nearxos/reterminal-dm4
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b5134098c083bcee309e64af48385417f12b79a7
reterminal-dm4/emmc-provisioning/docs/BACKUP-DEVICE-CONFIG-AUDIT.md
nearxos 808fbf5c7c Refactor golden image handling in backup upload process</message> 
<message>Update the _set_golden_from_path function to improve the handling of existing golden image files. Replace the existing unlink logic with a more robust method that safely removes files or broken symlinks using the missing_ok parameter. This change enhances the reliability of the backup upload process by ensuring that stale references are properly cleared before setting a new golden image path.
2026-02-24 00:19:40 +02:00

452 lines
12 KiB
Markdown
Raw Blame History

# reTerminal DM4 — Backup Device Configuration Audit
> **Date:** 2026-02-23
> **Source device:** 10.20.50.147 (via jump host 10.20.30.153)
> **Purpose:** Document all manual configuration found on the old backup image.
---
## 1. Operating System
| Property | Value |
|----------|-------|
| **Distro** | Debian GNU/Linux 13 (trixie) — full version 13.2 |
| **Kernel** | 6.12.62+rpt-rpi-v8 (aarch64, PREEMPT, Raspberry Pi patched) |
| **Hardware** | Raspberry Pi Compute Module 4 Rev 1.1 |
| **Hostname** | `raspberrypi` (not changed from default) |
| **Locale** | `en_US.UTF-8` (all categories) |
| **Timezone** | `Asia/Nicosia` (EET, +0200) |
| **NTP** | Active via `systemd-timesyncd` |
| **Root filesystem** | `/dev/mmcblk0p2` ext4, 29 GB total, 11 GB used (39%) |
| **Boot partition** | `/dev/mmcblk0p1` vfat, mounted at `/boot/firmware` |
| **Swap** | zram0, ~2 GB (compressed RAM swap) |
| **RAM** | 7.6 GiB total |
---
## 2. User Accounts
| User | UID | Shell | Home | Notes |
|------|-----|-------|------|-------|
| `pi` | 1000 | `/bin/bash` | `/home/pi` | Primary user, passwordless sudo |
| `root` | 0 | `/bin/bash` | `/root` | Standard |
| `lightdm` | 104 | `/bin/false` | `/var/lib/lightdm` | Display manager service account |
### pi user groups
`pi adm dialout cdrom sudo audio video plugdev games users input render netdev spi i2c gpio lpadmin`
### Sudoers
- `pi ALL=(ALL) NOPASSWD: ALL` — full passwordless sudo.
---
## 3. Boot Configuration
### `/boot/firmware/config.txt`
Key non-default settings:
```ini
# Hardware interfaces
dtparam=audio=on
dtparam=i2c_arm=on
dtparam=i2c_vc=on
dtparam=i2s=on
dtparam=spi=on
enable_uart=1
# Display
display_auto_detect=0 # DSI auto-detect disabled (manual overlay)
disable_fw_kms_setup=1
max_framebuffers=2
disable_overscan=1
ignore_lcd=1
# CM4 USB host mode
otg_mode=1 # [cm4] section
# Antenna
dtparam=ant2 # External antenna
# Overlays
dtoverlay=dwc2,dr_mode=host
dtoverlay=i2c1,pins_2_3
dtoverlay=i2c3,pins_4_5
dtoverlay=imx219,cam0 # Camera module
dtoverlay=vc4-kms-v3d # GPU/KMS driver
dtoverlay=reTerminal-DM # Seeed reTerminal DM overlay
```
### `/boot/firmware/cmdline.txt`
```
console=tty1 root=PARTUUID=5c5604eb-02 rootfstype=ext4 fsck.repair=yes rootwait
quiet splash plymouth.ignore-serial-consoles cfg80211.ieee80211_regdom=CY
logo.nologo vt.global_cursor_default=0 console=tty3 loglevel=0
```
Notable flags:
- `quiet splash` — silent boot with Plymouth splash
- `cfg80211.ieee80211_regdom=CY` — WiFi regulatory domain set to Cyprus
- `logo.nologo` — kernel logo hidden
- `vt.global_cursor_default=0` — no blinking cursor on VT
- `console=tty3 loglevel=0` — boot messages redirected, minimal logging
### Device Tree Overlay
The Seeed `reTerminal-DM.dtbo` overlay is installed at `/boot/firmware/overlays/reTerminal-DM.dtbo`.
---
## 4. Display & Desktop Environment
### Session Stack
| Component | Value |
|-----------|-------|
| **Display manager** | LightDM 1.32.0 |
| **Greeter** | `pi-greeter-labwc` |
| **User session** | `rpd-labwc` (Raspberry Pi Desktop on Wayland) |
| **Compositor** | labwc 0.9.2 (wlroots 0.19-based Wayland compositor) |
| **XWayland** | Running for X11 app compatibility |
### LightDM Configuration (`/etc/lightdm/lightdm.conf`)
```ini
[Seat:*]
greeter-session=pi-greeter-labwc
greeter-hide-users=false
user-session=rpd-labwc
display-setup-script=/usr/share/dispsetup.sh
autologin-user=pi
autologin-session=rpd-labwc
```
- Auto-login enabled for user `pi`.
- Display setup script is a no-op (`exit 0`).
### Display Rotation — kanshi
`/home/pi/.config/kanshi/config`:
```
profile {
output DSI-1 enable scale 1.000000 mode 800x1280@60.000 position 0,0 transform 270
}
```
The DSI display (800x1280 native portrait) is rotated 270 degrees to landscape (1280x800).
### Touchscreen Mapping — labwc
`/home/pi/.config/labwc/rc.xml`:
```xml
<touch deviceName="10-005d Goodix Capacitive TouchScreen" mapToOutput="DSI-1" mouseEmulation="no"/>
```
The Goodix capacitive touchscreen is mapped to DSI-1 output with mouse emulation disabled.
### labwc Theme
- Theme: **PiXonyx** (dark variant)
- Font: **Nunito Sans Light 12** (both active and inactive windows)
- Title bar colors: `#76747C` background, `#F6F5F4` text
### Panel — wf-panel-pi
`/home/pi/.config/wf-panel-pi/wf-panel-pi.ini`:
```ini
[panel]
position=top
icon_size=32
window-list_max_width=200
monitor=DSI-1
```
### labwc Environment
`/home/pi/.config/labwc/environment`:
```
XKB_DEFAULT_MODEL=pc105
XKB_DEFAULT_LAYOUT=us
XCURSOR_SIZE=24
```
### GTK Theme
- GTK3: `Breeze`
- GTK2: (default — `.gtkrc-2.0` is mostly empty)
- dconf `gtk-theme`: `Breeze`
- dconf `font-name`: `Nunito Sans Light 12`
- dconf `cursor-size`: `24`
---
## 5. Plymouth Boot Splash
- **Active theme:** `custom`
- **Theme path:** `/usr/share/plymouth/themes/custom/`
- **Splash image:** `splash.png` (210 KB)
- **Script:** `custom.script` — scales `splash.png` to fit screen while maintaining aspect ratio; only shows during boot (not shutdown)
---
## 6. Chromium Kiosk Setup
### Autostart
`/home/pi/.config/autostart/chromium-kiosk.desktop`:
```ini
[Desktop Entry]
Type=Application
Name=Chromium Fullscreen
Exec=/home/pi/start-chromium.sh
```
### Launcher Script
`/home/pi/start-chromium.sh` — key behaviour:
1. Sets `GDK_BACKEND=x11` and unsets `WAYLAND_DISPLAY` (forces X11 via XWayland)
2. Waits for the desktop environment (pcmanfm/lxsession/xfdesktop) to appear
3. Launches Chromium with:
- `--start-fullscreen --noerrdialogs --disable-infobars`
- `--disable-session-crashed-bubble --disable-restore-session-state`
- `--no-first-run --password-store=basic --use-mock-keychain`
- `--ozone-platform=x11`
- `--app=http://127.0.0.1:8080` (GNSS Guard web dashboard)
4. After launch, uses `wmctrl` to force the window fullscreen
### Chromium Version
`chromium 143.0.7499.169` (Debian trixie + RPi patches)
---
## 7. GNSS Guard Application
### Service
`/etc/systemd/system/gnss-guard.service`:
```ini
[Service]
Type=simple
User=pi
WorkingDirectory=/home/pi/tm-gnss-guard
ExecStart=/home/pi/tm-gnss-guard/.venv/bin/python /home/pi/tm-gnss-guard/main.py
Restart=always
RestartSec=10
```
- Runs as user `pi`, restarts on failure.
- Logs to `/home/pi/tm-gnss-guard/gnss_guard.log` (currently ~207 MB).
### Configuration (`.env.prod`)
| Setting | Value |
|---------|-------|
| **Asset name** | `OFFICE_LAB` |
| **Iteration period** | 30 seconds |
| **Stale threshold** | 60 seconds |
| **Validation threshold** | 200 meters |
| **TM AIS GPS** | Enabled — `https://localhost:8443/location` |
| **Starlink GPS** | Enabled — `10.130.60.70:9200` |
| **NMEA Primary** | Enabled — `10.130.60.61:4001` |
| **NMEA Secondary** | Enabled — `10.130.60.61:4002` |
| **Web dashboard** | Enabled — `0.0.0.0:8080` |
| **Demo mode** | `true` |
| **Server sync** | Enabled — `https://gnss.tototheo.com` |
| **DB path** | `data/gnss_guard.db` |
### Python Dependencies
```
grpcio, grpcio-tools, protobuf, yagrc, typing-extensions,
requests, python-dotenv, Flask, pandas, numpy, folium
```
### Web Dashboard
Listening on port **8080** (all interfaces). Chromium connects to `http://127.0.0.1:8080` in kiosk mode.
---
## 8. Network Configuration
### Interfaces
| Interface | Status | Address | Notes |
|-----------|--------|---------|-------|
| `eth0` | UP | `10.20.50.147/24` | DHCP, default route via `10.20.50.1` |
| `wlan0` | DOWN | — | WiFi available but not connected |
| `can0` | DOWN | — | CAN bus interface (reTerminal DM hardware) |
### NetworkManager
Manages networking. Two saved WiFi connections:
1. **RUT_C56F_2G** — WPA-PSK, `wlan0`
2. **iPhone Shulm** — WPA-PSK, `wlan0`
### DNS
`10.130.60.1` (via NetworkManager/DHCP)
### DHCP Client
`dhcpcd` config is present but NetworkManager is the active manager.
---
## 9. SSH Configuration
- OpenSSH server enabled (`ssh.service`)
- Standard config: `KbdInteractiveAuthentication no`, `UsePAM yes`, `X11Forwarding yes`
- `regenerate_ssh_host_keys.service` enabled (cloud-init key regen)
---
## 10. VNC (WayVNC)
- **wayvnc.service** — enabled and running
- **wayvnc-control.service** — enabled and running
- Listening on port **5900** (all interfaces)
- Runs as user `vnc` with GPU acceleration (`--gpu`)
- Uses Wayland native VNC (no X11 dependency)
---
## 11. Cloud-Init
- Cloud-init is **installed and enabled** (all 5 stages: local, network, config, main, final)
- Status: `done`
- `/boot/firmware/user-data` contains the default template (all commented out, no active config)
---
## 12. Hardware & Peripherals
### I2C Devices (bus 1)
| Address | Status |
|---------|--------|
| `0x18` | In use (UU) |
| `0x21` | In use (UU) |
| `0x29` | In use (UU) |
### USB Devices
| Device | Description |
|--------|-------------|
| USB Hub | Microchip 2514 (x2, chained) |
| Serial | QinHeng CH34x USB Dual Serial |
### Kernel Modules (notable)
| Module | Purpose |
|--------|---------|
| `goodix_ts` | Capacitive touchscreen driver |
| `imx219` | Camera module driver |
| `mcp251xfd` | CAN bus controller (SPI) |
| `ch34x` | USB-to-serial converter |
| `brcmfmac` | Broadcom WiFi |
| `hci_uart` | Bluetooth UART |
| `spidev` | SPI userspace interface |
### Serial Ports
- `/dev/ttyS0` — hardware UART (enabled via `enable_uart=1`)
### DRM Devices
- `card0`, `card1` — GPU outputs
- `renderD128` — GPU render node
---
## 13. Other Installed Software
| Package | Purpose |
|---------|---------|
| `maliit-keyboard` | On-screen virtual keyboard (Wayland-native) |
| `wmctrl` | X11 window manipulation (used by Chromium launcher) |
| `wlr-randr` | Wayland output configuration tool |
| `swaybg` | Wayland wallpaper setter |
| `xinput` | X input device configuration |
| `libgtk-layer-shell0` | GTK layer-shell support (for overlay windows) |
| `python3-gi` / `python3-gi-cairo` | Python GObject Introspection bindings |
| `plasma-browser-integration` | KDE Plasma ↔ Chromium integration |
| `wayvnc` | Wayland-native VNC server |
| `autotouch` | Automatic touchscreen association for labwc |
---
## 14. Additional Files in Home Directory
| File/Dir | Purpose |
|----------|---------|
| `start-chromium.sh` | Chromium kiosk launcher (see section 6) |
| `revert-to-lxde.sh` | Script to switch back to LXDE desktop |
| `auto-fit-page.js` | JS helper for page fitting (likely Chromium extension) |
| `auto-scale-page.js` | JS helper for page scaling |
| `tm-gnss-guard/` | GNSS Guard application (see section 7) |
| `buzzer/` | Buzzer test scripts (`test_buzzer.py`, `test_buzzer.sh`) |
| `desktop-backup/` | Backup of previous desktop session config |
| `os_backup/` | OS backup related files |
---
## 15. Services Summary
### Custom / Non-Default Enabled Services
| Service | Description |
|---------|-------------|
| `gnss-guard.service` | TM GNSS Guard — GPS monitoring (custom) |
| `lightdm.service` | Display manager with auto-login |
| `wayvnc.service` | VNC server for remote access |
| `wayvnc-control.service` | VNC control companion service |
| `cloud-init (5 units)` | Cloud-init first-boot provisioning |
| `ModemManager.service` | Modem management |
| `NetworkManager.service` | Network management |
| `bluetooth.service` | Bluetooth |
| `ssh.service` | SSH server |
| `cups.service` | Printing (probably not needed for kiosk) |
| `nfs-blkmap.service` | NFS block mapping (probably not needed) |
| `rpcbind.service` | RPC port mapper (probably not needed) |
| `smartmontools.service` | Disk SMART monitoring |
### Listening Ports
| Port | Service | Binding |
|------|---------|---------|
| 22 | SSH | `0.0.0.0` |
| 631 | CUPS | `127.0.0.1` |
| 1716 | KDE Connect | `*` |
| 5900 | WayVNC | `*` |
| 8080 | GNSS Guard web | `0.0.0.0` |
---
## 16. Key Differences from Automated Provisioning
Comparing to the current `first-boot.conf`, this backup image has:
1. **Hostname:** Still `raspberrypi` — the automated flow sets it to `guard`
2. **Desktop session:** Using `rpd-labwc` (same as automated target)
3. **Chromium launcher:** Manual script at `/home/pi/start-chromium.sh` using X11/XWayland, while the automated flow uses a Wayland-native approach
4. **Display rotation:** Configured via kanshi (same 270 degree rotation)
5. **Touchscreen:** Mapped in labwc `rc.xml` (same Goodix → DSI-1 mapping)
6. **Plymouth:** Custom theme installed manually
7. **GNSS Guard:** Deployed from separate repo, running as systemd service
8. **Theme:** labwc PiXonyx + GTK Breeze (mixed); automated flow uses PiXnoir
9. **WiFi regulatory:** Set to CY (Cyprus) in cmdline.txt
10. **CUPS / NFS / rpcbind:** Installed but likely unnecessary for kiosk deployment
Reference in New Issue View Git Blame Copy Permalink