From 4eb27ad49f3aa78d2a5611e520c4eb87775809f3 Mon Sep 17 00:00:00 2001 From: Myve Date: Tue, 16 Jul 2024 18:33:38 +0000 Subject: [PATCH] First commit --- base.sh | 204 +++++++++++++++++++++++++++++++++++++++++++++++++++ firefox.sh | 95 ++++++++++++++++++++++++ i3:base.sh | 117 +++++++++++++++++++++++++++++ kdeplasma.sh | 68 +++++++++++++++++ remmina.sh | 49 +++++++++++++ 5 files changed, 533 insertions(+) create mode 100644 base.sh create mode 100644 firefox.sh create mode 100644 i3:base.sh create mode 100644 kdeplasma.sh create mode 100644 remmina.sh diff --git a/base.sh b/base.sh new file mode 100644 index 0000000..949c2a6 --- /dev/null +++ b/base.sh @@ -0,0 +1,204 @@ +## Dockerfile +cat >Dockerfile <<- 'Dockerfile' +# syntax = docker/dockerfile:1.2 +FROM quay.io/archlinux/archlinux:base-devel +USER root + +# Docker ENV variables +# # Required +# ENV MYVNC_VNCPASS +# # Optional +# ENV MYVNC_CUSTOM_TITLE +# ENV MYVNC_PROXYPATH (eg, "/subpath/" or "/subpath") +# ENV MYVNC_VNCSHARING (eg, "true" to allow sharing (defaults to "false")) +# ENV MYVNC_VNCSERVER_HOST (eg, localhost or 192.168.1.1) +# ENV MYVNC_VNCSERVER_PORT (eg, 5900) + +# Build ARG for additional pacman packages to install (eg, openssh) +ARG pkg + +# Install packages +COPY mirrorlist /etc/pacman.d/mirrorlist +RUN pacman-key --init \ + && sed -i '/ParallelDownloads/c ParallelDownloads = 10' /etc/pacman.conf \ + && pacman -Sy --ask 4 archlinux-keyring \ + && pacman -Su --ask 4 --needed \ + sudo ${pkg} \ + inetutils python-numpy python-setuptools \ + nginx-mainline \ + && pacman -Scc --ask 4 \ + && useradd --create-home --gid users --shell /usr/bin/bash user \ + && echo 'user ALL=(ALL:ALL) NOPASSWD: MISCELLANEOUS, /usr/bin/nginx' >/etc/sudoers.d/zz-DOCKER \ + && echo 'Defaults lecture = never' >>/etc/sudoers.d/zz-DOCKER \ + && passwd -l root >/dev/null 2>&1 \ + && sed '/^http {/a\ \ + include /app/nginx/\*.conf;\n\ \ + types_hash_max_size 4096;\n\ \ + server_names_hash_bucket_size 128;\n' -i /etc/nginx/nginx.conf \ + && mkdir -p /app/init.d /app/nginx /app/logs + +# Install noVNC +COPY novnc /app/novnc + +# Install all init scripts +COPY docker-entrypoint.sh /docker-entrypoint.sh +COPY 01-init.sh 10-novnc.sh 10-nginx.sh /app/init.d/ + +# Proper permissions +RUN chmod +x /docker-entrypoint.sh /app/init.d/* \ + && chown -R user:users /app + +# Default environment +USER user +WORKDIR /home/user +ENV DISPLAY :0 +ENV SHELL /usr/bin/bash + +# Expose nginx port for VNC webui +EXPOSE 6900 + +# Docker entrypoint +ENTRYPOINT ["/docker-entrypoint.sh"] +Dockerfile + +## Init script, always runs first +cat >01-init.sh <<- '01-init.sh' +#!/usr/bin/env bash +# Create base directories +for dir in vnc config ssh +do + [ -d ~/.${dir} ] || mkdir -p ~/.${dir} +done + +## OPTIONAL: More commands may be added below + +01-init.sh + +## NoVNC setup +cat >10-novnc.sh <<- '10-novnc.sh' +#!/usr/bin/env bash +# Turn vnc sharing on/off +if [[ ${MYVNC_VNCSHARING} == "true" ]] || [[ ${MYVNC_VNCSHARING} == "1" ]] +then + _MYVNC_VNCSHARING=true +else + _MYVNC_VNCSHARING=false +fi + +# Always default to remote scaling +sed -i "/UI.initSetting\|resize/ s/resize', '.*');/resize', 'scale');/" /app/novnc/app/ui.js + +# Always default to autoconnect=true +sed -i "/let autoconnect/ s/autoconnect', .*);/autoconnect', true);/" /app/novnc/app/ui.js + +# Change vnc shared view settings (defaults to false/off) +sed -i "/UI.initSetting\|shared/ s/shared', .*);/shared', ${_MYVNC_VNCSHARING});/" /app/novnc/app/ui.js + +# NoVNC custom title +sed -i "/noVNC<\/title>/ s/noVNC/${MYVNC_CUSTOM_TITLE:-noVNC}/g" /app/novnc/*.html + +# Apply subpath to websocket +if [[ ${MYVNC_PROXYPATH} == "/" ]] +then + unset _MYVNC_PROXYPATH +elif [ ${MYVNC_PROXYPATH} ] +then + _MYVNC_PROXYPATH=$(echo ${MYVNC_PROXYPATH%/} | sed "s|^.*/||") + sed -i "/UI.initSetting/ s|websockify|${_MYVNC_PROXYPATH}/&|" /app/novnc/app/ui.js +fi + +# Start NoVNC +/app/novnc/utils/novnc_proxy \ + --listen 6080 \ + --vnc ${MYVNC_VNCSERVER_HOST:-localhost}:${MYVNC_VNCSERVER_PORT:-5900} \ + --file-only & +10-novnc.sh + +## Nginx setup +cat >10-nginx.sh <<- '10-nginx.sh' +#!/usr/bin/env bash +# Reformat path +if [[ ${MYVNC_PROXYPATH} == "/" ]] +then + unset _MYVNC_PROXYPATH +elif [ ${MYVNC_PROXYPATH} ] +then + _MYVNC_PROXYPATH=$(echo ${MYVNC_PROXYPATH%/} | sed "s|^.*/||;s|^|/|") +fi + +# Add novnc virtual proxy conf +cat >/app/nginx/novnc.conf <<- novnc +upstream vnc_proxy { + server 127.0.0.1:6080; +} + +server { + listen 6900; + + location ${_MYVNC_PROXYPATH}/websockify { + proxy_http_version 1.1; + proxy_pass http://vnc_proxy/; + proxy_set_header Upgrade \$http_upgrade; + proxy_set_header Connection "upgrade"; + + # VNC connection timeout + proxy_read_timeout 3600s; + proxy_send_timeout 3600s; + + # Disable cache + proxy_buffering off; + } + + location ${_MYVNC_PROXYPATH}/ { + index vnc.html; + alias /app/novnc/; + try_files \$uri \$uri/ /vnc.html; + + # In the location block related to noVNC + add_header Cache-Control no-cache; + } +} +novnc + +# Start nginx +sudo /usr/bin/nginx -g "daemon off;" & +10-nginx.sh + +## Docker entrypoint +cat >docker-entrypoint.sh <<- 'docker-entrypoint.sh' +#!/usr/bin/env bash +# Export all variables +set -a + +# Abort if an error is encountered +set -e + +# SSH config +if [ -f ~/.ssh/id_ed25519 ] +then + chmod 0600 ~/.ssh/id_ed25519 +fi + +# Run all scripts in init folder +for file in /app/init.d/*.sh +do + /usr/bin/bash -c ${file} >>/app/logs/$(echo ${file} | sed 's|/app/init.d/||;s|\.sh$||').log +done + +# Read cli parameters +exec ${@} + +# Monitor log +tail -f /app/logs/*.log +docker-entrypoint.sh + +## Fetch latest mirrorlist +cat /etc/pacman.d/mirrorlist >mirrorlist + +## Docker build +# eg, ARCHPKG=openssh +# eg, BUILDTAG=base +DOCKER_BUILDKIT=1 docker build ./. \ + --build-arg pkg=${ARCHPKG:-""} \ + --tag myvnc/${BUILDTAG:-base} \ + && rm -f Dockerfile *.sh \ No newline at end of file diff --git a/firefox.sh b/firefox.sh new file mode 100644 index 0000000..3d2b26c --- /dev/null +++ b/firefox.sh @@ -0,0 +1,95 @@ +## Dockerfile +cat >Dockerfile <<- 'Dockerfile' +# syntax = docker/dockerfile:1.2 +FROM myvnc/i3:base +USER root + +# # ENV variables +# ENV MYVNC_FIREFOX_URL # optional +# ENV MYVNC_FIREFOX_OPTS # eg, --kiosk + +# Install packages +RUN --mount=type=cache,sharing=locked,target=/var/cache/pacman \ + pacman -Syu --ask 4 --needed \ + firefox firefox-decentraleyes firefox-ublock-origin \ + && pacman -Scc --ask 4 + +# Tigervnc +COPY 20-firefox.sh /app/init.d/ +RUN chmod +x /app/init.d/* + +# Reset user home directory +USER user +WORKDIR /home/user +Dockerfile + +## Firefox setup +cat >20-firefox.sh <<- 'entrypoint' +#!/usr/bin/env bash +# Create firefox profile directory +mkdir -p /app/firefox + +# Firefox custom user.js +cat >/app/firefox/user.js <<- 'firefox' +// First run +user_pref("app.normandy.first_run", false); +user_pref("toolkit.telemetry.reportingpolicy.firstRun", false); +user_pref("trailhead.firstrun.didSeeAboutWelcome", true); +user_pref("browser.startup.homepage_override.mstone", "ignore"); + +// Homepage +// user_pref("browser.startup.page", 1); +// user_pref("browser.startup.homepage", "https://myvelabs.app/"); + +// Security/privacy section +user_pref("app.shield.optoutstudies.enabled", false); +user_pref("browser.contentblocking.category", "standard"); +user_pref("datareporting.healthreport.uploadEnabled", false); +user_pref("extensions.pocket.enabled", false); +user_pref("dom.private-attribution.submission.enabled", false); +user_pref("network.trr.mode", 5); + +// Disable sponsored content on Firefox Home (Activity Stream) +user_pref("browser.newtabpage.activity-stream.showSearch", false); +user_pref("browser.newtabpage.activity-stream.showSponsored", false); +user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); +user_pref("browser.newtabpage.activity-stream.default.sites", ""); +user_pref("browser.newtabpage.activity-stream.topSitesRows", 4); + +// Disable about:config warning +user_pref("browser.aboutConfig.showWarning", false); + +// Disable url autocomplete +user_pref("browser.search.suggest.enabled", false); +user_pref("browser.urlbar.suggest.recentsearches", false); +user_pref("browser.urlbar.suggest.searches", false); + +// Closing firefox properties +user_pref("browser.warnOnQuitShortcut", false); +user_pref("browser.tabs.closeWindowWithLastTab", false); + +// Disable autohide toolbar on fullscreen +user_pref("browser.fullscreen.autohide", false); +firefox + +# # i3/firefox config +# cat >~/.config/i3/config.d/firefox.conf <<- 'firefox' +# # Maximize +# for_window [class="firefox"] fullscreen enable +# firefox + +# i3/firefox startup +install /dev/stdin ~/.config/i3/startapp.sh <<- startup +#!/usr/bin/env bash +# Run firefox +while true +do + /usr/bin/firefox --profile /app/firefox ${MYVNC_FIREFOX_OPTS} --new-window ${MYVNC_FIREFOX_URL} +done +startup +entrypoint + +## Docker build +DOCKER_BUILDKIT=1 docker build ./. \ + --tag myvnc/firefox \ + && rm -f Dockerfile *.sh \ No newline at end of file diff --git a/i3:base.sh b/i3:base.sh new file mode 100644 index 0000000..ac0a37c --- /dev/null +++ b/i3:base.sh @@ -0,0 +1,117 @@ +## Dockerfile +cat >Dockerfile <<- 'Dockerfile' +# syntax = docker/dockerfile:1.2 +FROM myvnc/base +USER root + +# X session environment variable +ENV STARTXBIN i3 + +# Install packages +RUN --mount=type=cache,sharing=locked,target=/var/cache/pacman \ + pacman -Syu --ask 4 --needed \ + tigervnc \ + i3-wm ttf-dejavu \ + && pacman -Scc --ask 4 + +# i3 +COPY 10-tigervnc.sh 90-tigervnc.sh /app/init.d/ +RUN chmod +x /app/init.d/* + +# Reset user home directory +USER user +WORKDIR /home/user +Dockerfile + +## i3/tigervnc Setup +cat >10-tigervnc.sh <<- '10-tigervnc.sh' +#!/usr/bin/env bash +# Check for MYVNC_VNCPASS variable +if [ -z ${MYVNC_VNCPASS} ] +then + echo "MYVNC_VNCPASS env variable is missing" + exit 1 +fi + +# Configure tigervnc auth +if [ ! -f ~/.vnc/passwd ] +then + echo "${MYVNC_VNCPASS}" | vncpasswd -f >~/.vnc/passwd + chmod 0600 ~/.vnc/passwd +fi + +# Remove VNCPASS env +unset MYVNC_VNCPASS + +# VNC xstartup +install /dev/stdin ~/.vnc/xstartup <<- xstartup +#!/usr/bin/env bash +unset SESSION_MANAGER +unset DBUS_SESSION_BUS_ADDRESS +exec ${STARTXBIN} +xstartup + +# Turn vnc sharing on/off +if [[ ${MYVNC_VNCSHARING} == "true" ]] || [[ ${MYVNC_VNCSHARING} == "1" ]] +then + _MYVNC_VNCSHARING=alwaysshared +else + _MYVNC_VNCSHARING=nevershared +fi + +# VNC config +cat >~/.vnc/config <<- vncconfig +session=i3 +geometry=1920x1080 +framerate=60 +depth=32 +${_MYVNC_VNCSHARING} +vncconfig + +# i3 preferences +mkdir -p ~/.config/i3/config.d +cat >~/.config/i3/config <<- 'i3config' +# Font +font pango:DejaVu Sans Mono 8 + +# Include custom config +include ~/.config/i3/config.d/*.conf + +# Binds for killing application +bindsym Mod1+Mod4+Shift+q kill +bindsym Mod1+Mod4+Shift+f fullscreen toggle + +# Binds for cycling workspaces +bindsym Mod1+Mod4+Shift+Right workspace next +bindsym Mod1+Mod4+Shift+Left workspace prev + +# Locked mode +mode locked { + bindsym Mod4+Mod1+Escape mode default +} +bindsym Mod4+Mod1+Escape mode locked + +# Hide bar permanently +exec --no-startup-id i3-msg bar mode invisible + +# Always open window in fullscreen +for_window [all] fullscreen enable +for_window [all] border none +default_border none + +# Execute startup script for webapp +exec --no-startup-id /usr/bin/bash ~/.config/i3/startapp.sh +i3config +10-tigervnc.sh + +## TigerVNC launch script +cat >90-tigervnc.sh <<- '90-tigervnc.sh' +#!/usr/bin/env bash +# Launch Tigervnc +/usr/bin/dbus-launch vncserver :0 & +90-tigervnc.sh + +## Docker build +DOCKER_BUILDKIT=1 docker build ./. \ + --tag myvnc/i3:base \ + && rm -f Dockerfile *.sh \ No newline at end of file diff --git a/kdeplasma.sh b/kdeplasma.sh new file mode 100644 index 0000000..7857235 --- /dev/null +++ b/kdeplasma.sh @@ -0,0 +1,68 @@ +## Dockerfile +cat >Dockerfile <<- 'Dockerfile' +# syntax = docker/dockerfile:1.2 +FROM myvnc/base +USER root + +# X session environment variable +ENV STARTXBIN startplasma-x11 + +# Install packages +RUN --mount=type=cache,sharing=locked,target=/var/cache/pacman \ + pacman -Syu --ask 4 --needed \ + cuda openssh vim pacman-contrib bash-completion rsync git \ + plasma konsole kate dolphin kompare kcalc \ + jack2 ttf-dejavu \ + firefox firefox-decentraleyes firefox-ublock-origin \ + torbrowser-launcher \ + shotwell ffmpegthumbs ark okular \ + remmina libvncserver \ + && pacman -Scc --ask 4 \ + && echo 'Cmnd_Alias MISCELLANEOUS = /usr/bin/pacman -S' >/etc/sudoers.d/01-MISCELLANEOUS + +# configure nvidia container runtime +# https://github.com/NVIDIA/nvidia-container-runtime#environment-variables-oci-spec +ENV NVIDIA_VISIBLE_DEVICES all +ENV NVIDIA_DRIVER_CAPABILITIES compute,utility + +# Tigervnc +COPY 20-archvnc.sh /app/init.d/20-archvnc.sh +RUN chmod +x /app/init.d/* + +# Reset user home directory +USER user +WORKDIR /home/user +Dockerfile + +# KDE setup +cat >20-archvnc.sh <<- 'entrypoint' +#!/usr/bin/env bash +# Disable KDE screenlock +cat >~/.config/kscreenlockerrc <<- 'kscreenlockerrc' +[Daemon] +Autolock=false +LockOnResume=false +Timeout=0 +kscreenlockerrc + +# VNC config +cat >~/.vnc/config <<- vncconfig +session=plasmax11 +dpi=192 +geometry=1920x1080 +framerate=60 +depth=32 +${_MYVNC_VNCSHARING} +vncconfig + +# SSH config +if [ -f ~/.ssh/id_ed25519 ] +then + chmod 0600 ~/.ssh/id_ed25519 +fi +entrypoint + +## Docker build +DOCKER_BUILDKIT=1 docker build ./. \ + --tag myvnc/kde \ + && rm -f Dockerfile *.sh \ No newline at end of file diff --git a/remmina.sh b/remmina.sh new file mode 100644 index 0000000..3b25039 --- /dev/null +++ b/remmina.sh @@ -0,0 +1,49 @@ +## Dockerfile +cat >Dockerfile <<- 'Dockerfile' +# syntax = docker/dockerfile:1.2 +FROM myvnc/i3:base +USER root + +# install packages +RUN --mount=type=cache,sharing=locked,target=/var/cache/pacman \ + pacman -Syu --ask 4 --needed \ + remmina libvncserver terminator openssh \ + && pacman -Scc --ask 4 + +# Tigervnc +COPY 20-remmina.sh /app/init.d/ +RUN chmod +x /app/init.d/* + +# Reset user home directory +USER user +WORKDIR /home/user +Dockerfile + +## Remmina setup +cat >20-remmina.sh <<- '20-remmina.sh' +#!/usr/bin/env bash +# Remmina config +cat >~/.config/i3/config.d/remmina.conf <<- 'remmina.conf' +# Open terminal +exec --no-startup-id i3-msg 'workspace "2"; exec /usr/bin/terminator' + +# Maximize +for_window [class="remmina"] move container to workspace "1" +for_window [class="terminator"] move container to workspace "2" +remmina.conf + +# Remmina startup +install /dev/stdin ~/.config/i3/startapp.sh <<- startapp.sh +#!/usr/bin/env bash +# Run remmina +while true +do + /usr/bin/remmina +done +startapp.sh +20-remmina.sh + +## Docker build +DOCKER_BUILDKIT=1 docker build ./. \ + --tag myvnc/remmina \ + && rm -f Dockerfile *.sh \ No newline at end of file