# reTerminal DM4 — Backup Device Configuration Audit > **Date:** 2026-02-23 > **Source device:** 10.20.50.147 (via jump host 10.20.30.153) > **Purpose:** Document all manual configuration found on the old backup image. --- ## 1. Operating System | Property | Value | |----------|-------| | **Distro** | Debian GNU/Linux 13 (trixie) — full version 13.2 | | **Kernel** | 6.12.62+rpt-rpi-v8 (aarch64, PREEMPT, Raspberry Pi patched) | | **Hardware** | Raspberry Pi Compute Module 4 Rev 1.1 | | **Hostname** | `raspberrypi` (not changed from default) | | **Locale** | `en_US.UTF-8` (all categories) | | **Timezone** | `Asia/Nicosia` (EET, +0200) | | **NTP** | Active via `systemd-timesyncd` | | **Root filesystem** | `/dev/mmcblk0p2` ext4, 29 GB total, 11 GB used (39%) | | **Boot partition** | `/dev/mmcblk0p1` vfat, mounted at `/boot/firmware` | | **Swap** | zram0, ~2 GB (compressed RAM swap) | | **RAM** | 7.6 GiB total | --- ## 2. User Accounts | User | UID | Shell | Home | Notes | |------|-----|-------|------|-------| | `pi` | 1000 | `/bin/bash` | `/home/pi` | Primary user, passwordless sudo | | `root` | 0 | `/bin/bash` | `/root` | Standard | | `lightdm` | 104 | `/bin/false` | `/var/lib/lightdm` | Display manager service account | ### pi user groups `pi adm dialout cdrom sudo audio video plugdev games users input render netdev spi i2c gpio lpadmin` ### Sudoers - `pi ALL=(ALL) NOPASSWD: ALL` — full passwordless sudo. --- ## 3. Boot Configuration ### `/boot/firmware/config.txt` Key non-default settings: ```ini # Hardware interfaces dtparam=audio=on dtparam=i2c_arm=on dtparam=i2c_vc=on dtparam=i2s=on dtparam=spi=on enable_uart=1 # Display display_auto_detect=0 # DSI auto-detect disabled (manual overlay) disable_fw_kms_setup=1 max_framebuffers=2 disable_overscan=1 ignore_lcd=1 # CM4 USB host mode otg_mode=1 # [cm4] section # Antenna dtparam=ant2 # External antenna # Overlays dtoverlay=dwc2,dr_mode=host dtoverlay=i2c1,pins_2_3 dtoverlay=i2c3,pins_4_5 dtoverlay=imx219,cam0 # Camera module dtoverlay=vc4-kms-v3d # GPU/KMS driver dtoverlay=reTerminal-DM # Seeed reTerminal DM overlay ``` ### `/boot/firmware/cmdline.txt` ``` console=tty1 root=PARTUUID=5c5604eb-02 rootfstype=ext4 fsck.repair=yes rootwait quiet splash plymouth.ignore-serial-consoles cfg80211.ieee80211_regdom=CY logo.nologo vt.global_cursor_default=0 console=tty3 loglevel=0 ``` Notable flags: - `quiet splash` — silent boot with Plymouth splash - `cfg80211.ieee80211_regdom=CY` — WiFi regulatory domain set to Cyprus - `logo.nologo` — kernel logo hidden - `vt.global_cursor_default=0` — no blinking cursor on VT - `console=tty3 loglevel=0` — boot messages redirected, minimal logging ### Device Tree Overlay The Seeed `reTerminal-DM.dtbo` overlay is installed at `/boot/firmware/overlays/reTerminal-DM.dtbo`. --- ## 4. Display & Desktop Environment ### Session Stack | Component | Value | |-----------|-------| | **Display manager** | LightDM 1.32.0 | | **Greeter** | `pi-greeter-labwc` | | **User session** | `rpd-labwc` (Raspberry Pi Desktop on Wayland) | | **Compositor** | labwc 0.9.2 (wlroots 0.19-based Wayland compositor) | | **XWayland** | Running for X11 app compatibility | ### LightDM Configuration (`/etc/lightdm/lightdm.conf`) ```ini [Seat:*] greeter-session=pi-greeter-labwc greeter-hide-users=false user-session=rpd-labwc display-setup-script=/usr/share/dispsetup.sh autologin-user=pi autologin-session=rpd-labwc ``` - Auto-login enabled for user `pi`. - Display setup script is a no-op (`exit 0`). ### Display Rotation — kanshi `/home/pi/.config/kanshi/config`: ``` profile { output DSI-1 enable scale 1.000000 mode 800x1280@60.000 position 0,0 transform 270 } ``` The DSI display (800x1280 native portrait) is rotated 270 degrees to landscape (1280x800). ### Touchscreen Mapping — labwc `/home/pi/.config/labwc/rc.xml`: ```xml ``` The Goodix capacitive touchscreen is mapped to DSI-1 output with mouse emulation disabled. ### labwc Theme - Theme: **PiXonyx** (dark variant) - Font: **Nunito Sans Light 12** (both active and inactive windows) - Title bar colors: `#76747C` background, `#F6F5F4` text ### Panel — wf-panel-pi `/home/pi/.config/wf-panel-pi/wf-panel-pi.ini`: ```ini [panel] position=top icon_size=32 window-list_max_width=200 monitor=DSI-1 ``` ### labwc Environment `/home/pi/.config/labwc/environment`: ``` XKB_DEFAULT_MODEL=pc105 XKB_DEFAULT_LAYOUT=us XCURSOR_SIZE=24 ``` ### GTK Theme - GTK3: `Breeze` - GTK2: (default — `.gtkrc-2.0` is mostly empty) - dconf `gtk-theme`: `Breeze` - dconf `font-name`: `Nunito Sans Light 12` - dconf `cursor-size`: `24` --- ## 5. Plymouth Boot Splash - **Active theme:** `custom` - **Theme path:** `/usr/share/plymouth/themes/custom/` - **Splash image:** `splash.png` (210 KB) - **Script:** `custom.script` — scales `splash.png` to fit screen while maintaining aspect ratio; only shows during boot (not shutdown) --- ## 6. Chromium Kiosk Setup ### Autostart `/home/pi/.config/autostart/chromium-kiosk.desktop`: ```ini [Desktop Entry] Type=Application Name=Chromium Fullscreen Exec=/home/pi/start-chromium.sh ``` ### Launcher Script `/home/pi/start-chromium.sh` — key behaviour: 1. Sets `GDK_BACKEND=x11` and unsets `WAYLAND_DISPLAY` (forces X11 via XWayland) 2. Waits for the desktop environment (pcmanfm/lxsession/xfdesktop) to appear 3. Launches Chromium with: - `--start-fullscreen --noerrdialogs --disable-infobars` - `--disable-session-crashed-bubble --disable-restore-session-state` - `--no-first-run --password-store=basic --use-mock-keychain` - `--ozone-platform=x11` - `--app=http://127.0.0.1:8080` (GNSS Guard web dashboard) 4. After launch, uses `wmctrl` to force the window fullscreen ### Chromium Version `chromium 143.0.7499.169` (Debian trixie + RPi patches) --- ## 7. GNSS Guard Application ### Service `/etc/systemd/system/gnss-guard.service`: ```ini [Service] Type=simple User=pi WorkingDirectory=/home/pi/tm-gnss-guard ExecStart=/home/pi/tm-gnss-guard/.venv/bin/python /home/pi/tm-gnss-guard/main.py Restart=always RestartSec=10 ``` - Runs as user `pi`, restarts on failure. - Logs to `/home/pi/tm-gnss-guard/gnss_guard.log` (currently ~207 MB). ### Configuration (`.env.prod`) | Setting | Value | |---------|-------| | **Asset name** | `OFFICE_LAB` | | **Iteration period** | 30 seconds | | **Stale threshold** | 60 seconds | | **Validation threshold** | 200 meters | | **TM AIS GPS** | Enabled — `https://localhost:8443/location` | | **Starlink GPS** | Enabled — `10.130.60.70:9200` | | **NMEA Primary** | Enabled — `10.130.60.61:4001` | | **NMEA Secondary** | Enabled — `10.130.60.61:4002` | | **Web dashboard** | Enabled — `0.0.0.0:8080` | | **Demo mode** | `true` | | **Server sync** | Enabled — `https://gnss.tototheo.com` | | **DB path** | `data/gnss_guard.db` | ### Python Dependencies ``` grpcio, grpcio-tools, protobuf, yagrc, typing-extensions, requests, python-dotenv, Flask, pandas, numpy, folium ``` ### Web Dashboard Listening on port **8080** (all interfaces). Chromium connects to `http://127.0.0.1:8080` in kiosk mode. --- ## 8. Network Configuration ### Interfaces | Interface | Status | Address | Notes | |-----------|--------|---------|-------| | `eth0` | UP | `10.20.50.147/24` | DHCP, default route via `10.20.50.1` | | `wlan0` | DOWN | — | WiFi available but not connected | | `can0` | DOWN | — | CAN bus interface (reTerminal DM hardware) | ### NetworkManager Manages networking. Two saved WiFi connections: 1. **RUT_C56F_2G** — WPA-PSK, `wlan0` 2. **iPhone Shulm** — WPA-PSK, `wlan0` ### DNS `10.130.60.1` (via NetworkManager/DHCP) ### DHCP Client `dhcpcd` config is present but NetworkManager is the active manager. --- ## 9. SSH Configuration - OpenSSH server enabled (`ssh.service`) - Standard config: `KbdInteractiveAuthentication no`, `UsePAM yes`, `X11Forwarding yes` - `regenerate_ssh_host_keys.service` enabled (cloud-init key regen) --- ## 10. VNC (WayVNC) - **wayvnc.service** — enabled and running - **wayvnc-control.service** — enabled and running - Listening on port **5900** (all interfaces) - Runs as user `vnc` with GPU acceleration (`--gpu`) - Uses Wayland native VNC (no X11 dependency) --- ## 11. Cloud-Init - Cloud-init is **installed and enabled** (all 5 stages: local, network, config, main, final) - Status: `done` - `/boot/firmware/user-data` contains the default template (all commented out, no active config) --- ## 12. Hardware & Peripherals ### I2C Devices (bus 1) | Address | Status | |---------|--------| | `0x18` | In use (UU) | | `0x21` | In use (UU) | | `0x29` | In use (UU) | ### USB Devices | Device | Description | |--------|-------------| | USB Hub | Microchip 2514 (x2, chained) | | Serial | QinHeng CH34x USB Dual Serial | ### Kernel Modules (notable) | Module | Purpose | |--------|---------| | `goodix_ts` | Capacitive touchscreen driver | | `imx219` | Camera module driver | | `mcp251xfd` | CAN bus controller (SPI) | | `ch34x` | USB-to-serial converter | | `brcmfmac` | Broadcom WiFi | | `hci_uart` | Bluetooth UART | | `spidev` | SPI userspace interface | ### Serial Ports - `/dev/ttyS0` — hardware UART (enabled via `enable_uart=1`) ### DRM Devices - `card0`, `card1` — GPU outputs - `renderD128` — GPU render node --- ## 13. Other Installed Software | Package | Purpose | |---------|---------| | `maliit-keyboard` | On-screen virtual keyboard (Wayland-native) | | `wmctrl` | X11 window manipulation (used by Chromium launcher) | | `wlr-randr` | Wayland output configuration tool | | `swaybg` | Wayland wallpaper setter | | `xinput` | X input device configuration | | `libgtk-layer-shell0` | GTK layer-shell support (for overlay windows) | | `python3-gi` / `python3-gi-cairo` | Python GObject Introspection bindings | | `plasma-browser-integration` | KDE Plasma ↔ Chromium integration | | `wayvnc` | Wayland-native VNC server | | `autotouch` | Automatic touchscreen association for labwc | --- ## 14. Additional Files in Home Directory | File/Dir | Purpose | |----------|---------| | `start-chromium.sh` | Chromium kiosk launcher (see section 6) | | `revert-to-lxde.sh` | Script to switch back to LXDE desktop | | `auto-fit-page.js` | JS helper for page fitting (likely Chromium extension) | | `auto-scale-page.js` | JS helper for page scaling | | `tm-gnss-guard/` | GNSS Guard application (see section 7) | | `buzzer/` | Buzzer test scripts (`test_buzzer.py`, `test_buzzer.sh`) | | `desktop-backup/` | Backup of previous desktop session config | | `os_backup/` | OS backup related files | --- ## 15. Services Summary ### Custom / Non-Default Enabled Services | Service | Description | |---------|-------------| | `gnss-guard.service` | TM GNSS Guard — GPS monitoring (custom) | | `lightdm.service` | Display manager with auto-login | | `wayvnc.service` | VNC server for remote access | | `wayvnc-control.service` | VNC control companion service | | `cloud-init (5 units)` | Cloud-init first-boot provisioning | | `ModemManager.service` | Modem management | | `NetworkManager.service` | Network management | | `bluetooth.service` | Bluetooth | | `ssh.service` | SSH server | | `cups.service` | Printing (probably not needed for kiosk) | | `nfs-blkmap.service` | NFS block mapping (probably not needed) | | `rpcbind.service` | RPC port mapper (probably not needed) | | `smartmontools.service` | Disk SMART monitoring | ### Listening Ports | Port | Service | Binding | |------|---------|---------| | 22 | SSH | `0.0.0.0` | | 631 | CUPS | `127.0.0.1` | | 1716 | KDE Connect | `*` | | 5900 | WayVNC | `*` | | 8080 | GNSS Guard web | `0.0.0.0` | --- ## 16. Key Differences from Automated Provisioning Comparing to the current `first-boot.conf`, this backup image has: 1. **Hostname:** Still `raspberrypi` — the automated flow sets it to `guard` 2. **Desktop session:** Using `rpd-labwc` (same as automated target) 3. **Chromium launcher:** Manual script at `/home/pi/start-chromium.sh` using X11/XWayland, while the automated flow uses a Wayland-native approach 4. **Display rotation:** Configured via kanshi (same 270 degree rotation) 5. **Touchscreen:** Mapped in labwc `rc.xml` (same Goodix → DSI-1 mapping) 6. **Plymouth:** Custom theme installed manually 7. **GNSS Guard:** Deployed from separate repo, running as systemd service 8. **Theme:** labwc PiXonyx + GTK Breeze (mixed); automated flow uses PiXnoir 9. **WiFi regulatory:** Set to CY (Cyprus) in cmdline.txt 10. **CUPS / NFS / rpcbind:** Installed but likely unnecessary for kiosk deployment