data/config/.xinitrc aktualisiert

README.md

@@ -1,7 +1,7 @@
 # RPS-Client
 
 ```bash
-wget -qO- --header 'Authorization:token 9031f8d227dd83ba601680bf3a9f6c2d26c1a970' https://gitea.int.eertmoed.net/WiS/RPS-Client/archive/latest.tar.gz | tar xvz ; bash ./rps-client/install.sh ;
+wget -qO- --header 'Authorization:token 9031f8d227dd83ba601680bf3a9f6c2d26c1a970' https://gitea.int.eertmoed.net/WiS/RPS-Client/archive/latest.tar.gz | tar xvz ; bash /root/rps-client/install.sh ;
 ```
 
 ```ruby

boot/firmware/ro-root.sh

@@ -1,120 +0,0 @@
-#!/bin/sh
-
-#  Read-only Root-FS for Raspian using overlayfs
-#  Version 1.1:
-#  Changed to use /proc/mounts rathern than /etc/fstab for deriving the root filesystem.
-#
-#  Version 1:
-#  Created 2017 by Pascal Suter @ DALCO AG, Switzerland to work on Raspian as custom init script
-#  (raspbian does not use an initramfs on boot)
-#
-#  This program is free software: you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation, either version 3 of the License, or
-#  (at your option) any later version.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#    You should have received a copy of the GNU General Public License
-#    along with this program.  If not, see
-#    <http://www.gnu.org/licenses/>.
-#
-#
-#  Tested with Raspbian mini, 2017-01-11
-#
-#  This script will mount the root filesystem read-only and overlay it with a temporary tempfs
-#  which is read-write mounted. This is done using the overlayFS which is part of the linux kernel
-#  since version 3.18.
-#  when this script is in use, all changes made to anywhere in the root filesystem mount will be lost
-#  upon reboot of the system. The SD card will only be accessed as read-only drive, which significantly
-#  helps to prolong its life and prevent filesystem coruption in environments where the system is usually
-#  not shut down properly
-#
-#  Install:
-#  copy this script to /sbin/overlayRoot.sh and add "init=/sbin/overlayRoot.sh" to the cmdline.txt
-#  file in the raspbian image's boot partition.
-#  I strongly recommend to disable swapping before using this. it will work with swap but that just does
-#  not make sens as the swap file will be stored in the tempfs which again resides in the ram.
-#  run these commands on the booted raspberry pi BEFORE you set the init=/sbin/overlayRoot.sh boot option:
-#  sudo dphys-swapfile swapoff
-#  sudo dphys-swapfile uninstall
-#  sudo update-rc.d dphys-swapfile remove
-#
-#  To install software, run upgrades and do other changes to the raspberry setup, simply remove the init=
-#  entry from the cmdline.txt file and reboot, make the changes, add the init= entry and reboot once more.
-
-fail(){
-        echo -e "$1"
-        /bin/bash
-}
-
-# load module
-modprobe overlay
-if [ $? -ne 0 ]; then
-    fail "ERROR: missing overlay kernel module"
-fi
-# mount /proc
-mount -t proc proc /proc
-
-# create a writable fs to then create our mountpoints
-mount -t tmpfs inittemp /mnt
-if [ $? -ne 0 ]; then
-    fail "ERROR: could not create a temporary filesystem to mount the base filesystems for overlayfs"
-fi
-mkdir /mnt/lower
-mkdir /mnt/rw
-mount -t tmpfs root-rw /mnt/rw
-if [ $? -ne 0 ]; then
-    fail "ERROR: could not create tempfs for upper filesystem"
-fi
-mkdir /mnt/rw/upper
-mkdir /mnt/rw/work
-mkdir /mnt/newroot
-
-# mount root filesystem readonly
-rootDev=`awk '$2 == "/" {print $1}' /proc/mounts`
-rootMountOpt=`awk '$2 == "/" {print $4}' /proc/mounts`
-rootFsType=`awk '$2 == "/" {print $3}' /proc/mounts`
-mount -t ${rootFsType} -o ${rootMountOpt},ro ${rootDev} /mnt/lower
-if [ $? -ne 0 ]; then
-    fail "ERROR: could not ro-mount original root partition"
-fi
-mount -t overlay -o lowerdir=/mnt/lower,upperdir=/mnt/rw/upper,workdir=/mnt/rw/work overlayfs-root /mnt/newroot
-if [ $? -ne 0 ]; then
-    fail "ERROR: could not mount overlayFS"
-fi
-# create mountpoints inside the new root filesystem-overlay
-mkdir /mnt/newroot/ro
-mkdir /mnt/newroot/rw
-# remove root mount from fstab (this is already a non-permanent modification)
-grep -v "$rootDev" /mnt/lower/etc/fstab > /mnt/newroot/etc/fstab
-echo "#the original root mount has been removed by overlayRoot.sh" >> /mnt/newroot/etc/fstab
-echo "#this is only a temporary modification, the original fstab" >> /mnt/newroot/etc/fstab
-echo "#stored on the disk can be found in /ro/etc/fstab" >> /mnt/newroot/etc/fstab
-# change to the new overlay root
-cd /mnt/newroot
-pivot_root . mnt
-exec chroot . sh -c "$(cat <<END
-# move ro and rw mounts to the new root
-mount --move /mnt/mnt/lower/ /ro
-if [ $? -ne 0 ]; then
-    echo "ERROR: could not move ro-root into newroot"
-    /bin/bash
-fi
-mount --move /mnt/mnt/rw /rw
-if [ $? -ne 0 ]; then
-    echo "ERROR: could not move tempfs rw mount into newroot"
-    /bin/bash
-fi
-# unmount unneeded mounts so we can unmout the old readonly root
-umount /mnt/mnt
-umount /mnt/proc
-umount -l -f /mnt/dev
-umount -l -f /mnt
-# continue with regular init
-exec /sbin/init
-END
-)"

boot/ro-root.sh

@@ -1,120 +0,0 @@
-#!/bin/sh
-
-#  Read-only Root-FS for Raspian using overlayfs
-#  Version 1.1:
-#  Changed to use /proc/mounts rathern than /etc/fstab for deriving the root filesystem.
-#
-#  Version 1:
-#  Created 2017 by Pascal Suter @ DALCO AG, Switzerland to work on Raspian as custom init script
-#  (raspbian does not use an initramfs on boot)
-#
-#  This program is free software: you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation, either version 3 of the License, or
-#  (at your option) any later version.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#    You should have received a copy of the GNU General Public License
-#    along with this program.  If not, see
-#    <http://www.gnu.org/licenses/>.
-#
-#
-#  Tested with Raspbian mini, 2017-01-11
-#
-#  This script will mount the root filesystem read-only and overlay it with a temporary tempfs
-#  which is read-write mounted. This is done using the overlayFS which is part of the linux kernel
-#  since version 3.18.
-#  when this script is in use, all changes made to anywhere in the root filesystem mount will be lost
-#  upon reboot of the system. The SD card will only be accessed as read-only drive, which significantly
-#  helps to prolong its life and prevent filesystem coruption in environments where the system is usually
-#  not shut down properly
-#
-#  Install:
-#  copy this script to /sbin/overlayRoot.sh and add "init=/sbin/overlayRoot.sh" to the cmdline.txt
-#  file in the raspbian image's boot partition.
-#  I strongly recommend to disable swapping before using this. it will work with swap but that just does
-#  not make sens as the swap file will be stored in the tempfs which again resides in the ram.
-#  run these commands on the booted raspberry pi BEFORE you set the init=/sbin/overlayRoot.sh boot option:
-#  sudo dphys-swapfile swapoff
-#  sudo dphys-swapfile uninstall
-#  sudo update-rc.d dphys-swapfile remove
-#
-#  To install software, run upgrades and do other changes to the raspberry setup, simply remove the init=
-#  entry from the cmdline.txt file and reboot, make the changes, add the init= entry and reboot once more.
-
-fail(){
-        echo -e "$1"
-        /bin/bash
-}
-
-# load module
-modprobe overlay
-if [ $? -ne 0 ]; then
-    fail "ERROR: missing overlay kernel module"
-fi
-# mount /proc
-mount -t proc proc /proc
-
-# create a writable fs to then create our mountpoints
-mount -t tmpfs inittemp /mnt
-if [ $? -ne 0 ]; then
-    fail "ERROR: could not create a temporary filesystem to mount the base filesystems for overlayfs"
-fi
-mkdir /mnt/lower
-mkdir /mnt/rw
-mount -t tmpfs root-rw /mnt/rw
-if [ $? -ne 0 ]; then
-    fail "ERROR: could not create tempfs for upper filesystem"
-fi
-mkdir /mnt/rw/upper
-mkdir /mnt/rw/work
-mkdir /mnt/newroot
-
-# mount root filesystem readonly
-rootDev=`awk '$2 == "/" {print $1}' /proc/mounts`
-rootMountOpt=`awk '$2 == "/" {print $4}' /proc/mounts`
-rootFsType=`awk '$2 == "/" {print $3}' /proc/mounts`
-mount -t ${rootFsType} -o ${rootMountOpt},ro ${rootDev} /mnt/lower
-if [ $? -ne 0 ]; then
-    fail "ERROR: could not ro-mount original root partition"
-fi
-mount -t overlay -o lowerdir=/mnt/lower,upperdir=/mnt/rw/upper,workdir=/mnt/rw/work overlayfs-root /mnt/newroot
-if [ $? -ne 0 ]; then
-    fail "ERROR: could not mount overlayFS"
-fi
-# create mountpoints inside the new root filesystem-overlay
-mkdir /mnt/newroot/ro
-mkdir /mnt/newroot/rw
-# remove root mount from fstab (this is already a non-permanent modification)
-grep -v "$rootDev" /mnt/lower/etc/fstab > /mnt/newroot/etc/fstab
-echo "#the original root mount has been removed by overlayRoot.sh" >> /mnt/newroot/etc/fstab
-echo "#this is only a temporary modification, the original fstab" >> /mnt/newroot/etc/fstab
-echo "#stored on the disk can be found in /ro/etc/fstab" >> /mnt/newroot/etc/fstab
-# change to the new overlay root
-cd /mnt/newroot
-pivot_root . mnt
-exec chroot . sh -c "$(cat <<END
-# move ro and rw mounts to the new root
-mount --move /mnt/mnt/lower/ /ro
-if [ $? -ne 0 ]; then
-    echo "ERROR: could not move ro-root into newroot"
-    /bin/bash
-fi
-mount --move /mnt/mnt/rw /rw
-if [ $? -ne 0 ]; then
-    echo "ERROR: could not move tempfs rw mount into newroot"
-    /bin/bash
-fi
-# unmount unneeded mounts so we can unmout the old readonly root
-umount /mnt/mnt
-umount /mnt/proc
-umount -l -f /mnt/dev
-umount -l -f /mnt
-# continue with regular init
-exec /sbin/init
-END
-)"

data/config/.xinitrc

@@ -24,7 +24,6 @@ then
 	WBS=https://www.wis.gmbh/
 fi
 
-#Start Chromium
 chromium-browser $WBS \
   --window-size=$RES \
   --window-position=0,0 \

data/scripts/overlayRoot.sh

@@ -0,0 +1,70 @@
+#!/bin/bash
+
+# Dieses Skript wird das Root-Dateisystem schreibgeschützt einbinden und es mit einem temporären tmpfs-Overlay versehen.
+#
+# Installation:
+# Kopiere dieses Skript nach /sbin/overlayRoot.sh und füge "init=/sbin/overlayRoot.sh" zur cmdline.txt-Datei
+# in der Boot-Partition des Raspbian-Images hinzu.
+#
+# Führe die folgenden Befehle als root aus:
+# sudo dphys-swapfile swapoff
+# sudo dphys-swapfile uninstall
+# sudo update-rc.d dphys-swapfile remove
+#
+# Um Software zu installieren, Upgrades durchzuführen und andere Änderungen an der Raspberry-Konfiguration vorzunehmen,
+# entferne einfach den Eintrag "init=/sbin/overlayRoot.sh" aus der cmdline.txt-Datei und starte das System neu.
+# Nimm die gewünschten Änderungen vor, füge den init= Eintrag wieder hinzu und starte erneut neu.
+
+set -e
+fail() {
+    echo -e "$1" >&2
+    exit 1
+}
+
+# Prüfen und Modul laden
+modprobe overlay || fail "ERROR: OverlayFS-Modul nicht geladen."
+
+# /proc einbinden
+mountpoint -q /proc || mount -t proc proc /proc
+
+# Temporäres Dateisystem für Overlay erstellen
+mount -t tmpfs tmpfs /overlay || fail "ERROR: tmpfs konnte nicht gemountet werden."
+mkdir -p /overlay/lower /overlay/rw/upper /overlay/rw/work /overlay/newroot
+
+# Root-Dateisystem schreibgeschützt einbinden
+rootDev=$(awk '$2 == "/" {print $1}' /proc/mounts)
+rootMountOpt=$(awk '$2 == "/" {print $4}' /proc/mounts)
+rootFsType=$(awk '$2 == "/" {print $3}' /proc/mounts)
+
+mount -t "${rootFsType}" -o "${rootMountOpt},ro" "${rootDev}" /overlay/lower || \
+    fail "ERROR: Ursprüngliches Root-Dateisystem konnte nicht schreibgeschützt eingebunden werden."
+
+# OverlayFS einbinden
+mount -t overlay \
+    -o lowerdir=/overlay/lower,upperdir=/overlay/rw/upper,workdir=/overlay/rw/work \
+    overlay /overlay/newroot || fail "ERROR: OverlayFS konnte nicht gemountet werden."
+
+# Neue Root-Overlay-Verzeichnisse erstellen
+mkdir -p /overlay/newroot/overlay/ro /overlay/newroot/overlay/rw
+
+# Originale fstab modifizieren
+grep -v "$rootDev" /overlay/lower/etc/fstab > /overlay/newroot/etc/fstab
+cat <<EOF >> /overlay/newroot/etc/fstab
+# Das originale Root-Dateisystem wurde durch overlayRoot.sh entfernt.
+# Diese änderung ist temporär. Die originale fstab ist in /overlay/ro/etc/fstab verfügbar.
+EOF
+
+# Root wechseln und alte Root aufräumen
+cd /overlay/newroot
+pivot_root . overlay || fail "ERROR: pivot_root fehlgeschlagen."
+
+exec chroot . /bin/bash -c "
+    mount --move /overlay/overlay/lower /overlay/ro || fail 'ERROR: /ro konnte nicht verschoben werden.'
+    mount --move /overlay/overlay/rw /overlay/rw || fail 'ERROR: /rw konnte nicht verschoben werden.'
+    umount /overlay/overlay || true
+    umount /overlay/proc || true
+    umount -l -f /overlay/dev || true
+    umount -l -f /overlay || true
+
+    exec /sbin/init
+"

data/service/chromium-monitor.service

@@ -5,6 +5,7 @@ After=network.target
 [Service]
 Type=simple
 User=loginuser
+ExecStartPre=/bin/bash -c 'pgrep -f chromium-browser > /dev/null || exit 1'
 ExecStart=/usr/bin/custom/chromium-monitor
 
 [Install]

home/wis/.ssh/id_rsa.pub

@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCYDmONGe644a3bWKAyX1W704B8fCwlj4x/QjwyJX6gKpX2hmtrxZtusK729wTxP0lr1Gzll9A8LAEGqW5/sxxJqwtYDMOEfINsgE8fmvg9XSmJ9t5zOxJAuQfJB/dmE2a2mX3VSH740czvJ6NKlf9BUeu+41ZZUilyHngfgpVxEIED/6ZHRrkMUfaY09IfvwmNiYPTtK4cufLBdeEoNJPQvYdY1i+N+cJstUzlDRs179w8CqLPuPhIb0iQ3WO1S1XXQH4vUm4MaMmK+hDR4J/pfhuI3DXulwE04rZFU2izXQwl5VdYLv8w31gcegyRz68p+LprusY4QiDP62yaUCTE6JdrjjQSxbEag+OqCzozfvoO+SxMdWsxg2eViM4sKTODc0cQBSA4HJcDWeag5LU9k4WGeuVVj8BCCBqh+93IqylqyK7AKMztVZNiftSBEbfK8ZoHawg5PM26LtCTz6YcmGhn/dHpcpyC8606+SHSTl5YinDaRjarCBM4nppD3o5pizVFKutI28Ys3wkVAe96njnJqIi/J5tNQgrbJmteCE3/9SWhpsXjnuZX1RaZYLE3bBg8Gisz/sm7rN3acVXe6QD03PIxwn9Xp8r3avzDkQKo4vqxoYK6JF6j3vs+U4WLElq+NtvuMewfAWF2cgL2quognLWUM5s0p1/zLzxa8w==

install.sh

@@ -11,104 +11,41 @@ print_status() {
     echo -e "${GREEN}✔${NC} ${1} completed."
 }
 
-echo -e "${RED}→${NC} Starting System Update..."
-sudo apt update >>/var/log/install 2>&1 && print_status "System Update"
-sudo apt upgrade -y >>/var/log/install 2>&1 && print_status "System Upgrade"
-sudo apt dist-upgrade -y >>/var/log/install 2>&1 && print_status "System Dist-Upgrade"
+# Update and setup system and packages
+echo -e "${RED}→${NC} Starting System Update..." | tee -a /var/log/install
+sudo apt-get update >>/var/log/install 2>&1 && print_status "System Update"
+sudo apt-get full-upgrade -y >>/var/log/install 2>&1 && print_status "System Upgrade"
 
-echo -e "${RED}→${NC} Installing required packages..."
-sudo apt install --no-install-recommends xserver-xorg x11-xserver-utils xinit chromium-browser fonts-noto-color-emoji nfs-common watchdog xdotool rsync -y >>/var/log/install 2>&1 && print_status "Required packages installed"
-sudo apt install realvnc-vnc-server overlayroot -y >>/var/log/install 2>&1 && print_status "VNC and Overlayroot installed"
+echo -e "${RED}→${NC} Installing required packages..." | tee -a /var/log/install
+sudo apt install --no-install-recommends realvnc-vnc-server xserver-xorg x11-xserver-utils xinit chromium-browser fonts-noto-color-emoji nfs-common watchdog xdotool rsync -y >>/var/log/install 2>&1 && print_status "Required packages installed"
 sudo apt autoremove -y >>/var/log/install 2>&1 && print_status "Autoremove"
 sudo apt clean >>/var/log/install 2>&1 && print_status "Clean"
 rm -rf /var/lib/apt/lists/* >>/var/log/install 2>&1 && print_status "Clear cache"
 
-echo -e "${GREEN}→${NC} Configuring Raspberry Pi settings..."
-sudo raspi-config nonint do_camera 0 >> /var/log/install 2>&1 && print_status "Camera disabled"
-sudo raspi-config nonint do_vnc 0 >> /var/log/install 2>&1 && print_status "VNC enabled"
-sudo raspi-config nonint do_spi 0 >> /var/log/install 2>&1 && print_status "SPI disabled"
-sudo raspi-config nonint do_i2c 0 >> /var/log/install 2>&1 && print_status "I2C disabled"
-sudo raspi-config nonint do_serial 0 0 >> /var/log/install 2>&1 && print_status "Serial port disabled"
-sudo raspi-config nonint do_onewire 0 >> /var/log/install 2>&1 && print_status "1-Wire disabled"
-sudo raspi-config nonint do_remote_gpio 0 >> /var/log/install 2>&1 && print_status "Remote GPIO disabled"
-sudo raspi-config nonint do_gpu_memory 256 >> /var/log/install 2>&1 && print_status "GPU memory set to 256MB"
-sudo raspi-config nonint do_locale "de_DE.UTF-8" "de_DE.UTF-8" >> /var/log/install 2>&1 && print_status "Locale set to de_DE.UTF-8"
-sudo raspi-config nonint do_timezone "Europe/Berlin" >> /var/log/install 2>&1 && print_status "Timezone set to Europe/Berlin"
-sudo raspi-config nonint do_boot_order 3 >> /var/log/install 2>&1 && print_status "Boot order set to network boot"
+echo -e "${RED}→${NC} Configuring Raspberry Pi settings..." | tee -a /var/log/install
+print_status ""
 
-echo -e "${RED}→${NC} Configuring VNC..."
-sudo systemctl enable vncserver-x11-serviced.service >>/var/log/install 2>&1 && print_status "VNC service enabled"
-sudo systemctl start vncserver-x11-serviced.service >>/var/log/install 2>&1 && print_status "VNC service started"
-CONFIG_FILE="/root/.vnc/config.d/vncserver-x11"
-if [ ! -d "$(dirname "$CONFIG_FILE")" ]; then
-    mkdir -p "$(dirname "$CONFIG_FILE")"
-    print_status "Created directory for VNC config." >> /var/log/install 2>&1
-fi
-read -p "Do you want to set a VNC password? (y/n): " -r
-if [[ $REPLY =~ ^[Yy](e[Ss]?)?$ ]]; then
-    vncpasswd
-    print_status "VNC password has been set." >> /var/log/install 2>&1
-else
-    echo -e "${RED}✖${NC} No VNC password will be set." >> /var/log/install 2>&1
-fi
-if [ "$(vncpasswd -o)" = 'none' ]; then
-    echo "Authentication=None" >> "$CONFIG_FILE"
-    echo "Geometry=1920x1080" >> "$CONFIG_FILE"
-    echo "#  Version 1.0:" >> "$CONFIG_FILE"
-    echo "#  Created 2024 by Tim Eertmoed, Christian Hampp @ WiS IT-Solutions GmbH, Germany to work on Raspbian as custom PXE init script." >> "$CONFIG_FILE"
-    print_status "VNC config set to no authentication with geometry 1920x1080." >> /var/log/install 2>&1
-else
-    echo "Authentication=VNC" >> "$CONFIG_FILE"
-    echo "Geometry=1920x1080" >> "$CONFIG_FILE"
-    echo "#  Version 1.0:" >> "$CONFIG_FILE"
-    echo "#  Created 2024 by Tim Eertmoed, Christian Hampp @ WiS IT-Solutions GmbH, Germany to work on Raspbian as custom PXE init script." >> "$CONFIG_FILE"
-    print_status "VNC password is set. Authentication will be required." >> /var/log/install 2>&1
-fi
-sudo raspi-config nonint do_vnc 0 >>/var/log/install 2>&1 && print_status "VNC enabled in raspi-config"
-
-echo -e "${RED}→${NC} Creating user 'loginuser'..."
+# Set needed users
+echo -e "${RED}→${NC} Creating user 'loginuser'..." | tee -a /var/log/install
 sudo adduser --disabled-password --gecos "" loginuser >>/var/log/install 2>&1 && print_status "User 'loginuser' created"
 
-echo -e "${RED}→${NC} Setting permissions for 'loginuser'..."
-sudo tee /etc/sudoers.d/loginuser >/dev/null << 'EOF'
-loginuser ALL=(ALL) NOPASSWD: /usr/bin/systemctl start watchdog, /usr/bin/systemctl stop watchdog, /usr/bin/systemctl restart watchdog
-loginuser ALL=(ALL) NOPASSWD: /usr/bin/systemctl stop watchdog-monitor
-loginuser ALL=(ALL) NOPASSWD: /usr/bin/cat /var/lib/dhcp/*
-loginuser ALL=(ALL) NOPASSWD: /usr/bin/cp /etc/watchdog.conf /etc/watchdog.conf.bak
-loginuser ALL=(ALL) NOPASSWD: /usr/bin/tee /etc/watchdog.conf, /usr/bin/tee -a /etc/watchdog.conf
-loginuser ALL=(ALL) NOPASSWD: /usr/bin/sed -i
-loginuser ALL=(ALL) NOPASSWD: /usr/bin/sed -r 's/[x]+/,/g'
-loginuser ALL=(ALL) NOPASSWD: /usr/bin/fbset -s
-loginuser ALL=(ALL) NOPASSWD: /usr/bin/hostnamectl set-hostname
-loginuser ALL=(ALL) NOPASSWD: /usr/sbin/dhclient eth0
-loginuser ALL=(ALL) NOPASSWD: /usr/sbin/reboot
-EOF
-sudo usermod -aG video loginuser >>/var/log/install 2>&1 && print_status "Permissions for 'loginuser' set"
-
-echo -e "${RED}→${NC} Disabling root login..."
-sudo tee /etc/ssh/sshd_config >/dev/null << 'EOF'
-PermitRootLogin no
-EOF
-sudo passwd -l root >>/var/log/install 2>&1 && print_status "Root login disabled"
-
-echo -e "${RED}→${NC} Copy requiered files..."
+# Copy required files
+echo -e "${RED}→${NC} Copy requiered files..." | tee -a /var/log/install
+mkdir -p /etc/chromium/policies/managed /etc/systemd/system/getty@tty1.service.d /usr/bin/custom
 declare -A files=(
-    ["./rps-client/boot/ro-root.sh"]="/boot/ro-root.sh"
-    ["./rps-client/boot/firmware/ro-root.sh"]="/boot/firmware/ro-root.sh"
-    ["./rps-client/etc/dhcp/dhclient.conf"]="/etc/dhcp/dhclient.conf"
-    ["./rps-client/etc/systemd/system/hostname.service"]="/etc/systemd/system/hostname.service"
-    ["./rps-client/etc/systemd/system/watchdog-monitor.service"]="/etc/systemd/system/watchdog-monitor.service"
-    ["./rps-client/etc/systemd/system/chromium-monitor.service"]="/etc/systemd/system/chromium-monitor.service"
-    ["./rps-client/etc/systemd/system/getty@tty1.service.d/override.conf"]="/etc/systemd/system/getty@tty1.service.d/override.conf"
-    ["./rps-client/etc/chromium/policies/managed/disable_password_saving.json"]="/etc/chromium/policies/managed/disable_password_saving.json"
-    ["./rps-client/home/loginuser/.bash_profile"]="/home/loginuser/.bash_profile"
-    ["./rps-client/home/loginuser/.xinitrc"]="/home/loginuser/.xinitrc"
-    ["./rps-client/home/wis/.ssh/id_rsa.pub"]="/home/wis/.ssh/id_rsa.pub"
-    ["./rps-client/root/remove_unused_kernel.sh"]="/root/remove_unused_kernel.sh"
-    ["./rps-client/root/.vnc/config.d/vncserver-x11"]="/root/.vnc/config.d/vncserver-x11"
-    ["./rps-client/usr/bin/custom/hostname"]="/usr/bin/custom/hostname"
-    ["./rps-client/usr/bin/custom/chromium-monitor"]="/usr/bin/custom/chromium-monitor"
-    ["./rps-client/usr/bin/custom/watchdog-monitor"]="/usr/bin/custom/watchdog-monitor"
+    ["/root/rps-client/data/config/dhclient.conf"]="/etc/dhcp/dhclient.conf"
+    ["/root/rps-client/data/config/override.conf"]="/etc/systemd/system/getty@tty1.service.d/override.conf"
+    ["/root/rps-client/data/config/disable_password_saving.json"]="/etc/chromium/policies/managed/disable_password_saving.json"
+    ["/root/rps-client/data/config/.bash_profile"]="/home/loginuser/.bash_profile"
+    ["/root/rps-client/data/config/.xinitrc"]="/home/loginuser/.xinitrc"
+    ["/root/rps-client/data/scripts/overlayRoot.sh"]="/sbin/overlayRoot.sh"
+    ["/root/rps-client/data/scripts/remove_unused_kernel.sh"]="/root/remove_unused_kernel.sh"
+    ["/root/rps-client/data/scripts/hostname"]="/usr/bin/custom/hostname"
+    ["/root/rps-client/data/scripts/chromium-monitor"]="/usr/bin/custom/chromium-monitor"
+    ["/root/rps-client/data/scripts/watchdog-monitor"]="/usr/bin/custom/watchdog-monitor"
+    ["/root/rps-client/data/service/hostname.service"]="/etc/systemd/system/hostname.service"
+    ["/root/rps-client/data/service/watchdog-monitor.service"]="/etc/systemd/system/watchdog-monitor.service"
+    ["/root/rps-client/data/service/chromium-monitor.service"]="/etc/systemd/system/chromium-monitor.service"
 )
 RSYNC_OPTS="-a --numeric-ids --info=progress2 --no-owner --no-group"
 for src in "${!files[@]}"; do
@@ -118,54 +55,101 @@ for src in "${!files[@]}"; do
 done
 print_status "All files have been successfully copied"
 
-echo -e "${RED}→${NC} Setting file permissions..."
-sudo chown loginuser:loginuser -R /home/loginuser >>/var/log/install 2>&1 && print_status "File permissions set"
+# Set permissions
+echo -e "${RED}→${NC} Setting file permissions..." | tee -a /var/log/install
+sudo chown loginuser:loginuser -R /home/loginuser >>/var/log/install 2>&1 && print_status "File permissions for 'loginuser' set"
+sudo chown wis:wis -R /home/wis >>/var/log/install 2>&1 && print_status "File permissions for 'wis' set"
+sudo chmod +x /usr/bin/custom/hostname /usr/bin/custom/chromium-monitor /usr/bin/custom/watchdog-monitor /sbin/overlayRoot.sh >>/var/log/install 2>&1 && print_status "Permissions for script files set"
+sudo usermod -aG video loginuser >>/var/log/install 2>&1 && print_status "Permissions for 'loginuser' set"
+echo -e "${RED}→${NC} Setting permissions for 'loginuser'..." | tee -a /var/log/install
+sudo tee /etc/sudoers.d/loginuser >>/var/log/install 2>&1 && print_status "Sudo rights for 'loginuser' set" << 'EOF'
+loginuser ALL=(ALL) NOPASSWD: /usr/bin/systemctl stop chromium-monitor, /usr/bin/systemctl start chromium-monitor
+loginuser ALL=(ALL) NOPASSWD: /usr/bin/systemctl stop watchdog-monitor, /usr/bin/systemctl start watchdog-monitor
+loginuser ALL=(ALL) NOPASSWD: /usr/bin/cat /var/lib/dhcp/*
+loginuser ALL=(ALL) NOPASSWD: /usr/bin/cp /etc/watchdog.conf /etc/watchdog.conf.bak
+loginuser ALL=(ALL) NOPASSWD: /usr/bin/tee /etc/watchdog.conf, /usr/bin/tee -a /etc/watchdog.conf
+loginuser ALL=(ALL) NOPASSWD: /usr/bin/sed -i
+loginuser ALL=(ALL) NOPASSWD: /usr/bin/sed -r 's/[x]+/,/g'
+loginuser ALL=(ALL) NOPASSWD: /usr/bin/fbset -s
+loginuser ALL=(ALL) NOPASSWD: /usr/bin/hostnamectl set-hostname
+loginuser ALL=(ALL) NOPASSWD: /usr/sbin/dhclient eth0
+loginuser ALL=(ALL) NOPASSWD: /usr/sbin/reboot
+EOF 
 
-echo -e "${RED}→${NC} Creating log files..."
+# Disable root
+echo -e "${RED}→${NC} Disabling root login..." | tee -a /var/log/install
+sudo tee /etc/ssh/sshd_config >/dev/null << 'EOF'
+PermitRootLogin no
+EOF
+sudo passwd -l root >>/var/log/install 2>&1 && print_status "Root login disabled"
+
+# Setup logs
+echo -e "${RED}→${NC} Creating log files..." | tee -a /var/log/install
 sudo touch /var/log/watchdog.log /var/log/chromium-monitor.log /var/log/hostname.log >>/var/log/install 2>&1 && print_status "Log files created"
 sudo chown loginuser:loginuser /var/log/watchdog.log /var/log/chromium-monitor.log /var/log/hostname.log >>/var/log/install 2>&1 && print_status "Ownership set for log files"
 sudo chmod 777 /var/log/watchdog.log /var/log/chromium-monitor.log /var/log/hostname.log >>/var/log/install 2>&1 && print_status "Permissions set for log files"
-sudo chmod +x /usr/bin/custom/* >>/var/log/install 2>&1 && print_status "Permissions set for script files"
 
-echo -e "${RED}→${NC} Enabling services..."
+# Configure services
+echo -e "${RED}→${NC} Configure services..." | tee -a /var/log/install
 sudo systemctl daemon-reload >>/var/log/install 2>&1 && print_status "Daemon reloaded"
-sudo systemctl enable hostname watchdog chromium-monitor vncserver-x11-serviced.service getty@tty1 >>/var/log/install 2>&1 && print_status "Services enabled"
+sudo systemctl enable hostname chromium-monitor getty@tty1 >>/var/log/install 2>&1 && print_status "Services enabled"
+sudo systemctl disable watchdog >>/var/log/install 2>&1 && print_status "Watchdog disabled"
 sudo systemctl restart getty@tty1 >>/var/log/install 2>&1 && print_status "getty service restarted"
 
-echo -e "${RED}→${NC} Do you want to clean up unused kernels? (yes/y/ye to proceed):"
-read -r clean_kernels
-if [[ "$clean_kernels" =~ ^[Yy](e[Ss]?)?$ ]]; then
-    echo -e "${RED}→${NC} Cleaning up unused kernels..."
-    sudo bash /root/remove_unused_kernel.sh -u -e >>/var/log/install 2>&1 && print_status "Unused kernels cleaned up"
-else
-    echo -e "${RED}→${NC} Skipping unused kernel cleanup..."
-    print_status "Cleanup has been skipped" >> /var/log/install 2>&1
-fi
+# Set performance
+echo -e "${RED}→${NC} Configure performance teaks..." | tee -a /var/log/install
+echo "performance" | sudo tee /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor >>/var/log/install 2>&1 && print_status "CPU set to high"
+sudo systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target >>/var/log/install 2>&1 && print_status "Powercfg off"
 
-echo -e "${RED}→${NC} Configuring Overlayroot..."
-CONFIG_FILE="/etc/overlayroot.conf"
-echo 'overlayroot_cfgdisk="disabled"' | sudo tee "$CONFIG_FILE"
-echo 'overlayroot=""' | sudo tee -a "$CONFIG_FILE"
-read -p "Do you want to activate overlayfs? (y/n): " -r
-if [[ $REPLY =~ ^[Yy](e[Ss]?)?$ ]]; then
-    echo 'overlayroot="tmpfs:overlayfs"' | sudo tee -a "$CONFIG_FILE"
-    sudo raspi-config nonint do_overlayroot 0 >>/var/log/install 2>&1 && print_status "Overlayroot enabled in raspi-config"
-    print_status "Overlayroot has been activated." >> /var/log/install 2>&1
-else
-    echo 'overlayroot=""' | sudo tee -a "$CONFIG_FILE"
-    echo -e "${RED}✖${NC} Overlayroot has not been activated." >> /var/log/install 2>&1
-fi
-
-echo -e "${RED}→${NC} Cleaning up installer..."
+# Clean
+echo -e "${RED}→${NC} Cleaning up installer..." | tee -a /var/log/install
 sudo rm -rf ./rps-client >>/var/log/install 2>&1 && print_status "Installer cleaned up"
 
-echo -e "${GREEN}✔${NC} Installation complete. Press any key to reboot..." >> /var/log/install 2>&1
+# Configure VNC-Client
+echo -e "${RED}→${NC} Configuring VNC..." | tee -a /var/log/install
+sudo systemctl enable vncserver-x11-serviced.service >>/var/log/install 2>&1 && print_status "VNC service enabled"
+sudo systemctl start vncserver-x11-serviced.service >>/var/log/install 2>&1 && print_status "VNC service started"
+CONFIG_FILE="/root/.vnc/config.d/vncserver-x11"
+if [ ! -d "$(dirname "$CONFIG_FILE")" ]; then
+    mkdir -p "$(dirname "$CONFIG_FILE")"
+    echo -e "${GREEN}✔${NC} Created directory for VNC config." | tee -a /var/log/install
+fi
+echo -e "${RED}→${NC} Do you want to set a VNC password? (y/n):" | tee -a /var/log/install
+read -r config_vnc
+if [[ "$config_vnc" =~ ^[Yy](e[Ss]?)?$ ]]; then
+    vncpasswd
+    echo -e "${GREEN}✔${NC} VNC password has been set." | tee -a /var/log/install
+else
+    echo -e "${GREEN}✔${NC} No VNC password will be set." | tee -a /var/log/install
+fi
+if [ "$(vncpasswd -o)" = 'none' ]; then
+    echo "Authentication=none" >> "$CONFIG_FILE"
+    echo "Geometry=1920x1080" >> "$CONFIG_FILE"
+    echo "#  Version 1.0:" >> "$CONFIG_FILE"
+    echo "#  Created 2024 by Tim Eertmoed, Christian Hampp @ WiS IT-Solutions GmbH, Germany to work on Raspbian as custom PXE init script." >> "$CONFIG_FILE"
+    print_status "VNC config set to no authentication with geometry 1920x1080." >> /var/log/install 2>&1
+else
+    echo "Authentication=none" >> "$CONFIG_FILE"
+    echo "Geometry=1920x1080" >> "$CONFIG_FILE"
+    echo "#  Version 1.0:" >> "$CONFIG_FILE"
+    echo "#  Created 2024 by Tim Eertmoed, Christian Hampp @ WiS IT-Solutions GmbH, Germany to work on Raspbian as custom PXE init script." >> "$CONFIG_FILE"
+    print_status "VNC password is set. Authentication will be required." >> /var/log/install 2>&1
+fi
+
+# Remove old kernels
+echo -e "${RED}→${NC} Do you want to clean up unused kernels? (y/n):" | tee -a /var/log/install
+read -r clean_kernels
+if [[ "$clean_kernels" =~ ^[Yy](e[Ss]?)?$ ]]; then
+    echo -e "${RED}→${NC} Cleaning up unused kernels..." | tee -a /var/log/install
+    echo -e "y\ny" | sudo bash ./root/remove_unused_kernel.sh -u -e >>/var/log/install 2>&1 && print_status "Unused kernels cleaned up"
+else
+    echo -e "${RED}→${NC} Skipping unused kernel cleanup..." | tee -a /var/log/install
+    echo -e "${GREEN}✔${NC} Cleanup has been skipped" | tee -a /var/log/install
+fi
+
+# Finish
+echo -e "${GREEN}✔${NC} Installation complete. Press any key to exit..." | tee -a /var/log/install 2>&1
 read -n 1 -s
-sudo reboot
-
-
-echo "performance" | sudo tee /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
-sudo systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
 
 # Version 1.2:
-# Created 2024 by Tim Eertmoed, Christian Hampp @ WiS IT-Solutions GmbH, Germany to work on Raspian as custom pxe init script.
+# Created 2024 by Tim Eertmoed, Christian Hampp @ WiS IT-Solutions GmbH, Germany to work on Raspian as custom pxe init script.

root/.ssh/id_rsa.pub

@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCYDmONGe644a3bWKAyX1W704B8fCwlj4x/QjwyJX6gKpX2hmtrxZtusK729wTxP0lr1Gzll9A8LAEGqW5/sxxJqwtYDMOEfINsgE8fmvg9XSmJ9t5zOxJAuQfJB/dmE2a2mX3VSH740czvJ6NKlf9BUeu+41ZZUilyHngfgpVxEIED/6ZHRrkMUfaY09IfvwmNiYPTtK4cufLBdeEoNJPQvYdY1i+N+cJstUzlDRs179w8CqLPuPhIb0iQ3WO1S1XXQH4vUm4MaMmK+hDR4J/pfhuI3DXulwE04rZFU2izXQwl5VdYLv8w31gcegyRz68p+LprusY4QiDP62yaUCTE6JdrjjQSxbEag+OqCzozfvoO+SxMdWsxg2eViM4sKTODc0cQBSA4HJcDWeag5LU9k4WGeuVVj8BCCBqh+93IqylqyK7AKMztVZNiftSBEbfK8ZoHawg5PM26LtCTz6YcmGhn/dHpcpyC8606+SHSTl5YinDaRjarCBM4nppD3o5pizVFKutI28Ys3wkVAe96njnJqIi/J5tNQgrbJmteCE3/9SWhpsXjnuZX1RaZYLE3bBg8Gisz/sm7rN3acVXe6QD03PIxwn9Xp8r3avzDkQKo4vqxoYK6JF6j3vs+U4WLElq+NtvuMewfAWF2cgL2quognLWUM5s0p1/zLzxa8w==