Move all NoVNC instances to alpine image

2025-12-17 22:56:20 +00:00 · 2025-01-21 01:25:25 +00:00 · 2025-01-21 01:25:25 +00:00 · 7f0d398fbb
commit 7f0d398fbb
parent d086ed3138
274 changed files with 349 additions and 50367 deletions
--- a/firefox/20-firefox.sh
+++ b/firefox/20-firefox.sh
@ -1,56 +0,0 @@
-#!/usr/bin/env bash
-# Create firefox profile directory
-mkdir -p /app/firefox
-
-# Firefox custom user.js
-cat >/app/firefox/user.js <<- 'firefox'
-// First run
-user_pref("app.normandy.first_run", false);
-user_pref("toolkit.telemetry.reportingpolicy.firstRun", false);
-user_pref("trailhead.firstrun.didSeeAboutWelcome", true);
-user_pref("browser.startup.homepage_override.mstone", "ignore");
-
-// Homepage
-// user_pref("browser.startup.page", 1);
-// user_pref("browser.startup.homepage", "https://myvelabs.app/");
-
-// Security/privacy section
-user_pref("app.shield.optoutstudies.enabled", false);
-user_pref("browser.contentblocking.category", "standard");
-user_pref("datareporting.healthreport.uploadEnabled", false);
-user_pref("extensions.pocket.enabled", false);
-user_pref("dom.private-attribution.submission.enabled", false);
-user_pref("network.trr.mode", 5);
-
-// Disable sponsored content on Firefox Home (Activity Stream)
-user_pref("browser.newtabpage.activity-stream.showSearch", false);
-user_pref("browser.newtabpage.activity-stream.showSponsored", false);
-user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false);
-user_pref("browser.newtabpage.activity-stream.default.sites", "");
-user_pref("browser.newtabpage.activity-stream.topSitesRows", 4);
-
-// Disable about:config warning
-user_pref("browser.aboutConfig.showWarning", false);
-
-// Disable url autocomplete
-user_pref("browser.search.suggest.enabled", false);
-user_pref("browser.urlbar.suggest.recentsearches", false);
-user_pref("browser.urlbar.suggest.searches", false);
-
-// Closing firefox properties
-user_pref("browser.warnOnQuitShortcut", false);
-user_pref("browser.tabs.closeWindowWithLastTab", false);
-
-// Disable autohide toolbar on fullscreen
-user_pref("browser.fullscreen.autohide", false);
-firefox
-
-# i3/firefox startup
-install /dev/stdin ~/.config/i3/startapp.sh <<- startup
-#!/usr/bin/env bash
-# Run firefox
-while true
-do
-    /usr/bin/firefox --profile /app/firefox ${MYVNC_FIREFOX_OPTS} --new-window ${MYVNC_FIREFOX_URL}
-done
-startup
--- a/firefox/Dockerfile
+++ b/firefox/Dockerfile
@ -1,18 +1,45 @@
 # syntax = docker/dockerfile:1
-FROM myvnc/arch/base:i3
+FROM quay.io/archlinux/archlinux:base-devel
 USER root

+# Build ARG for additional packages to install (eg, openssh)
+ARG addpkg
+
 # Build ARG: use "root" for debugging
 ARG debug
+
+# Copy mirrorlist
+COPY mirrorlist /etc/pacman.d/mirrorlist
+
+# Copy app folder
+COPY entrypoint /entrypoint
 
 # Install packages
 RUN --mount=type=cache,sharing=locked,target=/var/cache/pacman \
-    pacman -Syu --ask 4 --needed \
-    firefox firefox-decentraleyes firefox-ublock-origin \
-    && pacman -Scc --ask 4
-
-# Tigervnc
-COPY *.sh /app/init.d/
+    pacman-key --init \
+    && sed -i '/ParallelDownloads/c ParallelDownloads = 10' /etc/pacman.conf \
+    && pacman -Sy --ask 4 archlinux-keyring \
+    && pacman -Su --ask 4 --needed ${addpkg} \
+        sudo bash bash-completion \
+        tigervnc \
+        i3-wm ttf-dejavu \
+        firefox firefox-decentraleyes firefox-ublock-origin \
+    && pacman -Scc --ask 4 \
+    && useradd --create-home --gid users --shell /usr/bin/bash user \
+    && printf '%s\n' 'user ALL=(ALL:ALL) NOPASSWD: /usr/bin/pacman' \
+        'Defaults lecture = never' >/etc/sudoers.d/zz-DOCKER \
+    && passwd -l root >/dev/null 2>&1

 # Default environment
 USER ${debug:-user}
+WORKDIR /home/user
+ENV HOME=/home/user
+ENV DISPLAY=:0
+ENV SHELL=/usr/bin/bash
+ENV PS1="[\u@\h \W \$?]\$ "
+
+# X session environment variable
+ENV STARTXBIN=i3
+
+# Docker entrypoint
+ENTRYPOINT ["/entrypoint"]
--- a/firefox/build
+++ b/firefox/build
@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+# Docker build
+# Optional buildtag, addpkg
+# addpkg=openssh \
+set -e
+
+## Fetch latest mirrorlist
+curl --fail --silent https://git.myvelabs.com/lab/archlinux/raw/branch/master/mirrorlist -o mirrorlist
+
+DOCKER_BUILDKIT=1 \
+docker build . \
+    --build-arg addpkg=${addpkg:-""} \
+    --build-arg debug=${debug:-""} \
+    --tag ${buildtag:-myvnc/arch/firefox}
+rm mirrorlist
--- a/firefox/docker-compose.yaml
+++ b/firefox/docker-compose.yaml
@ -3,22 +3,27 @@ services:
    image: myvnc/arch/firefox
    container_name: firefox
    restart: unless-stopped
-    build: .
+    # build: .
    # shm_size: 2gb
    # security_opt:
    #   - seccomp:unconfined
+    environment:
+      MYVNC_VNCPASS: ${MYVNC_FIREFOX_VNCPASS}
+    networks:
+      - firefox
+  firefox-novnc:
+    image: myvnc/alpine/base
+    container_name: firefox-novnc
+    restart: unless-stopped
    ports:
      - ${MYVNC_FIREFOX_PORT}:6900
    environment:
-      MYVNC_VNCPASS: ${MYVNC_FIREFOX_VNCPASS}
-
      MYVNC_CUSTOM_TITLE: ${MYVNC_FIREFOX_CUSTOM_TITLE}
      MYVNC_PROXYPATH: ${MYVNC_FIREFOX_PROXYPATH}
-
-      MYVNC_FIREFOX_URL: ${MYVNC_FIREFOX_URL}
-      MYVNC_FIREFOX_OPTS: ${MYVNC_FIREFOX_OPTS}
-
      MYVNC_VNCSHARING: ${MYVNC_FIREFOX_VNCSHARING}
+
+      MYVNC_VNCLISTEN_HOST: firefox
+      MYVNC_VNCLISTEN_PORT: 5900
    networks:
      - firefox

--- a/firefox/entrypoint
+++ b/firefox/entrypoint
@ -0,0 +1,155 @@
+#!/usr/bin/env bash
+# Export all variables
+set -a
+
+# Abort if an error is encountered
+set -e
+
+# SSH config
+if [ -f ~/.ssh/id_ed25519 ]
+then
+    chmod 0600 ~/.ssh/id_ed25519
+fi
+
+# Create base directories
+for dir in ssh config/tigervnc
+do
+    [ -d ~/.${dir} ] || mkdir -p ~/.${dir}/
+done
+
+# Check for MYVNC_VNCPASS variable
+if [ -z ${MYVNC_VNCPASS} ]
+then
+    echo "MYVNC_VNCPASS env variable is missing"
+    exit 1
+fi
+
+# Configure tigervnc auth
+if [ ! -f ~/.config/tigervnc/passwd ]
+then
+    echo "${MYVNC_VNCPASS}" | vncpasswd -f >~/.config/tigervnc/passwd
+    chmod 0600 ~/.config/tigervnc/passwd
+fi
+
+# Remove VNCPASS env
+unset MYVNC_VNCPASS
+
+# VNC xstartup
+install /dev/stdin ~/.config/tigervnc/xstartup <<- xstartup
+#!/usr/bin/env bash
+unset SESSION_MANAGER
+unset DBUS_SESSION_BUS_ADDRESS
+exec ${STARTXBIN}
+xstartup
+
+# Turn vnc sharing on/off
+if [[ ${MYVNC_VNCSHARING} == "true" ]] || [[ ${MYVNC_VNCSHARING} == "1" ]]
+then
+    _MYVNC_VNCSHARING=alwaysshared
+else
+    _MYVNC_VNCSHARING=nevershared
+fi
+
+# VNC config
+cat >~/.config/tigervnc/config <<- vncconfig
+session=i3
+dpi=192
+geometry=1920x1080
+framerate=60
+depth=32
+${_MYVNC_VNCSHARING}
+vncconfig
+
+# i3 preferences
+mkdir -p ~/.config/i3/config.d
+cat >~/.config/i3/config <<- 'i3config'
+# Font
+font pango:DejaVu Sans Mono 8
+
+# Include custom config
+include ~/.config/i3/config.d/*.conf
+
+# Binds for killing application
+bindsym Mod1+Mod4+Shift+q kill
+bindsym Mod1+Mod4+Shift+f fullscreen toggle
+
+# Binds for cycling workspaces
+bindsym Mod1+Mod4+Shift+Right workspace next
+bindsym Mod1+Mod4+Shift+Left workspace prev
+
+# Locked mode
+mode locked {
+    bindsym Mod4+Mod1+Escape mode default
+}
+bindsym Mod4+Mod1+Escape mode locked
+
+# Hide bar permanently
+exec --no-startup-id i3-msg bar mode invisible
+
+# Always open window in fullscreen
+for_window [all] fullscreen enable
+for_window [all] border none
+default_border none
+
+# Execute startup script for webapp
+exec --no-startup-id /usr/bin/bash ~/.config/i3/startapp.sh
+i3config
+
+# Create firefox profile directory
+mkdir -p ~/firefox
+
+# Firefox custom user.js
+cat >~/firefox/user.js <<- 'firefox'
+// First run
+user_pref("app.normandy.first_run", false);
+user_pref("toolkit.telemetry.reportingpolicy.firstRun", false);
+user_pref("trailhead.firstrun.didSeeAboutWelcome", true);
+user_pref("browser.startup.homepage_override.mstone", "ignore");
+
+// Homepage
+// user_pref("browser.startup.page", 1);
+// user_pref("browser.startup.homepage", "https://myvelabs.app/");
+
+// Security/privacy section
+user_pref("app.shield.optoutstudies.enabled", false);
+user_pref("browser.contentblocking.category", "standard");
+user_pref("datareporting.healthreport.uploadEnabled", false);
+user_pref("extensions.pocket.enabled", false);
+user_pref("dom.private-attribution.submission.enabled", false);
+user_pref("network.trr.mode", 5);
+
+// Disable sponsored content on Firefox Home (Activity Stream)
+user_pref("browser.newtabpage.activity-stream.showSearch", false);
+user_pref("browser.newtabpage.activity-stream.showSponsored", false);
+user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false);
+user_pref("browser.newtabpage.activity-stream.default.sites", "");
+user_pref("browser.newtabpage.activity-stream.topSitesRows", 4);
+
+// Disable about:config warning
+user_pref("browser.aboutConfig.showWarning", false);
+
+// Disable url autocomplete
+user_pref("browser.search.suggest.enabled", false);
+user_pref("browser.urlbar.suggest.recentsearches", false);
+user_pref("browser.urlbar.suggest.searches", false);
+
+// Closing firefox properties
+user_pref("browser.warnOnQuitShortcut", false);
+user_pref("browser.tabs.closeWindowWithLastTab", false);
+
+// Disable autohide toolbar on fullscreen
+user_pref("browser.fullscreen.autohide", false);
+firefox
+
+# i3/firefox startup
+install /dev/stdin ~/.config/i3/startapp.sh <<- startup
+#!/usr/bin/env bash
+# Run firefox
+while true
+do
+    /usr/bin/firefox --profile ~/firefox ${MYVNC_FIREFOX_OPTS} --new-window ${MYVNC_FIREFOX_URL}
+done
+startup
+
+# Launch Tigervnc
+/usr/bin/dbus-launch vncserver :0