nearxos/reterminal-dm4
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8233304ee2679dc6c95afa59d2ff0129b212635c
reterminal-dm4/emmc-provisioning/docs/BACKUP-DEVICE-CONFIG-AUDIT.md
nearxos 808fbf5c7c Refactor golden image handling in backup upload process</message> 
<message>Update the _set_golden_from_path function to improve the handling of existing golden image files. Replace the existing unlink logic with a more robust method that safely removes files or broken symlinks using the missing_ok parameter. This change enhances the reliability of the backup upload process by ensuring that stale references are properly cleared before setting a new golden image path.
2026-02-24 00:19:40 +02:00

12 KiB
Raw Blame History

reTerminal DM4 — Backup Device Configuration Audit

Date: 2026-02-23
Source device: 10.20.50.147 (via jump host 10.20.30.153)
Purpose: Document all manual configuration found on the old backup image.

1. Operating System

Property Value
Distro Debian GNU/Linux 13 (trixie) — full version 13.2
Kernel 6.12.62+rpt-rpi-v8 (aarch64, PREEMPT, Raspberry Pi patched)
Hardware Raspberry Pi Compute Module 4 Rev 1.1
Hostname raspberrypi (not changed from default)
Locale en_US.UTF-8 (all categories)
Timezone Asia/Nicosia (EET, +0200)
NTP Active via systemd-timesyncd
Root filesystem /dev/mmcblk0p2 ext4, 29 GB total, 11 GB used (39%)
Boot partition /dev/mmcblk0p1 vfat, mounted at /boot/firmware
Swap zram0, ~2 GB (compressed RAM swap)
RAM 7.6 GiB total

2. User Accounts

User UID Shell Home Notes
pi 1000 /bin/bash /home/pi Primary user, passwordless sudo
root 0 /bin/bash /root Standard
lightdm 104 /bin/false /var/lib/lightdm Display manager service account

pi user groups

pi adm dialout cdrom sudo audio video plugdev games users input render netdev spi i2c gpio lpadmin

Sudoers

  • pi ALL=(ALL) NOPASSWD: ALL — full passwordless sudo.

3. Boot Configuration

/boot/firmware/config.txt

Key non-default settings:

# Hardware interfaces
dtparam=audio=on
dtparam=i2c_arm=on
dtparam=i2c_vc=on
dtparam=i2s=on
dtparam=spi=on
enable_uart=1

# Display
display_auto_detect=0          # DSI auto-detect disabled (manual overlay)
disable_fw_kms_setup=1
max_framebuffers=2
disable_overscan=1
ignore_lcd=1

# CM4 USB host mode
otg_mode=1                     # [cm4] section

# Antenna
dtparam=ant2                   # External antenna

# Overlays
dtoverlay=dwc2,dr_mode=host
dtoverlay=i2c1,pins_2_3
dtoverlay=i2c3,pins_4_5
dtoverlay=imx219,cam0          # Camera module
dtoverlay=vc4-kms-v3d          # GPU/KMS driver
dtoverlay=reTerminal-DM        # Seeed reTerminal DM overlay

/boot/firmware/cmdline.txt

console=tty1 root=PARTUUID=5c5604eb-02 rootfstype=ext4 fsck.repair=yes rootwait
quiet splash plymouth.ignore-serial-consoles cfg80211.ieee80211_regdom=CY
logo.nologo vt.global_cursor_default=0 console=tty3 loglevel=0

Notable flags:

  • quiet splash — silent boot with Plymouth splash
  • cfg80211.ieee80211_regdom=CY — WiFi regulatory domain set to Cyprus
  • logo.nologo — kernel logo hidden
  • vt.global_cursor_default=0 — no blinking cursor on VT
  • console=tty3 loglevel=0 — boot messages redirected, minimal logging

Device Tree Overlay

The Seeed reTerminal-DM.dtbo overlay is installed at /boot/firmware/overlays/reTerminal-DM.dtbo.

4. Display & Desktop Environment

Session Stack

Component Value
Display manager LightDM 1.32.0
Greeter pi-greeter-labwc
User session rpd-labwc (Raspberry Pi Desktop on Wayland)
Compositor labwc 0.9.2 (wlroots 0.19-based Wayland compositor)
XWayland Running for X11 app compatibility

LightDM Configuration (/etc/lightdm/lightdm.conf)

[Seat:*]
greeter-session=pi-greeter-labwc
greeter-hide-users=false
user-session=rpd-labwc
display-setup-script=/usr/share/dispsetup.sh
autologin-user=pi
autologin-session=rpd-labwc
  • Auto-login enabled for user pi.
  • Display setup script is a no-op (exit 0).

Display Rotation — kanshi

/home/pi/.config/kanshi/config:

profile {
    output DSI-1 enable scale 1.000000 mode 800x1280@60.000 position 0,0 transform 270
}

The DSI display (800x1280 native portrait) is rotated 270 degrees to landscape (1280x800).

Touchscreen Mapping — labwc

/home/pi/.config/labwc/rc.xml:

<touch deviceName="10-005d Goodix Capacitive TouchScreen" mapToOutput="DSI-1" mouseEmulation="no"/>

The Goodix capacitive touchscreen is mapped to DSI-1 output with mouse emulation disabled.

labwc Theme

  • Theme: PiXonyx (dark variant)
  • Font: Nunito Sans Light 12 (both active and inactive windows)
  • Title bar colors: #76747C background, #F6F5F4 text

Panel — wf-panel-pi

/home/pi/.config/wf-panel-pi/wf-panel-pi.ini:

[panel]
position=top
icon_size=32
window-list_max_width=200
monitor=DSI-1

labwc Environment

/home/pi/.config/labwc/environment:

XKB_DEFAULT_MODEL=pc105
XKB_DEFAULT_LAYOUT=us
XCURSOR_SIZE=24

GTK Theme

  • GTK3: Breeze
  • GTK2: (default — .gtkrc-2.0 is mostly empty)
  • dconf gtk-theme: Breeze
  • dconf font-name: Nunito Sans Light 12
  • dconf cursor-size: 24

5. Plymouth Boot Splash

  • Active theme: custom
  • Theme path: /usr/share/plymouth/themes/custom/
  • Splash image: splash.png (210 KB)
  • Script: custom.script — scales splash.png to fit screen while maintaining aspect ratio; only shows during boot (not shutdown)

6. Chromium Kiosk Setup

Autostart

/home/pi/.config/autostart/chromium-kiosk.desktop:

[Desktop Entry]
Type=Application
Name=Chromium Fullscreen
Exec=/home/pi/start-chromium.sh

Launcher Script

/home/pi/start-chromium.sh — key behaviour:

  1. Sets GDK_BACKEND=x11 and unsets WAYLAND_DISPLAY (forces X11 via XWayland)
  2. Waits for the desktop environment (pcmanfm/lxsession/xfdesktop) to appear
  3. Launches Chromium with:
    • --start-fullscreen --noerrdialogs --disable-infobars
    • --disable-session-crashed-bubble --disable-restore-session-state
    • --no-first-run --password-store=basic --use-mock-keychain
    • --ozone-platform=x11
    • --app=http://127.0.0.1:8080 (GNSS Guard web dashboard)
  4. After launch, uses wmctrl to force the window fullscreen

Chromium Version

chromium 143.0.7499.169 (Debian trixie + RPi patches)

7. GNSS Guard Application

Service

/etc/systemd/system/gnss-guard.service:

[Service]
Type=simple
User=pi
WorkingDirectory=/home/pi/tm-gnss-guard
ExecStart=/home/pi/tm-gnss-guard/.venv/bin/python /home/pi/tm-gnss-guard/main.py
Restart=always
RestartSec=10
  • Runs as user pi, restarts on failure.
  • Logs to /home/pi/tm-gnss-guard/gnss_guard.log (currently ~207 MB).

Configuration (.env.prod)

Setting Value
Asset name OFFICE_LAB
Iteration period 30 seconds
Stale threshold 60 seconds
Validation threshold 200 meters
TM AIS GPS Enabled — https://localhost:8443/location
Starlink GPS Enabled — 10.130.60.70:9200
NMEA Primary Enabled — 10.130.60.61:4001
NMEA Secondary Enabled — 10.130.60.61:4002
Web dashboard Enabled — 0.0.0.0:8080
Demo mode true
Server sync Enabled — https://gnss.tototheo.com
DB path data/gnss_guard.db

Python Dependencies

grpcio, grpcio-tools, protobuf, yagrc, typing-extensions,
requests, python-dotenv, Flask, pandas, numpy, folium

Web Dashboard

Listening on port 8080 (all interfaces). Chromium connects to http://127.0.0.1:8080 in kiosk mode.

8. Network Configuration

Interfaces

Interface Status Address Notes
eth0 UP 10.20.50.147/24 DHCP, default route via 10.20.50.1
wlan0 DOWN WiFi available but not connected
can0 DOWN CAN bus interface (reTerminal DM hardware)

NetworkManager

Manages networking. Two saved WiFi connections:

  1. RUT_C56F_2G — WPA-PSK, wlan0
  2. iPhone Shulm — WPA-PSK, wlan0

DNS

10.130.60.1 (via NetworkManager/DHCP)

DHCP Client

dhcpcd config is present but NetworkManager is the active manager.

9. SSH Configuration

  • OpenSSH server enabled (ssh.service)
  • Standard config: KbdInteractiveAuthentication no, UsePAM yes, X11Forwarding yes
  • regenerate_ssh_host_keys.service enabled (cloud-init key regen)

10. VNC (WayVNC)

  • wayvnc.service — enabled and running
  • wayvnc-control.service — enabled and running
  • Listening on port 5900 (all interfaces)
  • Runs as user vnc with GPU acceleration (--gpu)
  • Uses Wayland native VNC (no X11 dependency)

11. Cloud-Init

  • Cloud-init is installed and enabled (all 5 stages: local, network, config, main, final)
  • Status: done
  • /boot/firmware/user-data contains the default template (all commented out, no active config)

12. Hardware & Peripherals

I2C Devices (bus 1)

Address Status
0x18 In use (UU)
0x21 In use (UU)
0x29 In use (UU)

USB Devices

Device Description
USB Hub Microchip 2514 (x2, chained)
Serial QinHeng CH34x USB Dual Serial

Kernel Modules (notable)

Module Purpose
goodix_ts Capacitive touchscreen driver
imx219 Camera module driver
mcp251xfd CAN bus controller (SPI)
ch34x USB-to-serial converter
brcmfmac Broadcom WiFi
hci_uart Bluetooth UART
spidev SPI userspace interface

Serial Ports

  • /dev/ttyS0 — hardware UART (enabled via enable_uart=1)

DRM Devices

  • card0, card1 — GPU outputs
  • renderD128 — GPU render node

13. Other Installed Software

Package Purpose
maliit-keyboard On-screen virtual keyboard (Wayland-native)
wmctrl X11 window manipulation (used by Chromium launcher)
wlr-randr Wayland output configuration tool
swaybg Wayland wallpaper setter
xinput X input device configuration
libgtk-layer-shell0 GTK layer-shell support (for overlay windows)
python3-gi / python3-gi-cairo Python GObject Introspection bindings
plasma-browser-integration KDE Plasma ↔ Chromium integration
wayvnc Wayland-native VNC server
autotouch Automatic touchscreen association for labwc

14. Additional Files in Home Directory

File/Dir Purpose
start-chromium.sh Chromium kiosk launcher (see section 6)
revert-to-lxde.sh Script to switch back to LXDE desktop
auto-fit-page.js JS helper for page fitting (likely Chromium extension)
auto-scale-page.js JS helper for page scaling
tm-gnss-guard/ GNSS Guard application (see section 7)
buzzer/ Buzzer test scripts (test_buzzer.py, test_buzzer.sh)
desktop-backup/ Backup of previous desktop session config
os_backup/ OS backup related files

15. Services Summary

Custom / Non-Default Enabled Services

Service Description
gnss-guard.service TM GNSS Guard — GPS monitoring (custom)
lightdm.service Display manager with auto-login
wayvnc.service VNC server for remote access
wayvnc-control.service VNC control companion service
cloud-init (5 units) Cloud-init first-boot provisioning
ModemManager.service Modem management
NetworkManager.service Network management
bluetooth.service Bluetooth
ssh.service SSH server
cups.service Printing (probably not needed for kiosk)
nfs-blkmap.service NFS block mapping (probably not needed)
rpcbind.service RPC port mapper (probably not needed)
smartmontools.service Disk SMART monitoring

Listening Ports

Port Service Binding
22 SSH 0.0.0.0
631 CUPS 127.0.0.1
1716 KDE Connect *
5900 WayVNC *
8080 GNSS Guard web 0.0.0.0

16. Key Differences from Automated Provisioning

Comparing to the current first-boot.conf, this backup image has:

  1. Hostname: Still raspberrypi — the automated flow sets it to guard
  2. Desktop session: Using rpd-labwc (same as automated target)
  3. Chromium launcher: Manual script at /home/pi/start-chromium.sh using X11/XWayland, while the automated flow uses a Wayland-native approach
  4. Display rotation: Configured via kanshi (same 270 degree rotation)
  5. Touchscreen: Mapped in labwc rc.xml (same Goodix → DSI-1 mapping)
  6. Plymouth: Custom theme installed manually
  7. GNSS Guard: Deployed from separate repo, running as systemd service
  8. Theme: labwc PiXonyx + GTK Breeze (mixed); automated flow uses PiXnoir
  9. WiFi regulatory: Set to CY (Cyprus) in cmdline.txt
  10. CUPS / NFS / rpcbind: Installed but likely unnecessary for kiosk deployment