It’s Friday night and I’m registering a domain, as one does.
Posts in "geek"
Replacing the login and lock screens on a Raspberry Pi
My uConsole computer finally arrived after a 10-month delay. I started kicking the tires by installing fun software on it, and quickly realized it’d run better if it looked cool. Here’s how I did it.
Change the boot image
Raspberry Pi OS uses Plymouth to make show a boot splashscreen. By default, it displays the image file at /usr/share/plymouth/themes/pix/splash.png. I’m sure there’s a “better” way to do this, but I simply replaced that file with my own 1280x720 image (to match the screen’s native resolution):
$ cd /usr/share/plymouth/themes/pix
$ sudo cp splash.png splash.png-dist # Keep a backup
$ sudo cp myimage.png splash.png
$ sudo plymouth-set-default-theme --rebuild-initrd pix
That last line rebuilds the initrd image so that the kernel will use the new image.
Change the lock image
I use Wayland instead of X11, and that setup uses pi-greeter to show a lock screen. That requires editing /etc/lightdm/pi-greeter.conf. I copied my new user image to /usr/share/plymouth/themes/pix/smiley.png, which isn’t the right place to put it exactly, but has it living next to the splash.png I installed in the previous step. Then I backed up pi-greeter.conf and edited its default-user-image and wallpaper values like so:
--- pi-greeter.conf-dist 2026-06-22 18:52:53.702242786 -0700
+++ pi-greeter.conf 2026-06-22 18:55:06.519726407 -0700
[@@](https://micro.blog/@) -1,7 +1,7 [@@](https://micro.blog/@)
[greeter]
-default-user-image=/usr/share/raspberrypi-artwork/clockworkpi.png
+default-user-image=/usr/share/plymouth/themes/pix/smiley.png
desktop_bg=#000000
-wallpaper=/usr/share/rpd-wallpaper/RPiSystem_dark.png
+wallpaper=/usr/share/plymouth/themes/pix/splash.png
wallpaper_mode=center
gtk-icon-theme-name=PiXflat
gtk-font-name=Nunito Sans 12
Note that usr/share/raspberrypi-artwork/clockworkpi.png doesn’t even exist by default, so the lock screen falls back to a boring silhouette of a person.
Make the screen automatically lock
I’m teaching my coworkers not to trust leaving their laptops unlocked, and I have to practice what I preach. I want my screen to automatically lock if I ever forget to manually do it. That’s easy! Edit the ~/.config/labwc/autostart file like this:
--- autostart-dist 2026-06-22 19:12:18.204495749 -0700
+++ autostart 2026-06-22 19:12:12.708859097 -0700
[@@](https://micro.blog/@) -1 +1 [@@](https://micro.blog/@)
-swayidle -w timeout 600 'wlopm --off \*' resume 'wlopm --on \*' &
+swayidle -w timeout 300 'swaylock -f -p' timeout 600 'wlopm --off \*' resume 'wlopm --on \*' &
The extra timeout 300 'swaylock -f -p' locks the screen after a 5 minute idle timeout.
Ta-da!
And that’s it! Reboot and enjoy your cool graphics and slightly more secure setup.
A coworker brought a little Python-programmable rolling robot ball to the work offsite. She asked a group of us, in seriousness, if she brought it out after dinner, would anyone be able to help debug some of the code.
My friend, you have a robot. A programmable one. Around us. I guarantee that thing’ll get debugged before you take it away for the night. It might not end up with the original code, but it’ll do something alright.
I also got to introduce the word “nerdsniped”.
I bought a DM42n calculator a while ago and it’s been a fun desk toy that I admittedly have little practical need for. I’ve since updated it to use the C47 system which is the most delightfully nerdy, ludicrously powerful calculator mankind’s ever schemed up. My kingdom for a printed manual, but still!
“You wouldn’t download a laptop, would you?”
“I’m saddened that you so completely misunderstand me.”
I have, in fact, downloaded a laptop, printed it, and installed a Free operating system.
I’ve spent too much of this weekend writing Ansible to make all my Raspberry Pis similar.
This might say more than I’d wish about my nerd level, and about how many tiny computers I have laying around.
I’ve been using Just for a while as a task runner. It’s similar to Make, but optimized for developer ergonomics with a vastly simpler syntax and a wonderful CLI. I’d also been using Mise for other environment management things, such as installing specific versions of Python and NPM and other tools in a project directory.
Someone introduced me to Mise’s own newish task runner, and it just might win me over from Just for most things:
- Instead of using 2 tools, I can use 1.
- Just still feels nicer to me, perhaps because I’m more used to it, but Mise is good enough that I don’t think I’d miss the extra features.
- Mise lets you write tasks in separate files, which lets any editor handle them well without having to support justfile syntax, but still shares a CLI with inline tasks.
I like it.
Forgejo Runner in rootless Podman on Debian
I wanted to experiment with Forgejo’s Actions as a DIY alternative to GitHub Actions, using a nearby Raspberry Pi as a build server. I also wanted to deviate slightly from their Runner installation process by executing the Runner and rootless Podman as a regular, non-privileged user and without using the system-level systemctl. It was pretty easy once I wrapped my head around it.
- Set up the runner user. Since I was using Podman, not Docker, I didn’t have to add it to the
dockergroup. As root:
root# useradd --create-home forgejo-runner
This created user number 1001 on my system. Remember that number later when it’s time to configure systemd.
- Allow that user to run commands via
systemctlwithout logging in and launching them manually:
root# loginctl enable-linger forgejo-runner
- Use
machinectlinstead ofsuto become theforgejo-runneruser. Without this, mostsystemdcommands will fail with theFailed to connect to bus: No medium foundmessage. I’m certain there’s a way to getsuorsudoto play nicely withdbusbut I had more interesting problems to solve today than this.
root# apt install systemd-container
root# machinectl shell forgejo-runner@
- Run
podman-system-serviceas theforgejo-runneruser:
$ systemctl --user enable podman.socket
$ systemctl --user start podman.socket
- Run the
forgejo-runnerprogram as theforgejo-runneruser. I lightly modified the standard forgejo-runner.service file:
$ cat > .config/systemd/user/forgejo-runner.service <<EOHD
[Unit]
Description=Forgejo Runner
Documentation=https://forgejo.org/docs/latest/admin/actions/
After=podman.socket
[Service]
ExecStart=/usr/local/bin/forgejo-runner daemon
ExecReload=/bin/kill -s HUP $MAINPID
# 1001 is the forgejo-runner user's UID
Environment="DOCKER_HOST=unix:///run/user/1001/podman/podman.sock"
# This user and working directory must already exist
WorkingDirectory=/home/forgejo-runner
Restart=on-failure
TimeoutSec=0
RestartSec=10
[Install]
WantedBy=default.target
EOHD
$ systemctl --user daemon-reload
$ systemctl --user enable forgejo-runner.service
$ systemctl --user start forgejo-runner.service
I rebooted my RPi to make sure it would start on its own and it did. Yay! Now I can run Forgejo Actions on my little server and everything works as documented.
AWS WAF now uses /64s instead of /128s for IPv6 rate-limit bucketing. That’s a huge and welcome improvement!
It astounds me that in 2024 there’s no canonical way to select which CSS to use for a web browser on a phone screen. You have to guess at how many CSS pixels wide your target device is. If next year’s device is any larger than a hardcoded threshold, they may get your desktop layout instead.
I know there are people who’ve made their careers out of memorizing all the edge cases of this monstrosity. Those are lifetimes lost to toil because no one can agree on an official way to look nice on a cell phone, or the one true way to center an image. It’s madness.