Locked Down Offline Wikipedia Kiosk on Raspberry Pi 4

CanaKit Raspberry Pi 4 (4GB) Starter Kit (Amazon Affiliate)
US: https://amzn.to/3azJgrW
UK: https://amzn.to/2JdMq9o
CA: https://amzn.to/3bwiRvY
ES: https://amzn.to/2T06LnM (similar)
FR: https://amzn.to/3cvIZrs (similaire)
IT: https://amzn.to/2Ar74Sj (simile)
DE: https://amzn.to/2AqfWHQ (ähnlich)
IN: https://amzn.to/3ey6fWj
AU: https://amzn.to/2VTUt1C
NL: https://amzn.to/3f5NdsD (vergelijkbaar)

Outstanding Issues
  • You can halt the boot process by holding down control-c. This doesn’t seem to allow the user to gain access to the system.
  • This wasn’t working with Raspberry Pi 2 or 3 at first but I added “sudo adduser kiosk video” to the setup and it works now. I don’t think older models have enough RAM to make it feasible with this setup.
General Notes

To exit Nano text editor, type: control-o to save and control-x to exit

Type “shutdown -h now” to shutdown from the terminal

Type “shutdown -r now” to reboot from the terminal

Setup Raspberry Pi
sudo raspi-config

Configure these options:

Change User Password
Boot Options > Desktop / CLI > Console Autologin
Localization Options > All
Advanced Options > Overscan
Advanced Options > Resolution*

* This is only needed for Raspberry Pi 3 and older if you want a to change resolution.

Update System
sudo apt update && sudo apt upgrade
Install Packages
sudo apt install --no-install-recommends xorg openbox ufw nginx surf-display ttf-ancient-fonts
Add Kiosk User Account
sudo adduser kiosk
sudo passwd -l kiosk
sudo adduser kiosk video
Add startx to User .bashrc
sudo nano /home/kiosk/.bashrc
startx
Change Resolution (optional)*
sudo nano /home/kiosk/.xsessionrc
xrandr --output HDMI-1 --mode 1280x720

* Only needed for Raspberry Pi 4 and newer if you want to change resolution

Change Autologin to kiosk User
sudo nano /etc/systemd/system/getty@tty1.service.d/autologin.conf
ExecStart=-/sbin/agetty --autologin kiosk --noclear %I $TERM
Download Kiwix Server

https://www.kiwix.org/en/downloads/kiwix-serve/

Download Kiwix Content (Zim File)

https://wiki.kiwix.org/wiki/Content_in_all_languages

Send Kiwix Server and Zim File to Raspberry Pi (run on local computer)
scp ~/Downloads/kiwix-tools_linux-armhf*.tar.gz pi@raspberrypi.local:~/
scp ~/Downloads/*.zim pi@raspberrypi.local:~/
Decompress Kiwix Server
tar -zxvf kiwix-tools_linux-armhf*.tar.gz
Move Binaries to Executable Directory
sudo mv kiwix-tools_linux-armhf-*/* /usr/local/bin/
Move Zim File to Directory
sudo mv wikipedia*.zim /var/local/
Create Kiwix Service
sudo nano /etc/systemd/system/kiwix.service
[Unit]
Description=Kiwix Service
After=network.target
[Service]
Type=simple
User=root
Group=root
ExecStart=/usr/local/bin/kiwix-serve -mb /var/local/wikipedia_en_simple_all_nopic_2020-02.zim -p 8080
Restart=always
RestartSec=3
[Install]
WantedBy=multi-user.target
Start Kiwix Service
sudo systemctl enable kiwix
sudo systemctl start kiwix
Test Kiwix Server in a Web Browser
http://<ip_address_of_raspberry_pi>:8080
Configure Nginx Reverse Proxy
sudo nano /etc/nginx/sites-available/default
#try_files $uri $uri/ =404;
proxy_pass http://127.0.0.1:8080;
 location /catch/ {
 return 301 http://$host;
 }
Restart Nginx
sudo systemctl restart nginx
Setup Surf Web Browser
sudo nano /etc/default/surf-display
DEFAULT_WWW_URI="http://127.0.0.1"
INACTIVITY__INTERVAL="300"
Add surf-display to Openbox autostart script
sudo nano /etc/xdg/openbox/autostart
surf-display http://127.0.0.1 &
Disable Keyboard Power Button (Choose One Option)
sudo nano /etc/systemd/logind.conf
HandlePowerKey=ignore # Do nothing
HandlePowerKey=reboot # Reboot
Disable Ctrl-Alt-Backspace
sudo nano /usr/share/X11/xorg.conf.d/dontzap.conf
Section "ServerFlags"
    Option "DontZap" "true"
EndSection
Disable Virtual Console Switching
sudo nano /etc/X11/Xsession.d/65srvrkeys-none
setxkbmap -option srvrkeys:none
Disable tty Consoles
sudo nano /etc/systemd/logind.conf
NAutoVTs=0
ReserveVT=0
Disable Ctrl-Alt-Delete
sudo rm /lib/systemd/system/ctrl-alt-del.target
sudo ln -s /dev/null /lib/systemd/system/ctrl-alt-del.target
sudo systemctl daemon-reload
Disable Print Screen (and other key combinations)
sudo mkdir -p /home/kiosk/.config/openbox
sudo cp /etc/xdg/openbox/rc.xml /home/kiosk/.config/openbox/
sudo nano /home/kiosk/.config/openbox/rc.xml

Type control-w to search for ‘<keyboard>’

Go to the next line and press control-shift-6 to start selection

Select down to just before ‘</keyboard>’ and press control-k to remove configuration

You should end up with:

<keyboard>
</keyboard>
Setup Firewall
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw enable
sudo ufw status
Reboot System
sudo reboot
Set System to Read Only
sudo raspi-config

Advanced Options > Overlay FS

Managing Users and Changing Hostname on Raspberry Pi Raspbian

CanaKit Raspberry Pi 4 (4GB) Starter Kit (Amazon Affiliate)
US: https://amzn.to/3azJgrW
UK: https://amzn.to/2JdMq9o
CA: https://amzn.to/3bwiRvY
ES: https://amzn.to/2T06LnM (similar)
FR: https://amzn.to/3cvIZrs (similaire)
IT: https://amzn.to/2Ar74Sj (simile)
DE: https://amzn.to/2AqfWHQ (ähnlich)
IN: https://amzn.to/3ey6fWj
AU: https://amzn.to/2VTUt1C
NL: https://amzn.to/3f5NdsD (vergelijkbaar)

Raspberry Pi Playlist: https://www.youtube.com/playlist?list=PLErU2HjQZ_ZPvIdR5BEqDgO7DsGAla_AZ

Enter Global skel Directory
cd /etc/skel
View skel Files
ls -al

Files and scripts added to this directory will show up on all newly created user account.

Return to Home Directory
cd
See Which Account You are Logged in Under
whoami
Switch to root User
sudo su
Add User
sudo adduser rick
Give User sudo Privileges
sudo adduser rick sudo
Switch Users
su rick
Move to the sudoers.d Directory
cd /etc/sudoers.d/
Copy nopasswd File
sudo cp 010_pi-nopasswd 010_rick_nopasswd
Edit nopasswd File
sudo nano 010_rick_nopasswd
Change:
pi ALL=(ALL) NOPASSWD: ALL
To:
rick ALL=(ALL) NOPASSWD: ALL
View Current Hostname
hostnamectl
Change Hostname
sudo hostnamectl set-hostname rickpi
Change hosts File
sudo nano /etc/hosts
Change:
127.0.1.1 raspberrypi
To:
127.0.1.1 rickpi
Restart avahi-daemon
sudo systemctl restart avahi-daemon

Ping New Hostname

ping rickpi.local
Delete User Account
sudo userdel -r pi

If the user is currently being used by a process, remove them from autologin.

sudo raspi-config

Boot Options > Desktop / CLI

Choose a choice without auto log in.

Reboot System
sudo reboot
Repeat Delete User account
sudo userdel -r pi
View passwd File
cat /etc/passwd 

Auto Run an Application on Raspberry Pi Raspbian Desktop

CanaKit Raspberry Pi 4 (4GB) Starter Kit (Amazon Affiliate)
US: https://amzn.to/3azJgrW
UK: https://amzn.to/2JdMq9o
CA: https://amzn.to/3bwiRvY
ES: https://amzn.to/2T06LnM (similar)
FR: https://amzn.to/3cvIZrs (similaire)
IT: https://amzn.to/2Ar74Sj (simile)
DE: https://amzn.to/2AqfWHQ (ähnlich)
IN: https://amzn.to/3ey6fWj
AU: https://amzn.to/2VTUt1C
NL: https://amzn.to/3f5NdsD (vergelijkbaar)

Raspberry Pi Playlist: https://www.youtube.com/playlist?list=PLErU2HjQZ_ZPvIdR5BEqDgO7DsGAla_AZ

Find the Full Path of an Executable
which chromium-browser
Show the Path of your Home Directory
pwd

Setup autostart for a All Users

Open Global autostart Config for Editing*
sudo nano /etc/xdg/lxsession/LXDE-pi/autostart

* You can alternatively use mousepad editor instead of nano

Add Application to autostart File
@/usr/bin/chromium-browser https://www.rickmakes.com

Control-o to save, Control-x to exit

Logout and login to test your configuration. You can alternatively reboot the Raspberry Pi.

Setup autostart for a Specific User

Create Config Directory
mkdir -p .config/lxsession/LXDE-pi
Copy autostart Global Config File
cp /etc/xdg/lxsession/LXDE-pi/autostart .config/lxsession/LXDE-pi/
Open User autostart Config for Editing
nano .config/lxsession/LXDE-pi/autostart
Add Application to autostart File
@/usr/bin/chromium-browser https://www.rickmakes.com

Logout and login to test your configuration. You can alternatively reboot the Raspberry Pi.

Setting Up a RAM Disk on a Raspberry Pi 4

CanaKit Raspberry Pi 4 (4GB) Starter Kit (Amazon Affiliate)
US: https://amzn.to/3azJgrW
UK: https://amzn.to/2JdMq9o
CA: https://amzn.to/3bwiRvY
ES: https://amzn.to/2T06LnM (similar)
FR: https://amzn.to/3cvIZrs (similaire)
IT: https://amzn.to/2Ar74Sj (simile)
DE: https://amzn.to/2AqfWHQ (ähnlich)
IN: https://amzn.to/3ey6fWj
AU: https://amzn.to/2VTUt1C
NL: https://amzn.to/3f5NdsD (vergelijkbaar)

Check for Free RAM
free
Remove Swap
sudo dphys-swapfile swapoff
sudo dphys-swapfile uninstall
sudo update-rc.d dphys-swapfile remove
sudo apt purge dphys-swapfile
Create Mount Point
sudo mkdir -p /mnt/ramdisk
Change Permissions
sudo chown -R pi:pi /mnt/ramdisk
Create RAM Disk
sudo mount -osize=2G -t tmpfs tmpfs /mnt/ramdisk
Benchmark
cd /mnt/ramdisk
dd if=/dev/zero of=temp.txt bs=1M count=1024
dd if=temp.txt of=/dev/null bs=1M count=1024
Unmount Ram Disk
sudo umount /mnt/ramdisk
Make Ram Disk Automatic on Boot
sudo nano /etc/fstab
tmpfs /mnt/ramdisk tmpfs defaults,noatime,mode=755,uid=pi,gid=pi,size=2g 0 0

Type control-o to save and control-x to exit.

Test fstab
sudo mount -a