Optimize SpoolBuddy kiosk performance on Raspberry Pi

  Add Chromium performance flags (disable-gpu-rasterization,
  enable-low-end-device-mode, disable-smooth-scrolling,
  disable-background-networking, disable-dev-shm-usage) to reduce
  CPU load from ~54% to manageable levels on Pi 4B.

  Expand service/package stripping to disable pipewire audio stack,
  CUPS printing, rpcbind, upower, polkit, accounts-daemon,
  xdg-desktop-portal, and mpris-proxy. Add user-level service
  masking for pipewire/portals that system-level disable misses.

CHANGELOG.md

@@ -12,6 +12,7 @@ All notable changes to Bambuddy will be documented in this file.
 - **External Folder Mounting for File Manager** ([#124](https://github.com/maziggy/bambuddy/issues/124)) — Host directories (NAS shares, USB drives, network storage) can now be mounted into the File Manager without copying files. Click "Link External" to point at a Docker bind-mounted path. Files are indexed into the database on scan but accessed directly from their original location — nothing is copied. Supports read-only mode (default, blocks uploads/moves/deletes), hidden file filtering, and automatic thumbnail extraction for 3MF, STL, gcode, and image files. External folders show a distinct icon and info bar with a rescan button. Deleting an external folder only removes the database index, never the actual files. Requested by @S1N4X.
 
 ### Improved
+- **SpoolBuddy Kiosk Performance Optimizations** — Added Chromium flags to reduce CPU usage on Raspberry Pi 4B: `--disable-gpu-rasterization` (stops overloading CPU when GPU can't keep up), `--enable-low-end-device-mode`, `--disable-smooth-scrolling`, `--disable-background-networking`, and `--disable-dev-shm-usage`. Also expanded the install script's service/package stripping to disable pipewire audio stack, CUPS printing, PipeWire/PulseAudio, rpcbind, upower, polkit, accounts-daemon, xdg-desktop-portal, and mpris-proxy — none of which are needed on a dedicated spool reader. User-level services (pipewire, portals) are now masked via `systemctl --user` since system-level disable doesn't catch them.
 - **SpoolBuddy AMS Slot Action Picker** — Clicking an AMS slot on the SpoolBuddy AMS page now shows a picker with contextual actions: Configure AMS Slot (set filament preset, K-profile, color), and either Assign Spool / Link to Spoolman (when no spool is mapped) or Unassign / Unlink (when one is). Works with both internal inventory and Spoolman. Previously the slot click went straight to the configure modal with no way to manage spool assignments.
 - **Unassign Button in Edit Spool Modal** — The edit spool modal now has an "Unassign" button next to "Delete Tag" that removes the spool's AMS slot assignment, clearing the location column in the inventory table.
 - **SpoolBuddy Settings Device Tab No Longer Scrolls** — Removed the branding card, folded Device ID into the Device Info card, placed Backend/Auth config and diagnostic buttons side by side in a 2-column layout, removed the redundant online/offline status row from Device Info, and tightened spacing throughout. The Device tab now fits on the small SpoolBuddy touchscreen without scrolling.

spoolbuddy/install/install.sh

@@ -805,6 +805,29 @@ strip_services() {
         man-db.timer
         e2scrub_all.timer
         e2scrub_reap.service
+        # Audio stack (no speakers on a spool reader)
+        pipewire.service
+        pipewire.socket
+        pipewire-pulse.service
+        pipewire-pulse.socket
+        wireplumber.service
+        # Printing
+        cups.service
+        cups.socket
+        cups-browsed.service
+        # Desktop services
+        accounts-daemon.service
+        upower.service
+        polkit.service
+        # Flatpak portals (not using Flatpak)
+        xdg-desktop-portal.service
+        xdg-desktop-portal-gtk.service
+        xdg-document-portal.service
+        # NFS/RPC (unnecessary + security surface)
+        rpcbind.service
+        rpcbind.socket
+        # Bluetooth media proxy
+        mpris-proxy.service
     )
 
     local disabled=0
@@ -820,6 +843,34 @@ strip_services() {
     else
         success "No unnecessary services to disable"
     fi
+
+    # Disable user-level services (audio stack, portals, mpris-proxy)
+    # These run under the kiosk user and aren't caught by system-level disable
+    local kiosk_user="${SUDO_USER:-$(logname 2>/dev/null || echo pi)}"
+    if id "$kiosk_user" &>/dev/null; then
+        local user_services=(
+            pipewire.service
+            pipewire.socket
+            pipewire-pulse.service
+            pipewire-pulse.socket
+            wireplumber.service
+            xdg-desktop-portal.service
+            xdg-desktop-portal-gtk.service
+            xdg-document-portal.service
+            mpris-proxy.service
+        )
+        local user_disabled=0
+        for svc in "${user_services[@]}"; do
+            if su -l "$kiosk_user" -c "systemctl --user is-enabled $svc" &>/dev/null; then
+                su -l "$kiosk_user" -c "systemctl --user disable $svc" 2>/dev/null || true
+                su -l "$kiosk_user" -c "systemctl --user mask $svc" 2>/dev/null || true
+                (( ++user_disabled ))
+            fi
+        done
+        if (( user_disabled > 0 )); then
+            success "Disabled $user_disabled unnecessary user services for $kiosk_user"
+        fi
+    fi
 }
 
 strip_packages() {
@@ -835,6 +886,15 @@ strip_packages() {
         avahi-daemon
         modemmanager
         udisks2
+        pipewire
+        pipewire-pulse
+        wireplumber
+        cups
+        cups-browsed
+        cups-common
+        cups-client
+        rpcbind
+        upower
     )
 
     local to_remove=()
@@ -1084,6 +1144,11 @@ exec chromium --kiosk --no-first-run --disable-infobars \
     --noerrdialogs --disable-component-update \
     --overscroll-history-navigation=0 \
     --ozone-platform=wayland \
+    --disable-gpu-rasterization \
+    --disable-smooth-scrolling \
+    --enable-low-end-device-mode \
+    --disable-background-networking \
+    --disable-dev-shm-usage \
     "\$kiosk_url"
 EOF