First commit

base.sh

@@ -0,0 +1,204 @@
+## Dockerfile
+cat >Dockerfile <<- 'Dockerfile'
+# syntax = docker/dockerfile:1.2
+FROM quay.io/archlinux/archlinux:base-devel
+USER root
+
+# Docker ENV variables
+# # Required
+# ENV MYVNC_VNCPASS
+# # Optional
+# ENV MYVNC_CUSTOM_TITLE
+# ENV MYVNC_PROXYPATH       (eg, "/subpath/" or "/subpath")
+# ENV MYVNC_VNCSHARING      (eg, "true" to allow sharing (defaults to "false"))
+# ENV MYVNC_VNCSERVER_HOST  (eg, localhost or 192.168.1.1)
+# ENV MYVNC_VNCSERVER_PORT  (eg, 5900)
+
+# Build ARG for additional pacman packages to install (eg, openssh)
+ARG pkg
+
+# Install packages
+COPY mirrorlist /etc/pacman.d/mirrorlist
+RUN pacman-key --init \
+    && sed -i '/ParallelDownloads/c ParallelDownloads = 10' /etc/pacman.conf \
+    && pacman -Sy --ask 4 archlinux-keyring \
+    && pacman -Su --ask 4 --needed \
+        sudo ${pkg} \
+        inetutils python-numpy python-setuptools \
+        nginx-mainline \
+    && pacman -Scc --ask 4 \
+    && useradd --create-home --gid users --shell /usr/bin/bash user \
+    && echo 'user ALL=(ALL:ALL) NOPASSWD: MISCELLANEOUS, /usr/bin/nginx' >/etc/sudoers.d/zz-DOCKER \
+    && echo 'Defaults lecture = never' >>/etc/sudoers.d/zz-DOCKER \
+    && passwd -l root >/dev/null 2>&1 \
+    && sed '/^http {/a\ \
+   include /app/nginx/\*.conf;\n\ \
+   types_hash_max_size 4096;\n\ \
+   server_names_hash_bucket_size 128;\n' -i /etc/nginx/nginx.conf \
+    && mkdir -p /app/init.d /app/nginx /app/logs
+
+# Install noVNC
+COPY novnc /app/novnc
+
+# Install all init scripts
+COPY docker-entrypoint.sh /docker-entrypoint.sh
+COPY 01-init.sh 10-novnc.sh 10-nginx.sh /app/init.d/
+
+# Proper permissions
+RUN chmod +x /docker-entrypoint.sh /app/init.d/* \
+    && chown -R user:users /app
+
+# Default environment
+USER user
+WORKDIR /home/user
+ENV DISPLAY :0
+ENV SHELL /usr/bin/bash
+
+# Expose nginx port for VNC webui
+EXPOSE 6900
+
+# Docker entrypoint
+ENTRYPOINT ["/docker-entrypoint.sh"]
+Dockerfile
+
+## Init script, always runs first
+cat >01-init.sh <<- '01-init.sh'
+#!/usr/bin/env bash
+# Create base directories
+for dir in vnc config ssh
+do
+    [ -d ~/.${dir} ] || mkdir -p ~/.${dir}
+done
+
+## OPTIONAL: More commands may be added below
+
+01-init.sh
+
+## NoVNC setup
+cat >10-novnc.sh <<- '10-novnc.sh'
+#!/usr/bin/env bash
+# Turn vnc sharing on/off
+if [[ ${MYVNC_VNCSHARING} == "true" ]] || [[ ${MYVNC_VNCSHARING} == "1" ]]
+then
+    _MYVNC_VNCSHARING=true
+else
+    _MYVNC_VNCSHARING=false
+fi
+
+# Always default to remote scaling
+sed -i "/UI.initSetting\|resize/ s/resize', '.*');/resize', 'scale');/" /app/novnc/app/ui.js
+
+# Always default to autoconnect=true
+sed -i "/let autoconnect/ s/autoconnect', .*);/autoconnect', true);/" /app/novnc/app/ui.js
+
+# Change vnc shared view settings (defaults to false/off)
+sed -i "/UI.initSetting\|shared/ s/shared', .*);/shared', ${_MYVNC_VNCSHARING});/" /app/novnc/app/ui.js
+
+# NoVNC custom title
+sed -i "/<title>noVNC<\/title>/ s/noVNC/${MYVNC_CUSTOM_TITLE:-noVNC}/g" /app/novnc/*.html
+
+# Apply subpath to websocket
+if [[ ${MYVNC_PROXYPATH} == "/" ]]
+then
+    unset _MYVNC_PROXYPATH
+elif [ ${MYVNC_PROXYPATH} ]
+then
+    _MYVNC_PROXYPATH=$(echo ${MYVNC_PROXYPATH%/} | sed "s|^.*/||")
+    sed -i "/UI.initSetting/ s|websockify|${_MYVNC_PROXYPATH}/&|" /app/novnc/app/ui.js
+fi
+
+# Start NoVNC
+/app/novnc/utils/novnc_proxy \
+    --listen 6080 \
+    --vnc ${MYVNC_VNCSERVER_HOST:-localhost}:${MYVNC_VNCSERVER_PORT:-5900} \
+    --file-only &
+10-novnc.sh
+
+## Nginx setup
+cat >10-nginx.sh <<- '10-nginx.sh'
+#!/usr/bin/env bash
+# Reformat path
+if [[ ${MYVNC_PROXYPATH} == "/" ]]
+then
+    unset _MYVNC_PROXYPATH
+elif [ ${MYVNC_PROXYPATH} ]
+then
+    _MYVNC_PROXYPATH=$(echo ${MYVNC_PROXYPATH%/} | sed "s|^.*/||;s|^|/|")
+fi
+
+# Add novnc virtual proxy conf
+cat >/app/nginx/novnc.conf <<- novnc
+upstream vnc_proxy {
+    server 127.0.0.1:6080;
+}
+
+server {
+    listen 6900;
+
+    location ${_MYVNC_PROXYPATH}/websockify {
+        proxy_http_version 1.1;
+        proxy_pass http://vnc_proxy/;
+        proxy_set_header Upgrade \$http_upgrade;
+        proxy_set_header Connection "upgrade";
+
+        # VNC connection timeout
+        proxy_read_timeout 3600s;
+        proxy_send_timeout 3600s;
+
+        # Disable cache
+        proxy_buffering off;
+    }
+
+    location ${_MYVNC_PROXYPATH}/ {
+        index vnc.html;
+        alias /app/novnc/;
+        try_files \$uri \$uri/ /vnc.html;
+
+        # In the location block related to noVNC
+        add_header Cache-Control no-cache;
+    }
+}
+novnc
+
+# Start nginx
+sudo /usr/bin/nginx -g "daemon off;" &
+10-nginx.sh
+
+## Docker entrypoint
+cat >docker-entrypoint.sh <<- 'docker-entrypoint.sh'
+#!/usr/bin/env bash
+# Export all variables
+set -a
+
+# Abort if an error is encountered
+set -e
+
+# SSH config
+if [ -f ~/.ssh/id_ed25519 ]
+then
+    chmod 0600 ~/.ssh/id_ed25519
+fi
+
+# Run all scripts in init folder
+for file in /app/init.d/*.sh
+do
+    /usr/bin/bash -c ${file} >>/app/logs/$(echo ${file} | sed 's|/app/init.d/||;s|\.sh$||').log
+done
+
+# Read cli parameters
+exec ${@}
+
+# Monitor log
+tail -f /app/logs/*.log
+docker-entrypoint.sh
+
+## Fetch latest mirrorlist
+cat /etc/pacman.d/mirrorlist >mirrorlist
+
+## Docker build
+# eg, ARCHPKG=openssh
+# eg, BUILDTAG=base
+DOCKER_BUILDKIT=1 docker build ./. \
+    --build-arg pkg=${ARCHPKG:-""} \
+    --tag myvnc/${BUILDTAG:-base} \
+    && rm -f Dockerfile *.sh

firefox.sh

@@ -0,0 +1,95 @@
+## Dockerfile
+cat >Dockerfile <<- 'Dockerfile'
+# syntax = docker/dockerfile:1.2
+FROM myvnc/i3:base
+USER root
+
+# # ENV variables
+# ENV MYVNC_FIREFOX_URL   # optional
+# ENV MYVNC_FIREFOX_OPTS  # eg, --kiosk
+ 
+# Install packages
+RUN --mount=type=cache,sharing=locked,target=/var/cache/pacman \
+    pacman -Syu --ask 4 --needed \
+    firefox firefox-decentraleyes firefox-ublock-origin \
+    && pacman -Scc --ask 4
+
+# Tigervnc
+COPY 20-firefox.sh /app/init.d/
+RUN chmod +x /app/init.d/*
+
+# Reset user home directory
+USER user
+WORKDIR /home/user
+Dockerfile
+
+## Firefox setup
+cat >20-firefox.sh <<- 'entrypoint'
+#!/usr/bin/env bash
+# Create firefox profile directory
+mkdir -p /app/firefox
+
+# Firefox custom user.js
+cat >/app/firefox/user.js <<- 'firefox'
+// First run
+user_pref("app.normandy.first_run", false);
+user_pref("toolkit.telemetry.reportingpolicy.firstRun", false);
+user_pref("trailhead.firstrun.didSeeAboutWelcome", true);
+user_pref("browser.startup.homepage_override.mstone", "ignore");
+
+// Homepage
+// user_pref("browser.startup.page", 1);
+// user_pref("browser.startup.homepage", "https://myvelabs.app/");
+
+// Security/privacy section
+user_pref("app.shield.optoutstudies.enabled", false);
+user_pref("browser.contentblocking.category", "standard");
+user_pref("datareporting.healthreport.uploadEnabled", false);
+user_pref("extensions.pocket.enabled", false);
+user_pref("dom.private-attribution.submission.enabled", false);
+user_pref("network.trr.mode", 5);
+
+// Disable sponsored content on Firefox Home (Activity Stream)
+user_pref("browser.newtabpage.activity-stream.showSearch", false);
+user_pref("browser.newtabpage.activity-stream.showSponsored", false);
+user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false);
+user_pref("browser.newtabpage.activity-stream.default.sites", "");
+user_pref("browser.newtabpage.activity-stream.topSitesRows", 4);
+
+// Disable about:config warning
+user_pref("browser.aboutConfig.showWarning", false);
+
+// Disable url autocomplete
+user_pref("browser.search.suggest.enabled", false);
+user_pref("browser.urlbar.suggest.recentsearches", false);
+user_pref("browser.urlbar.suggest.searches", false);
+
+// Closing firefox properties
+user_pref("browser.warnOnQuitShortcut", false);
+user_pref("browser.tabs.closeWindowWithLastTab", false);
+
+// Disable autohide toolbar on fullscreen
+user_pref("browser.fullscreen.autohide", false);
+firefox
+
+# # i3/firefox config
+# cat >~/.config/i3/config.d/firefox.conf <<- 'firefox'
+# # Maximize
+# for_window [class="firefox"] fullscreen enable
+# firefox
+
+# i3/firefox startup
+install /dev/stdin ~/.config/i3/startapp.sh <<- startup
+#!/usr/bin/env bash
+# Run firefox
+while true
+do
+    /usr/bin/firefox --profile /app/firefox ${MYVNC_FIREFOX_OPTS} --new-window ${MYVNC_FIREFOX_URL}
+done
+startup
+entrypoint
+
+## Docker build
+DOCKER_BUILDKIT=1 docker build ./. \
+    --tag myvnc/firefox \
+    && rm -f Dockerfile *.sh

i3:base.sh

@@ -0,0 +1,117 @@
+## Dockerfile
+cat >Dockerfile <<- 'Dockerfile'
+# syntax = docker/dockerfile:1.2
+FROM myvnc/base
+USER root
+
+# X session environment variable
+ENV STARTXBIN i3
+
+# Install packages
+RUN --mount=type=cache,sharing=locked,target=/var/cache/pacman \
+    pacman -Syu --ask 4 --needed \
+    tigervnc \
+    i3-wm ttf-dejavu \
+    && pacman -Scc --ask 4
+
+# i3
+COPY 10-tigervnc.sh 90-tigervnc.sh /app/init.d/
+RUN chmod +x /app/init.d/*
+
+# Reset user home directory
+USER user
+WORKDIR /home/user
+Dockerfile
+
+## i3/tigervnc Setup
+cat >10-tigervnc.sh <<- '10-tigervnc.sh'
+#!/usr/bin/env bash
+# Check for MYVNC_VNCPASS variable
+if [ -z ${MYVNC_VNCPASS} ]
+then
+    echo "MYVNC_VNCPASS env variable is missing"
+    exit 1
+fi
+
+# Configure tigervnc auth
+if [ ! -f ~/.vnc/passwd ]
+then
+    echo "${MYVNC_VNCPASS}" | vncpasswd -f >~/.vnc/passwd
+    chmod 0600 ~/.vnc/passwd
+fi
+
+# Remove VNCPASS env
+unset MYVNC_VNCPASS
+
+# VNC xstartup
+install /dev/stdin ~/.vnc/xstartup <<- xstartup
+#!/usr/bin/env bash
+unset SESSION_MANAGER
+unset DBUS_SESSION_BUS_ADDRESS
+exec ${STARTXBIN}
+xstartup
+
+# Turn vnc sharing on/off
+if [[ ${MYVNC_VNCSHARING} == "true" ]] || [[ ${MYVNC_VNCSHARING} == "1" ]]
+then
+    _MYVNC_VNCSHARING=alwaysshared
+else
+    _MYVNC_VNCSHARING=nevershared
+fi
+
+# VNC config
+cat >~/.vnc/config <<- vncconfig
+session=i3
+geometry=1920x1080
+framerate=60
+depth=32
+${_MYVNC_VNCSHARING}
+vncconfig
+
+# i3 preferences
+mkdir -p ~/.config/i3/config.d
+cat >~/.config/i3/config <<- 'i3config'
+# Font
+font pango:DejaVu Sans Mono 8
+
+# Include custom config
+include ~/.config/i3/config.d/*.conf
+
+# Binds for killing application
+bindsym Mod1+Mod4+Shift+q kill
+bindsym Mod1+Mod4+Shift+f fullscreen toggle
+
+# Binds for cycling workspaces
+bindsym Mod1+Mod4+Shift+Right workspace next
+bindsym Mod1+Mod4+Shift+Left workspace prev
+
+# Locked mode
+mode locked {
+    bindsym Mod4+Mod1+Escape mode default
+}
+bindsym Mod4+Mod1+Escape mode locked
+
+# Hide bar permanently
+exec --no-startup-id i3-msg bar mode invisible
+
+# Always open window in fullscreen
+for_window [all] fullscreen enable
+for_window [all] border none
+default_border none
+
+# Execute startup script for webapp
+exec --no-startup-id /usr/bin/bash ~/.config/i3/startapp.sh
+i3config
+10-tigervnc.sh
+
+## TigerVNC launch script
+cat >90-tigervnc.sh <<- '90-tigervnc.sh'
+#!/usr/bin/env bash
+# Launch Tigervnc
+/usr/bin/dbus-launch vncserver :0 &
+90-tigervnc.sh
+
+## Docker build
+DOCKER_BUILDKIT=1 docker build ./. \
+    --tag myvnc/i3:base \
+    && rm -f Dockerfile *.sh

kdeplasma.sh

@@ -0,0 +1,68 @@
+## Dockerfile
+cat >Dockerfile <<- 'Dockerfile'
+# syntax = docker/dockerfile:1.2
+FROM myvnc/base
+USER root
+
+# X session environment variable
+ENV STARTXBIN startplasma-x11
+
+# Install packages
+RUN --mount=type=cache,sharing=locked,target=/var/cache/pacman \
+    pacman -Syu --ask 4 --needed \
+    cuda openssh vim pacman-contrib bash-completion rsync git \
+    plasma konsole kate dolphin kompare kcalc \
+    jack2 ttf-dejavu \
+    firefox firefox-decentraleyes firefox-ublock-origin \
+    torbrowser-launcher \
+    shotwell ffmpegthumbs ark okular \
+    remmina libvncserver \
+    && pacman -Scc --ask 4 \
+    && echo 'Cmnd_Alias MISCELLANEOUS =   /usr/bin/pacman -S' >/etc/sudoers.d/01-MISCELLANEOUS
+
+# configure nvidia container runtime
+# https://github.com/NVIDIA/nvidia-container-runtime#environment-variables-oci-spec
+ENV NVIDIA_VISIBLE_DEVICES all
+ENV NVIDIA_DRIVER_CAPABILITIES compute,utility
+
+# Tigervnc
+COPY 20-archvnc.sh /app/init.d/20-archvnc.sh
+RUN chmod +x /app/init.d/*
+
+# Reset user home directory
+USER user
+WORKDIR /home/user
+Dockerfile
+
+# KDE setup
+cat >20-archvnc.sh <<- 'entrypoint'
+#!/usr/bin/env bash
+# Disable KDE screenlock
+cat >~/.config/kscreenlockerrc <<- 'kscreenlockerrc'
+[Daemon]
+Autolock=false
+LockOnResume=false
+Timeout=0
+kscreenlockerrc
+
+# VNC config
+cat >~/.vnc/config <<- vncconfig
+session=plasmax11
+dpi=192
+geometry=1920x1080
+framerate=60
+depth=32
+${_MYVNC_VNCSHARING}
+vncconfig
+
+# SSH config
+if [ -f ~/.ssh/id_ed25519 ]
+then
+    chmod 0600 ~/.ssh/id_ed25519
+fi
+entrypoint
+
+## Docker build
+DOCKER_BUILDKIT=1 docker build ./. \
+    --tag myvnc/kde \
+    && rm -f Dockerfile *.sh

remmina.sh

@@ -0,0 +1,49 @@
+## Dockerfile
+cat >Dockerfile <<- 'Dockerfile'
+# syntax = docker/dockerfile:1.2
+FROM myvnc/i3:base
+USER root
+
+# install packages
+RUN --mount=type=cache,sharing=locked,target=/var/cache/pacman \
+    pacman -Syu --ask 4 --needed \
+    remmina libvncserver terminator openssh \
+    && pacman -Scc --ask 4
+
+# Tigervnc
+COPY 20-remmina.sh /app/init.d/
+RUN chmod +x /app/init.d/*
+
+# Reset user home directory
+USER user
+WORKDIR /home/user
+Dockerfile
+
+## Remmina setup
+cat >20-remmina.sh <<- '20-remmina.sh'
+#!/usr/bin/env bash
+# Remmina config
+cat >~/.config/i3/config.d/remmina.conf <<- 'remmina.conf'
+# Open terminal
+exec --no-startup-id i3-msg 'workspace "2"; exec /usr/bin/terminator'
+
+# Maximize
+for_window [class="remmina"] move container to workspace "1"
+for_window [class="terminator"] move container to workspace "2"
+remmina.conf
+
+# Remmina startup
+install /dev/stdin ~/.config/i3/startapp.sh <<- startapp.sh
+#!/usr/bin/env bash
+# Run remmina
+while true
+do
+    /usr/bin/remmina
+done
+startapp.sh
+20-remmina.sh
+
+## Docker build
+DOCKER_BUILDKIT=1 docker build ./. \
+    --tag myvnc/remmina \
+    && rm -f Dockerfile *.sh