loginuser ALL=(ALL) NOPASSWD: /usr/bin/cp /etc/watchdog.conf /etc/watchdog.conf.bak
+loginuser ALL=(ALL) NOPASSWD: /usr/bin/tee /etc/watchdog.conf, /usr/bin/tee -a /etc/watchdog.conf
+loginuser ALL=(ALL) NOPASSWD: /usr/bin/sed -i
+loginuser ALL=(ALL) NOPASSWD: /usr/bin/sed -r 's/[x]+/,/g'
+loginuser ALL=(ALL) NOPASSWD: /usr/bin/fbset -s
+loginuser ALL=(ALL) NOPASSWD: /usr/bin/hostnamectl set-hostname
+loginuser ALL=(ALL) NOPASSWD: /usr/sbin/dhclient eth0
+loginuser ALL=(ALL) NOPASSWD: /usr/sbin/reboot
 EOF
-sudo usermod -aG video loginuser
-clear
-echo "Starte Systemupdate..."
-echo "Systemupdate erfolgreich..."
-echo "Installierse benötigte Pakete..."
-echo "Alle Pakete wurden installiert..."
-echo "Lege den Benutzer \"loginuser\" an..."
-echo "Loginuser angelegt..."
-echo "Setze Rechte für \"loginuser\""
-echo "Rechte gesetzt..."
-echo "Verbiete login für ROOT..."
-sudo tee /etc/ssh/sshd_config >> /dev/null << 'EOF'
+sudo usermod -aG video loginuser >>/var/log/install 2>&1 && print_status "Permissions for 'loginuser' set"
+
+echo -e "${RED}→${NC} Disabling root login..."
+sudo tee /etc/ssh/sshd_config >/dev/null << 'EOF'
 PermitRootLogin no
 EOF
-sudo passwd -l root
-clear
-echo "Starte Systemupdate..."
-echo "Systemupdate erfolgreich..."
-echo "Installierse benötigte Pakete..."
-echo "Alle Pakete wurden installiert..."
-echo "Lege den Benutzer \"loginuser\" an..."
-echo "Loginuser angelegt..."
-echo "Setze Rechte für \"loginuser\""
-echo "Rechte gesetzt..."
-echo "Deaktiviere login für ROOT..."
-echo "ROOT login deaktiviert..."
-echo "Kopiere erfoderliche Dateie..."
-rm ./rps-light-pxe/.gitignore ./rps-light-pxe/LICENSE ./rps-light-pxe/README.md
-cp -r ./rps-light-pxe/ /
-clear
-echo "Starte Systemupdate..."
-echo "Systemupdate erfolgreich..."
-echo "Installierse benötigte Pakete..."
-echo "Alle Pakete wurden installiert..."
-echo "Lege den Benutzer \"loginuser\" an..."
-echo "Loginuser angelegt..."
-echo "Setze Rechte für \"loginuser\""
-echo "Rechte gesetzt..."
-echo "Deaktiviere login für ROOT..."
-echo "ROOT login deaktiviert..."
-echo "Spiele erforderliche Daten ein..."
-echo "Alle Daten wurden eingespielt..."
-echo "Setze alle Dateiberechtigungen..."
-sudo chown loginuser:loginuser /home/loginuser/.xinitrc
-sudo chown loginuser:loginuser /home/loginuser/.bash_profile
-sudo chmod +x /root/remove_unused_kernel.sh
-sudo chmod +x /usr/bin/watchdog
-sudo chmod +x /usr/bin/chromium-monitor
-clear
-echo "Starte Systemupdate..."
-echo "Systemupdate erfolgreich..."
-echo "Installierse benötigte Pakete..."
-echo "Alle Pakete wurden installiert..."
-echo "Lege den Benutzer \"loginuser\" an..."
-echo "Loginuser angelegt..."
-echo "Setze Rechte für \"loginuser\""
-echo "Rechte gesetzt..."
-echo "Deaktiviere login für ROOT..."
-echo "ROOT login deaktiviert..."
-echo "Spiele erforderliche Daten ein..."
-echo "Alle Daten wurden eingespielt..."
-echo "Setze alle Dateiberechtigungen..."
-echo "Alle Berechtigungen wurden gesetzt..."
-echo "Aktiviere benötigte Services..."
-sudo systemctl daemon-reload
-sudo systemctl enable watchdog
-sudo systemctl enable chromium-monitor
-sudo systemctl enable getty@tty1
-clear
-echo "Starte Systemupdate..."
-echo "Systemupdate erfolgreich..."
-echo "Installierse benötigte Pakete..."
-echo "Alle Pakete wurden installiert..."
-echo "Lege den Benutzer \"loginuser\" an..."
-echo "Loginuser angelegt..."
-echo "Setze Rechte für \"loginuser\""
-echo "Rechte gesetzt..."
-echo "Deaktiviere login für ROOT..."
-echo "ROOT login deaktiviert..."
-echo "Spiele erforderliche Daten ein..."
-echo "Alle Daten wurden eingespielt..."
-echo "Setze alle Dateiberechtigungen..."
-echo "Alle Berechtigungen wurden gesetzt..."
-echo "Aktiviere benötigte Services..."
-echo "Watchdog, Chromium und AutoLogin wurden aktiviert..."
-echo "Lösche nicht mehr benötigte Kernel..."
-sudo bash /root/remove_unused_kernel.sh -u -e
-rm /root/remove_unused_kernel.sh
-clear
-echo "Starte Systemupdate..."
-echo "Systemupdate erfolgreich..."
-echo "Installierse benötigte Pakete..."
-echo "Alle Pakete wurden installiert..."
-echo "Lege den Benutzer \"loginuser\" an..."
-echo "Loginuser angelegt..."
-echo "Setze Rechte für \"loginuser\""
-echo "Rechte gesetzt..."
-echo "Deaktiviere login für ROOT..."
-echo "ROOT login deaktiviert..."
-echo "Spiele erforderliche Daten ein..."
-echo "Alle Daten wurden eingespielt..."
-echo "Setze alle Dateiberechtigungen..."
-echo "Alle Berechtigungen wurden gesetzt..."
-echo "Aktiviere benötigte Services..."
-echo "Watchdog, Chromium und AutoLogin wurden aktiviert..."
-echo "Lösche nicht mehr benötigte Kernel..."
-echo "Alte Kernel gelöscht..."
-echo "Installation komplett..."
-echo "Zum Neustarten bitte eine beliebige Taste drücken..."
+sudo passwd -l root >>/var/log/install 2>&1 && print_status "Root login disabled"
+
+echo -e "${RED}→${NC} Copy requiered files..."
+declare -A files=(
+    ["./rps-client/boot/ro-root.sh"]="/boot/ro-root.sh"
+    ["./rps-client/boot/firmware/ro-root.sh"]="/boot/firmware/ro-root.sh"
+    ["./rps-client/etc/dhcp/dhclient.conf"]="/etc/dhcp/dhclient.conf"
+    ["./rps-client/etc/systemd/system/hostname.service"]="/etc/systemd/system/hostname.service"
+    ["./rps-client/etc/systemd/system/watchdog-monitor.service"]="/etc/systemd/system/watchdog-monitor.service"
+    ["./rps-client/etc/systemd/system/chromium-monitor.service"]="/etc/systemd/system/chromium-monitor.service"
+    ["./rps-client/etc/systemd/system/getty@tty1.service.d/override.conf"]="/etc/systemd/system/getty@tty1.service.d/override.conf"
+    ["./rps-client/etc/chromium/policies/managed/disable_password_saving.json"]="/etc/chromium/policies/managed/disable_password_saving.json"
+    ["./rps-client/home/loginuser/.bash_profile"]="/home/loginuser/.bash_profile"
+    ["./rps-client/home/loginuser/.xinitrc"]="/home/loginuser/.xinitrc"
+    ["./rps-client/home/wis/.ssh/id_rsa.pub"]="/home/wis/.ssh/id_rsa.pub"
+    ["./rps-client/root/remove_unused_kernel.sh"]="/root/remove_unused_kernel.sh"
+    ["./rps-client/root/.vnc/config.d/vncserver-x11"]="/root/.vnc/config.d/vncserver-x11"
+    ["./rps-client/usr/bin/custom/hostname"]="/usr/bin/custom/hostname"
+    ["./rps-client/usr/bin/custom/chromium-monitor"]="/usr/bin/custom/chromium-monitor"
+    ["./rps-client/usr/bin/custom/watchdog-monitor"]="/usr/bin/custom/watchdog-monitor"
+)
+RSYNC_OPTS="-a --numeric-ids --info=progress2 --no-owner --no-group"
+for src in "${!files[@]}"; do
+    dst="${files[$src]}"
+    echo "Copying $src to $dst..."
+    sudo rsync $RSYNC_OPTS "$src" "$dst" >>/var/log/install 2>&1 && print_status "$src copied to $dst"
+done
+print_status "All files have been successfully copied"
+
+echo -e "${RED}→${NC} Setting file permissions..."
+sudo chown loginuser:loginuser -R /home/loginuser >>/var/log/install 2>&1 && print_status "File permissions set"
+
+echo -e "${RED}→${NC} Creating log files..."
+sudo touch /var/log/watchdog.log /var/log/chromium-monitor.log /var/log/hostname.log >>/var/log/install 2>&1 && print_status "Log files created"
+sudo chown loginuser:loginuser /var/log/watchdog.log /var/log/chromium-monitor.log /var/log/hostname.log >>/var/log/install 2>&1 && print_status "Ownership set for log files"
+sudo chmod 777 /var/log/watchdog.log /var/log/chromium-monitor.log /var/log/hostname.log >>/var/log/install 2>&1 && print_status "Permissions set for log files"
+sudo chmod +x /usr/bin/custom/* >>/var/log/install 2>&1 && print_status "Permissions set for script files"
+
+echo -e "${RED}→${NC} Enabling services..."
+sudo systemctl daemon-reload >>/var/log/install 2>&1 && print_status "Daemon reloaded"
+sudo systemctl enable hostname watchdog chromium-monitor vncserver-x11-serviced.service getty@tty1 >>/var/log/install 2>&1 && print_status "Services enabled"
+sudo systemctl restart getty@tty1 >>/var/log/install 2>&1 && print_status "getty service restarted"
+
+echo -e "${RED}→${NC} Do you want to clean up unused kernels? (yes/y/ye to proceed):"
+read -r clean_kernels
+if [[ "$clean_kernels" =~ ^[Yy](e[Ss]?)?$ ]]; then
+    echo -e "${RED}→${NC} Cleaning up unused kernels..."
+    sudo bash /root/remove_unused_kernel.sh -u -e >>/var/log/install 2>&1 && print_status "Unused kernels cleaned up"
+else
+    echo -e "${RED}→${NC} Skipping unused kernel cleanup..."
+    print_status "Cleanup has been skipped" >> /var/log/install 2>&1
+fi
+
+echo -e "${RED}→${NC} Configuring Overlayroot..."
+CONFIG_FILE="/etc/overlayroot.conf"
+echo 'overlayroot_cfgdisk="disabled"' | sudo tee "$CONFIG_FILE"
+echo 'overlayroot=""' | sudo tee -a "$CONFIG_FILE"
+read -p "Do you want to activate overlayfs? (y/n): " -r
+if [[ $REPLY =~ ^[Yy](e[Ss]?)?$ ]]; then
+    echo 'overlayroot="tmpfs:overlayfs"' | sudo tee -a "$CONFIG_FILE"
+    sudo raspi-config nonint do_overlayroot 0 >>/var/log/install 2>&1 && print_status "Overlayroot enabled in raspi-config"
+    print_status "Overlayroot has been activated." >> /var/log/install 2>&1
+else
+    echo 'overlayroot=""' | sudo tee -a "$CONFIG_FILE"
+    echo -e "${RED}✖${NC} Overlayroot has not been activated." >> /var/log/install 2>&1
+fi
+
+echo -e "${RED}→${NC} Cleaning up installer..."
+sudo rm -rf ./rps-client >>/var/log/install 2>&1 && print_status "Installer cleaned up"
+
+echo -e "${GREEN}✔${NC} Installation complete. Press any key to reboot..." >> /var/log/install 2>&1
 read -n 1 -s
-sudo reboot
+sudo reboot
+
+# Version 1.2:
+# Created 2024 by Tim Eertmoed, Christian Hampp @ WiS IT-Solutions GmbH, Germany to work on Raspian as custom pxe init script.

root/.ssh/id_rsa.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCYDmONGe644a3bWKAyX1W704B8fCwlj4x/QjwyJX6gKpX2hmtrxZtusK729wTxP0lr1Gzll9A8LAEGqW5/sxxJqwtYDMOEfINsgE8fmvg9XSmJ9t5zOxJAuQfJB/dmE2a2mX3VSH740czvJ6NKlf9BUeu+41ZZUilyHngfgpVxEIED/6ZHRrkMUfaY09IfvwmNiYPTtK4cufLBdeEoNJPQvYdY1i+N+cJstUzlDRs179w8CqLPuPhIb0iQ3WO1S1XXQH4vUm4MaMmK+hDR4J/pfhuI3DXulwE04rZFU2izXQwl5VdYLv8w31gcegyRz68p+LprusY4QiDP62yaUCTE6JdrjjQSxbEag+OqCzozfvoO+SxMdWsxg2eViM4sKTODc0cQBSA4HJcDWeag5LU9k4WGeuVVj8BCCBqh+93IqylqyK7AKMztVZNiftSBEbfK8ZoHawg5PM26LtCTz6YcmGhn/dHpcpyC8606+SHSTl5YinDaRjarCBM4nppD3o5pizVFKutI28Ys3wkVAe96njnJqIi/J5tNQgrbJmteCE3/9SWhpsXjnuZX1RaZYLE3bBg8Gisz/sm7rN3acVXe6QD03PIxwn9Xp8r3avzDkQKo4vqxoYK6JF6j3vs+U4WLElq+NtvuMewfAWF2cgL2quognLWUM5s0p1/zLzxa8w==

root/.vnc/config.d/vncserver-x11

@@ -1 +0,0 @@
-Authentication=None

usr/bin/chromium-monitor

@@ -1,33 +0,0 @@
-#!/bin/bash 
-get_monitor() {
-    sudo cat /var/lib/dhcp/* | grep -a "option monitor" | tail -1 | \
-    awk '{ s = ""; for (i = 3; i <= NF; i++) s = s $i " "; print s}' | \
-    awk -F '"' '{print $2}'
-}
-get_current_window() {
-    DISPLAY=:0 xdotool getwindowfocus getwindowname | awk -F '- Chromium' '{print $1}'
-}
-monitor=""
-while [ -z "$monitor" ]; do
-    monitor=$(get_monitor)
-    if [ -z "$monitor" ]; then
-        sleep 5
-    fi
-done
-monitor_md5=$(echo -n ${monitor^^} | sed -e 's/^[[:space:]]*//' | md5sum | awk '{print $1}')
-while true; do
-    new_monitor=$(get_monitor)
-    new_current=$(get_current_window)
-    if [ -n "$new_monitor" ] && [ -n "$new_current" ]; then
-        new_monitor_md5=$(echo -n ${new_monitor^^} | sed -e 's/^[[:space:]]*//' | md5sum | awk '{print $1}')
-        current_md5=$(echo -n ${new_current^^} | sed -e 's/^[[:space:]]*//' | md5sum | awk '{print $1}')
-        if [ "$new_monitor_md5" != "$monitor_md5" ] && [ "$current_md5" != "$monitor_md5" ]; then
-            echo "Mismatch detected. Rebooting now."
-            sudo reboot
-            exit 1
-        fi
-    else
-        echo "Either monitor or current is not available, skipping check."
-    fi
-    sleep 5s
-done

usr/bin/custom/chromium-monitor

@@ -0,0 +1,51 @@
+#!/bin/bash 
+
+LOGFILE="/var/log/chromium-monitor.log"
+
+# Function to log messages with timestamps
+log() {
+    echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" >> "$LOGFILE"
+}
+
+# Function to get the monitor value from DHCP
+get_monitor() {
+    sudo cat /var/lib/dhcp/* | grep -a "option monitor" | tail -1 | \
+    awk '{ s = ""; for (i = 3; i <= NF; i++) s = s $i " "; print s}' | \
+    awk -F '"' '{print $2}'
+}
+
+# Function to get the current window name
+get_current_window() {
+    DISPLAY=:0 xdotool getwindowfocus getwindowname
+}
+
+# Initialize monitor variable
+monitor=""
+while [ -z "$monitor" ]; do
+    monitor=$(get_monitor)
+    if [ -n "$monitor" ]; then
+        log "Initial monitor detected: $monitor"  # Log initial monitor
+    fi
+    sleep 5
+done
+
+# Main loop to continuously check the current window
+while true; do
+    current_window=$(get_current_window)  # Get the current window name
+
+    if [ -n "$current_window" ]; then
+        # Check for mismatch using case-insensitive comparison
+        if ! echo "$current_window" | grep -iq "$monitor"; then
+            log "Mismatch detected! Monitor: $monitor, Current: $current_window"
+            log "Rebooting now."
+            sudo reboot
+            exit 1
+        fi
+    fi
+
+    # Sleep for a short duration before the next check
+    sleep 5
+done
+
+# Version 1.0:
+# Created 2024 by Tim Eertmoed, Christian Hampp @ WiS IT-Solutions GmbH, Germany to work on Raspbian as custom PXE init script.

usr/bin/custom/hostname

@@ -0,0 +1,40 @@
+#!/bin/bash 
+
+LOGFILE="/var/log/hostname.log"
+
+# Function to log messages with timestamps
+log() {
+    echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" >> "$LOGFILE"
+}
+
+# Function to read the hostname from the DHCP lease file
+get_hostname() {
+    sudo cat /var/lib/dhcp/* | grep -a "option host-name" | tail -1 | \
+    awk -F '"' '{print $2}'
+}
+
+# Function to update /etc/hosts with the new hostname
+update_hosts() {
+    local hostname="$1"
+    # Replace the second line with the new hostname
+    sudo sed -i "2s/.*/127.0.1.1   ${hostname}/" /etc/hosts
+    log "Updated /etc/hosts with hostname: $hostname"
+}
+
+# Read the hostname from DHCP
+hostname=$(get_hostname)
+
+if [ -n "$hostname" ]; then
+    # Set the hostname using hostnamectl
+    sudo hostnamectl set-hostname "$hostname"
+    log "Set hostname to: $hostname"
+    update_hosts "$hostname"
+else
+    log "No hostname found."
+fi
+
+# Log completion
+log "Hostname update script completed."
+
+# Version 1.0:
+# Created 2024 by Tim Eertmoed, Christian Hampp @ WiS IT-Solutions GmbH, Germany to work on Raspbian as custom PXE init script.

usr/bin/custom/watchdog-monitor

@@ -0,0 +1,99 @@
+#!/bin/bash
+
+# Log file
+log_file="/var/log/watchdog.log"
+
+# Configuration file
+config_file="/etc/watchdog.conf"
+
+# Function to log messages with timestamp
+log() {
+    echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" >> "$log_file"
+}
+
+# Function to update watchdog configuration
+update_watchdog_config() {
+    # Extract watchdog IP addresses
+    watchdog=$(sudo cat /var/lib/dhcp/* | grep -a "option watchdog" | tail -1 | \
+    awk '{for (i=3; i<=NF; i++) printf "%s ", $i}' | tr -d '";')
+    
+    IFS=', ' read -r -a ip_array <<< "$watchdog"  # Split IPs by comma or space
+
+    # Backup current configuration
+    sudo cp "$config_file" "$config_file.bak"
+    log "Backup of $config_file created successfully."
+
+    # Write static configuration to file
+    {
+        echo "realtime = yes"
+        echo "priority = 1"
+        echo "interface = eth0"
+        echo "interval = 58"
+        echo "ping-count = 1"
+    } | sudo tee "$config_file" > /dev/null
+    log "Static configuration written to $config_file."
+
+    if [ ${#ip_array[@]} -eq 0 ]; then
+        log "No IP addresses found. Watchdog configuration cleared."
+        return 1  # No IP addresses to configure
+    else
+        # Append IPs to config
+        for ip in "${ip_array[@]}"; do
+            echo "ping = $ip" | sudo tee -a "$config_file" > /dev/null
+        done
+        log "Configured watchdog to ping: ${ip_array[*]}"
+
+        # Attempt to restart watchdog service
+        if ! sudo systemctl restart watchdog; then
+            log "Failed to restart watchdog service. Attempting to stop and start."
+
+            # Fallback: stop then start the service
+            sudo systemctl stop watchdog
+            if sudo systemctl start watchdog; then
+                log "Watchdog service started successfully after stop."
+            else
+                log "Failed to start watchdog service after stop."
+                return 1
+            fi
+        else
+            log "Watchdog service restarted successfully."
+        fi
+
+        # Stop watchdog-monitor service if restart/start was successful
+        if sudo systemctl stop watchdog-monitor; then
+            log "watchdog-monitor service stopped successfully."
+        else
+            log "Failed to stop watchdog-monitor service."
+        fi
+
+        return 0  # Successful restart/start
+    fi
+}
+
+# Loop parameters
+interval=30  # Interval to wait between checks
+start_time=$(date +%s)
+end_time=$((start_time + 300))  # 5 minutes in seconds
+
+# Main loop
+while true; do
+    if ! update_watchdog_config; then
+        log "IP addresses found and watchdog restarted. Exiting loop."
+        break
+    else
+        log "No IP addresses found or restart failed. Waiting for $interval seconds before checking again..."
+    fi
+
+    # Check if 5 minutes have passed
+    if [ "$(date +%s)" -ge "$end_time" ]; then
+        log "5 minutes have passed. Stopping the watchdog service."
+        sudo systemctl stop watchdog
+        break
+    fi
+
+    log "Waiting for $interval seconds before checking for IP addresses again..."
+    sleep $interval
+done
+
+# Version 1.5:
+# Created 2024 by Tim Eertmoed @ WiS IT-Solutions GmbH, Germany to work on Raspian as custom PXE init script.

usr/bin/watchdog

@@ -1,19 +0,0 @@
-#!/bin/bash
-watchdog=$(sudo cat /var/lib/dhcp/* | grep -a "option watchdog" | tail -1 | \
-awk '{for (i=3; i<=NF; i++) printf "%s ", $i}' | tr -d '";')
-IFS=' ' read -r -a ip_array <<< "$watchdog"
-config_file="/etc/watchdog.conf"
-sudo cp "$config_file" "$config_file.bak"
-sudo sed -i '/ping/d' "$config_file"
-sudo sed -i '/^interval/d' "$config_file"
-echo "interval = 60" | sudo tee -a "$config_file" > /dev/null
-if [ ${#ip_array[@]} -eq 0 ]; then
-    sudo sed -i '/interval/d' "$config_file"
-    echo "No IP addresses found. Watchdog configuration cleared." >&2
-    sudo systemctl stop watchdog
-else
-    for ip in "${ip_array[@]}"; do
-        echo "ping = $ip" | sudo tee -a "$config_file" > /dev/null
-    done
-fi
-sudo systemctl restart watchdog