diff --git a/home/.chezmoiscripts/universal/run_onchange_after_16-vnc.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_after_16-vnc.sh.tmpl index 2b27f984..2f436ac4 100644 --- a/home/.chezmoiscripts/universal/run_onchange_after_16-vnc.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_onchange_after_16-vnc.sh.tmpl @@ -29,17 +29,30 @@ if [ -d /Applications ] && [ -d /System ]; then else # System is Linux ### VNC set-up / configuration - if command -v vncpasswd > /dev/null; then - # TigerVNC (or alternative VNC program) is installed - logg info 'Copying VNC configuration files from ~/.config/vnc/etc to /' - sudo cp -Rf "${XDG_CONFIG_HOME:-$HOME/.config}/vnc/etc" / + # KasmVNC / TigerVNC (or alternative VNC program) is installed + # if command -v kasmvncpasswd > /dev/null; then + # logg info 'Copying VNC configuration files from ~/.config/vnc/etc/kasmvnc/ to /etc/' + # sudo cp -Rf "${XDG_CONFIG_HOME:-$HOME/.config}/vnc/etc/kasmvnc/" /etc/ + # logg info 'Adding VNC full-control password to ~/.config/vnc/kasmpasswd' + # echo -e "{{- if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "VNC_PASSWORD")) }}{{ includeTemplate "secrets/VNC_PASSWORD" | decrypt | trim }}{{ else }}{{ default "vncpass" (env "VNC_PASSWORD") }}{{ end }}\n{{- if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "VNC_PASSWORD")) }}{{ includeTemplate "secrets/VNC_PASSWORD" | decrypt | trim }}{{ else }}{{ default "vncpass" (env "VNC_PASSWORD") }}{{ end }}" | kasmvncpasswd -u {{ .user.name }} -rwo + # logg info 'Adding VNC read-only password to ~/.config/vnc/kasmpasswd for user `readonly`' + # echo -e "{{- if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "VNC_READ_PASSWORD")) }}{{ includeTemplate "secrets/VNC_READ_PASSWORD" | decrypt | trim }}{{ else }}{{ default "readonly" (env "VNC_READ_PASSWORD") }}{{ end }}\n{{- if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "VNC_READ_PASSWORD")) }}{{ includeTemplate "secrets/VNC_READ_PASSWORD" | decrypt | trim }}{{ else }}{{ default "readonly" (env "VNC_READ_PASSWORD") }}{{ end }}" | kasmvncpasswd -u guest -r + # logg info 'Reloading the systemctl configuration files since a new one for VNC may have been added' + # sudo systemctl daemon-reload + # logg info 'Enabling / starting the VNC service for the current user / display 1' + # sudo systemctl start vncserver@1 + # sudo systemctl enable vncserver@1 + # fi + if command -v tigervncpasswd > /dev/null; then if [ ! -d "${XDG_CONFIG_HOME:-$HOME/.config}/vnc" ]; then mkdir -p "${XDG_CONFIG_HOME:-$HOME/.config}/vnc" fi + logg info 'Copying VNC configuration files from ~/.config/vnc/etc/tigervnc/ to /etc/' + sudo cp -Rf "${XDG_CONFIG_HOME:-$HOME/.config}/vnc/etc/tigervnc/" /etc/ logg info 'Adding VNC full-control password to ~/.config/vnc/passwd' - echo -n "{{- if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "VNC_PASSWORD")) }}{{ includeTemplate "secrets/VNC_PASSWORD" | decrypt | trim }}{{ else }}{{ default "vncpass" (env "VNC_PASSWORD") }}{{ end }}" | vncpasswd -f > "${XDG_CONFIG_HOME:-$HOME/.config}/vnc/passwd" + echo -n "{{- if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "VNC_PASSWORD")) }}{{ includeTemplate "secrets/VNC_PASSWORD" | decrypt | trim }}{{ else }}{{ default "vncpass" (env "VNC_PASSWORD") }}{{ end }}" | tigervncpasswd -f > "${XDG_CONFIG_HOME:-$HOME/.config}/vnc/passwd" logg info 'Adding VNC read-only password to ~/.config/vnc/passwd' - echo -n "{{- if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "VNC_READ_PASSWORD")) }}{{ includeTemplate "secrets/VNC_READ_PASSWORD" | decrypt | trim }}{{ else }}{{ default "readonly" (env "VNC_READ_PASSWORD") }}{{ end }}" | vncpasswd -f >> "${XDG_CONFIG_HOME:-$HOME/.config}/vnc/passwd" + echo -n "{{- if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "VNC_READ_PASSWORD")) }}{{ includeTemplate "secrets/VNC_READ_PASSWORD" | decrypt | trim }}{{ else }}{{ default "readonly" (env "VNC_READ_PASSWORD") }}{{ end }}" | tigervncpasswd -f >> "${XDG_CONFIG_HOME:-$HOME/.config}/vnc/passwd" logg info 'Reloading the systemctl configuration files since a new one for VNC may have been added' sudo systemctl daemon-reload logg info 'Enabling / starting the VNC service for the current user / display 1' diff --git a/home/.chezmoiscripts/universal/run_onchange_after_82-kasm-workspaces.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_after_82-kasm-workspaces.sh.tmpl new file mode 100644 index 00000000..1be4154f --- /dev/null +++ b/home/.chezmoiscripts/universal/run_onchange_after_82-kasm-workspaces.sh.tmpl @@ -0,0 +1,12 @@ +{{- if (and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "DIGITALOCEAN_ACCESS_TOKEN")) (env "DIGITALOCEAN_ACCESS_TOKEN")) -}} +#!/usr/bin/env bash +# @file Kasm Workspaces +# @brief Connects to DigitalOcean Kubernetes cluster +# @description +# This script runs when `DIGITALOCEAN_ACCESS_TOKEN` is defined as an environment variable or as an encrypted key (see +# [Secrets documentation](https://install.doctor/docs/customization/secrets#encrypted-secrets)). If the check passes, +# then the script ensures the DigitalOcean CLI is installed (i.e. `doctl`). Then, it uses `doctl` to connect to the Kubernetes +# cluster defined by the the configuration stored under `.user.digitalOceanClusterId` in `home/.chezmoi.yaml.tmpl`. + +{{ includeTemplate "universal/profile" }} +{{ includeTemplate "universal/logg" }} \ No newline at end of file diff --git a/home/dot_config/vnc/etc/kasmvnc/kasmvnc.yaml b/home/dot_config/vnc/etc/kasmvnc/kasmvnc.yaml new file mode 100644 index 00000000..d87ea64e --- /dev/null +++ b/home/dot_config/vnc/etc/kasmvnc/kasmvnc.yaml @@ -0,0 +1,143 @@ +--- +desktop: + resolution: + width: 1024 + height: 768 +# allow_resize: true +# pixel_depth: 24 +# gpu: +# hw3d: false +# drinode: /dev/dri/renderD128 + +# network: +# protocol: httpecho -e "test123\ntest123" | kasmvncpasswd -u user -rwo +# interface: 0.0.0.0 +# websocket_port: auto +# use_ipv4: true +# use_ipv6: true +# udp: +# public_ip: auto +# port: auto +# stun_server: auto +# ssl: +# pem_certificate: /etc/ssl/certs/ssl-cert-snakeoil.pem +# pem_key: /etc/ssl/private/ssl-cert-snakeoil.key +# require_ssl: true + +# user_session: +# # session_type: shared +# new_session_disconnects_existing_exclusive_session: false +# concurrent_connections_prompt: false +# concurrent_connections_prompt_timeout: 10 +# idle_timeout: never + +# keyboard: +# remap_keys: +# # - 0x22->0x40 +# ignore_numlock: false +# raw_keyboard: false + +# Mouse, trackpad, etc. +# pointer: +# enabled: true + +# runtime_configuration: +# allow_client_to_override_kasm_server_settings: true +# allow_override_standard_vnc_server_settings: true +# allow_override_list: +# - pointer.enabled +# - data_loss_prevention.clipboard.server_to_client.enabled +# - data_loss_prevention.clipboard.client_to_server.enabled +# - data_loss_prevention.clipboard.server_to_client.primary_clipboard_enabled + +# logging: +# log_writer_name: all +# log_dest: logfile +# # 0 - minimal verbosity, 100 - most verbose +# level: 30 + +# security: +# brute_force_protection: +# blacklist_threshold: 5 +# blacklist_timeout: 10 + +# data_loss_prevention: +# visible_region: +# # top: 10 +# # left: 10 +# # right: 40 +# # bottom: 40 +# concealed_region: +# allow_click_down: false +# allow_click_release: false +# clipboard: +# delay_between_operations: none +# allow_mimetypes: +# - chromium/x-web-custom-data +# - text/html +# - image/png +# # Add to docs: Cut buffers and CLIPBOARD selection. +# server_to_client: +# enabled: true +# size: unlimited +# primary_clipboard_enabled: false +# client_to_server: +# enabled: true +# size: unlimited +# keyboard: +# enabled: true +# rate_limit: unlimited +# watermark: +# # image: /etc/kasmvnc/picture.png +# # location: 10,10 +# # tint: 255,20,20,128 +# # repeat_spacing: 10 +# logging: +# # "verbose" SETTING LOGS YOUR PRIVATE INFORMATION. Keypresses and clipboard content +# level: off + +# encoding: +# max_frame_rate: 60 +# full_frame_updates: none +# rect_encoding_mode: +# min_quality: 7 +# max_quality: 8 +# consider_lossless_quality: 10 +# rectangle_compress_threads: auto + +# video_encoding_mode: +# jpeg_quality: -1 +# webp_quality: -1 +# max_resolution: +# width: 1920 +# height: 1080 +# enter_video_encoding_mode: +# time_threshold: 5 +# area_threshold: 45% +# exit_video_encoding_mode: +# time_threshold: 3 +# logging: +# level: off +# scaling_algorithm: progressive_bilinear + +# compare_framebuffer: auto +# zrle_zlib_level: auto +# hextile_improved_compression: true + +server: +# http: +# headers: +# - Cross-Origin-Embedder-Policy=require-corp +# - Cross-Origin-Opener-Policy=same-origin +# httpd_directory: /usr/share/kasmvnc/www + advanced: +# x_font_path: auto + kasm_password_file: ${HOME}/.config/vnc/kasmpasswd +# x_authority_file: auto +# auto_shutdown: +# no_user_session_timeout: never +# active_user_session_timeout: never +# inactive_user_session_timeout: never + +# command_line: +# prompt: true \ No newline at end of file diff --git a/software.yml b/software.yml index 36217740..362b17cb 100644 --- a/software.yml +++ b/software.yml @@ -7174,6 +7174,9 @@ softwarePackages: pacman: xrdp zypper: xrdp yay: xrdp + kasmvnc: + _bin: + dnf: https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm responsively: _bin: null _desc: A modified web browser that helps in responsive web development