147 lines
4.7 KiB
Text
147 lines
4.7 KiB
Text
# Shepherd Launcher - Kiosk Mode Sway Configuration
|
|
# This config makes Sway act as a kiosk environment with a custom launcher
|
|
|
|
### Variables
|
|
set $launcher ./target/debug/shepherd-launcher
|
|
set $hud ./target/debug/shepherd-hud
|
|
|
|
### Output configuration
|
|
# Set up displays (adjust as needed for your hardware)
|
|
output * bg #000000 solid_color
|
|
|
|
# Hide ALL window borders and focus indicators by making them transparent/black
|
|
# Note: The 5th value is the "child_border" which is the actual visible border
|
|
client.focused #000000 #000000 #ffffff #000000 #000000
|
|
client.focused_inactive #000000 #000000 #888888 #000000 #000000
|
|
client.unfocused #000000 #000000 #888888 #000000 #000000
|
|
client.urgent #000000 #000000 #ffffff #000000 #000000
|
|
client.placeholder #000000 #000000 #888888 #000000 #000000
|
|
client.background #000000
|
|
|
|
# Completely hide focus indicator by hiding the mark
|
|
hide_edge_borders --i3 both
|
|
|
|
### Idle configuration
|
|
# Prevent screen from turning off (adjust timeout as needed)
|
|
exec swayidle -w \
|
|
timeout 600 'swaymsg "output * dpms off"' \
|
|
resume 'swaymsg "output * dpms on"'
|
|
|
|
### Input configuration
|
|
# Disable touchpad/mouse acceleration if needed
|
|
input type:pointer {
|
|
accel_profile flat
|
|
}
|
|
|
|
### Key bindings - HEAVILY RESTRICTED for kiosk mode
|
|
|
|
# Disable ALL default Sway keybindings by not setting a modifier
|
|
# This prevents users from opening terminals, switching workspaces, etc.
|
|
|
|
# Disable TTY switching (Ctrl+Alt+F1-F12)
|
|
# This is handled by disabling VT switching at the kernel/systemd level
|
|
# Add this to kernel parameters: vt.handoff=0
|
|
# Or in /etc/systemd/logind.conf: NAutoVTs=0 and ReserveVT=0
|
|
|
|
# Emergency exit for admin (Super+Shift+Escape) - REMOVE IN PRODUCTION
|
|
bindsym Mod4+Shift+Escape exit
|
|
|
|
### Window rules for kiosk behavior
|
|
|
|
# Shepherd HUD should always be visible on top (likely uses layer-shell protocol)
|
|
# Layer shell surfaces are automatically handled by sway and don't need window rules
|
|
|
|
# Make launcher windows fullscreen
|
|
for_window [app_id="shepherd-launcher"] fullscreen enable
|
|
|
|
# Make other windows fullscreen by default and remove decorations
|
|
for_window [class=".*"] fullscreen enable, border none, title_format ""
|
|
for_window [app_id=".*"] fullscreen enable, border none, title_format ""
|
|
|
|
# Minecraft-specific rules (XWayland Electron app)
|
|
for_window [class="Minecraft.*"] fullscreen enable, border none
|
|
for_window [class="minecraft-launcher"] fullscreen enable, border none
|
|
for_window [title="Minecraft.*"] fullscreen enable, border none
|
|
|
|
# Disable window decorations (no title bars) - for all windows
|
|
default_border none
|
|
default_floating_border none
|
|
|
|
# Force pixel border of 0 explicitly
|
|
default_border pixel 0
|
|
default_floating_border pixel 0
|
|
|
|
# Force no border on XWayland windows
|
|
for_window [shell="xwayland"] border none, border pixel 0
|
|
|
|
# Tell clients not to draw their own decorations (for apps that respect this)
|
|
# Note: Many Electron apps ignore this
|
|
titlebar_border_thickness 0
|
|
titlebar_padding 0 0
|
|
|
|
# Disable gaps
|
|
gaps inner 0
|
|
gaps outer 0
|
|
|
|
# Force focus mode - only one visible window at a time
|
|
workspace_layout tabbed
|
|
focus_follows_mouse no
|
|
|
|
# Prevent window closing via keybindings (no Alt+F4)
|
|
# Windows can only be closed by the application itself
|
|
|
|
# Hide mouse cursor after inactivity
|
|
seat * hide_cursor 5000
|
|
|
|
### Workspace configuration
|
|
|
|
# Use only one workspace for true kiosk mode
|
|
workspace 1 output *
|
|
|
|
### Application startup
|
|
|
|
# Note: shepherdd (daemon) and shepherd-hud are started by run-dev script
|
|
# before sway launches, so they're already running at this point
|
|
|
|
# Start the shepherd-launcher on startup (the main "home" screen)
|
|
exec_always $launcher
|
|
|
|
### Disable workspace switching
|
|
# No keybindings defined = no switching possible
|
|
|
|
### Status bar - DISABLED for kiosk mode
|
|
# bar {
|
|
# position top
|
|
# }
|
|
|
|
### Additional security measures
|
|
|
|
# Disable Xwayland if not needed (prevents X11 escape hatches)
|
|
# xwayland disable
|
|
|
|
# Prevent floating windows (everything fullscreen)
|
|
for_window [floating] fullscreen enable
|
|
|
|
# Lock down IPC for security (prevents external control)
|
|
# ipc {
|
|
# socket disable
|
|
# }
|
|
|
|
### Focused window indicator
|
|
# Since there's no title bar, no visual indication needed
|
|
focus_on_window_activation focus
|
|
|
|
### Mouse bindings - DISABLED
|
|
# No mouse bindings defined to prevent window manipulation
|
|
|
|
### Notes for production deployment:
|
|
# 1. Remove the emergency exit keybinding (Super+Shift+Escape)
|
|
# 2. Add kernel parameter: vt.handoff=0
|
|
# 3. Configure auto-login to this Sway session
|
|
# 4. Set up systemd to restart Sway if it crashes
|
|
# 5. Consider using a systemd user service for the launcher
|
|
# 6. Lock down sudo/root access
|
|
# 7. Disable virtual console switching in /etc/systemd/logind.conf:
|
|
# NAutoVTs=0
|
|
# ReserveVT=0
|
|
# 8. Consider running as a dedicated user account with limited permissions
|