-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile.desktop
More file actions
61 lines (49 loc) · 4.48 KB
/
Dockerfile.desktop
File metadata and controls
61 lines (49 loc) · 4.48 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
FROM kasmweb/ubuntu-noble-desktop:1.18.0-rolling-daily
USER root
RUN apt-get update && apt-get install -y scrot socat python3-websocket && rm -rf /var/lib/apt/lists/*
# Replace Google Chrome with Chrome for Testing (supports CDP on default profile)
RUN CfT_URL=$(curl -s https://googlechromelabs.github.io/chrome-for-testing/last-known-good-versions-with-downloads.json \
| python3 -c "import sys,json; [print(x['url']) for x in json.load(sys.stdin)['channels']['Stable']['downloads']['chrome'] if x['platform']=='linux64']") && \
curl -sL "$CfT_URL" -o /tmp/chrome.zip && \
rm -rf /opt/google/chrome && \
unzip -q /tmp/chrome.zip -d /opt/google && \
mv /opt/google/chrome-linux64 /opt/google/chrome && \
ln -sf /opt/google/chrome/chrome /opt/google/chrome/google-chrome && \
rm /tmp/chrome.zip && \
apt-mark hold google-chrome-stable
# Patch out the Chrome for Testing infobar
COPY scripts/patch_cft_infobar.py /tmp/patch_cft_infobar.py
RUN python3 /tmp/patch_cft_infobar.py --no-backup && rm /tmp/patch_cft_infobar.py
# Replace Chrome wrapper: always enable CDP, use default profile, sandbox enabled
RUN printf '#!/usr/bin/env bash\nif ! pgrep -f "chrome/chrome" > /dev/null; then\n rm -f $HOME/.config/google-chrome-for-testing/Singleton*\nfi\nsed -i '\''s/"exited_cleanly":false/"exited_cleanly":true/'\'' ~/.config/google-chrome-for-testing/Default/Preferences 2>/dev/null\nsed -i '\''s/"exit_type":"Crashed"/"exit_type":"None"/'\'' ~/.config/google-chrome-for-testing/Default/Preferences 2>/dev/null\necho "Starting Chrome for Testing"\n/opt/google/chrome/chrome --password-store=basic --no-first-run --disable-search-engine-choice-screen --remote-debugging-port=9222 --remote-allow-origins=* "$@"\n' > /usr/bin/google-chrome && \
chmod +x /usr/bin/google-chrome && \
chown root:root /opt/google/chrome/chrome_sandbox && \
chmod 4755 /opt/google/chrome/chrome_sandbox && \
ln -sf chrome_sandbox /opt/google/chrome/chrome-sandbox
# Disable smartcard and pcscd services (they can spin at 100% CPU)
ENV KASM_SVC_SMARTCARD=0
# Copy wallpaper
COPY src/static/icons/fernando-wallpaper.png /usr/share/backgrounds/fernando-wallpaper.png
# Create startup script to set wallpaper on all VNC monitors
RUN echo '#!/bin/bash\nsleep 3\nfor monitor in VNC-0 VNC-1 VNC-2 VNC-3; do\n for workspace in 0 1 2 3; do\n xfconf-query -c xfce4-desktop -p /backdrop/screen0/monitor$monitor/workspace$workspace/last-image -s /usr/share/backgrounds/fernando-wallpaper.png 2>/dev/null\n done\ndone\nkillall xfdesktop 2>/dev/null\nxfdesktop 2>/dev/null &\n' > /dockerstartup/set-fernando-wallpaper.sh && \
chmod +x /dockerstartup/set-fernando-wallpaper.sh
# Pre-kasm cleanup: move old VNC logs so tail -f only picks up the current session,
# and prune archived logs older than 7 days
RUN printf '[Unit]\nDescription=Clean up old VNC logs before Kasm starts\nBefore=kasm.service\nAfter=kasm-setup.service\n\n[Service]\nType=oneshot\nUser=kasm-user\nExecStart=/bin/bash -c '\''VNCDIR=/home/kasm-user/.vnc; ARCHIVE=$VNCDIR/old-logs; mkdir -p $ARCHIVE; mv $VNCDIR/*.log $ARCHIVE/ 2>/dev/null; find $ARCHIVE -name "*.log" -mtime +7 -delete 2>/dev/null; true'\''\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n' > /etc/systemd/system/kasm-vnc-log-cleanup.service && \
systemctl enable kasm-vnc-log-cleanup.service
# Create or append to custom startup
RUN if [ ! -f /dockerstartup/custom_startup.sh ]; then \
echo '#!/bin/bash' > /dockerstartup/custom_startup.sh; \
fi && \
echo 'rm -f /home/kasm-user/.config/google-chrome-for-testing/Singleton* 2>/dev/null' >> /dockerstartup/custom_startup.sh && \
echo '/dockerstartup/set-fernando-wallpaper.sh &' >> /dockerstartup/custom_startup.sh && \
echo 'GATEWAY=$(ip route | grep default | awk "{print \$3}") && socat TCP-LISTEN:8080,fork,reuseaddr TCP:$GATEWAY:8080 &' >> /dockerstartup/custom_startup.sh && \
chmod +x /dockerstartup/custom_startup.sh
# Fix Firefox profile config so it doesn't show the profile chooser dialog
RUN mkdir -p /home/kasm-user/.mozilla/firefox/kasm && \
printf '[Install4F96D1932A9F858E]\nDefault=kasm\nLocked=1\n\n[Profile0]\nName=default\nIsRelative=1\nPath=kasm\nDefault=1\n' > /home/kasm-user/.mozilla/firefox/profiles.ini && \
chown -R 1000:1000 /home/kasm-user/.mozilla
# Passwordless sudo for kasm-user
RUN echo 'kasm-user ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/kasm-user
# Disable services that block/fail in containers
RUN systemctl mask NetworkManager-wait-online.service colord.service lightdm.service