108 lines
3 KiB
Text
108 lines
3 KiB
Text
# Shepherd Launcher - Kiosk Mode Sway Configuration
|
|
# This config makes Sway act as a kiosk environment with a custom launcher
|
|
|
|
### Variables
|
|
set $launcher ./target/debug/shepherd-launcher
|
|
|
|
### Output configuration
|
|
# Set up displays (adjust as needed for your hardware)
|
|
output * bg #000000 solid_color
|
|
|
|
### Idle configuration
|
|
# Prevent screen from turning off (adjust timeout as needed)
|
|
exec swayidle -w \
|
|
timeout 600 'swaymsg "output * dpms off"' \
|
|
resume 'swaymsg "output * dpms on"'
|
|
|
|
### Input configuration
|
|
# Disable touchpad/mouse acceleration if needed
|
|
input type:pointer {
|
|
accel_profile flat
|
|
}
|
|
|
|
### Key bindings - HEAVILY RESTRICTED for kiosk mode
|
|
|
|
# Disable ALL default Sway keybindings by not setting a modifier
|
|
# This prevents users from opening terminals, switching workspaces, etc.
|
|
|
|
# Disable TTY switching (Ctrl+Alt+F1-F12)
|
|
# This is handled by disabling VT switching at the kernel/systemd level
|
|
# Add this to kernel parameters: vt.handoff=0
|
|
# Or in /etc/systemd/logind.conf: NAutoVTs=0 and ReserveVT=0
|
|
|
|
# Emergency exit for admin (Super+Shift+Escape) - REMOVE IN PRODUCTION
|
|
bindsym Mod4+Shift+Escape exit
|
|
|
|
### Window rules for kiosk behavior
|
|
|
|
# Make all windows fullscreen by default
|
|
for_window [class=".*"] fullscreen enable
|
|
for_window [app_id=".*"] fullscreen enable
|
|
|
|
# Disable window decorations (no title bars)
|
|
default_border none
|
|
default_floating_border none
|
|
|
|
# Disable gaps
|
|
gaps inner 0
|
|
gaps outer 0
|
|
|
|
# Force focus mode - only one visible window at a time
|
|
workspace_layout tabbed
|
|
focus_follows_mouse no
|
|
|
|
# Prevent window closing via keybindings (no Alt+F4)
|
|
# Windows can only be closed by the application itself
|
|
|
|
# Hide mouse cursor after inactivity
|
|
seat * hide_cursor 5000
|
|
|
|
### Workspace configuration
|
|
|
|
# Use only one workspace for true kiosk mode
|
|
workspace 1 output *
|
|
|
|
### Application launcher
|
|
|
|
# Start the shepherd-launcher on startup
|
|
exec_always $launcher
|
|
|
|
### Disable workspace switching
|
|
# No keybindings defined = no switching possible
|
|
|
|
### Status bar - DISABLED for kiosk mode
|
|
# bar {
|
|
# position top
|
|
# }
|
|
|
|
### Additional security measures
|
|
|
|
# Disable Xwayland if not needed (prevents X11 escape hatches)
|
|
# xwayland disable
|
|
|
|
# Prevent floating windows (everything fullscreen)
|
|
for_window [floating] fullscreen enable
|
|
|
|
# Lock down IPC for security (prevents external control)
|
|
# ipc {
|
|
# socket disable
|
|
# }
|
|
|
|
### Focused window indicator
|
|
# Since there's no title bar, no visual indication needed
|
|
focus_on_window_activation focus
|
|
|
|
### Mouse bindings - DISABLED
|
|
# No mouse bindings defined to prevent window manipulation
|
|
|
|
### Notes for production deployment:
|
|
# 1. Remove the emergency exit keybinding (Super+Shift+Escape)
|
|
# 2. Add kernel parameter: vt.handoff=0
|
|
# 3. Configure auto-login to this Sway session
|
|
# 4. Set up systemd to restart Sway if it crashes
|
|
# 5. Consider using a systemd user service for the launcher
|
|
# 6. Lock down sudo/root access
|
|
# 7. Disable virtual console switching in /etc/systemd/logind.conf:
|
|
# NAutoVTs=0
|
|
# ReserveVT=0
|
|
# 8. Consider running as a dedicated user account with limited permissions
|