diff --git a/registry/coder/modules/kasmvnc/main.tf b/registry/coder/modules/kasmvnc/main.tf index ca7315ec..3174e9d0 100644 --- a/registry/coder/modules/kasmvnc/main.tf +++ b/registry/coder/modules/kasmvnc/main.tf @@ -54,6 +54,29 @@ variable "subdomain" { description = "Is subdomain sharing enabled in your cluster?" } +variable "kasm_config" { + type = string + default = "" + description = <<-EOT + Additional KasmVNC configuration in YAML format. Can be used to set DLP policies and other advanced settings. + + Example for DLP policies (according to KasmVNC documentation): + ```yaml + data_loss_prevention: + clipboard: + server_to_client: + enabled: false + client_to_server: + enabled: false + printing: false + download: false + ``` + + For more advanced configuration options, see the KasmVNC documentation: + https://kasmweb.com/docs/latest/how_to/kasmvnc_dlp_policies.html + EOT +} + resource "coder_script" "kasm_vnc" { agent_id = var.agent_id display_name = "KasmVNC" @@ -65,6 +88,7 @@ resource "coder_script" "kasm_vnc" { KASM_VERSION = var.kasm_version SUBDOMAIN = tostring(var.subdomain) PATH_VNC_HTML = var.subdomain ? "" : file("${path.module}/path_vnc.html") + KASM_CONFIG = var.kasm_config }) } diff --git a/registry/coder/modules/kasmvnc/run.sh b/registry/coder/modules/kasmvnc/run.sh index 67a8a310..0dda839f 100644 --- a/registry/coder/modules/kasmvnc/run.sh +++ b/registry/coder/modules/kasmvnc/run.sh @@ -193,19 +193,50 @@ else SUDO="" echo "WARNING: Sudo access not available, using user config dir!" - + + # Always ensure the directory exists + mkdir -p "$HOME/.vnc" + + # We'll handle existing configs differently - we'll merge instead of skipping if [[ -f "$kasm_config_file" ]]; then - echo "WARNING: Custom user KasmVNC config exists, not overwriting!" - echo "WARNING: Ensure that you manually configure the appropriate settings." - kasm_config_file="/dev/stderr" - else - echo "WARNING: This may prevent custom user KasmVNC settings from applying!" - mkdir -p "$HOME/.vnc" + echo "INFO: Custom user KasmVNC config exists, will merge with new settings." + # Create a backup of the existing config + cp "$kasm_config_file" "$${kasm_config_file}.bak" fi fi echo "Writing KasmVNC config to $kasm_config_file" -$SUDO tee "$kasm_config_file" > /dev/null << EOF + +# Create a temporary file for our config +TEMP_CONFIG_FILE=$(mktemp) + +# Check if existing config file exists and preserve its content +if [[ -f "$kasm_config_file" ]]; then + echo "Preserving existing KasmVNC configuration settings." + cp "$kasm_config_file" "$TEMP_CONFIG_FILE" + + # Update only the network section + if grep -q "^network:" "$TEMP_CONFIG_FILE"; then + # Network section exists, update only the websocket_port + sed -i "s/\([ \t]*websocket_port:\).*/\1 ${PORT}/" "$TEMP_CONFIG_FILE" + else + # Network section doesn't exist, add it + cat >> "$TEMP_CONFIG_FILE" << EOF +network: + protocol: http + interface: 127.0.0.1 + websocket_port: ${PORT} + ssl: + require_ssl: false + pem_certificate: + pem_key: + udp: + public_ip: 127.0.0.1 +EOF + fi +else + # Start with base network configuration for new config + cat > "$TEMP_CONFIG_FILE" << EOF network: protocol: http interface: 127.0.0.1 @@ -217,6 +248,30 @@ network: udp: public_ip: 127.0.0.1 EOF +fi + +# Add additional KasmVNC configuration if provided +if [[ -n "${KASM_CONFIG}" ]]; then + echo "Adding custom KasmVNC configuration." + + # Add a comment to mark the start of custom config + echo "" >> "$TEMP_CONFIG_FILE" + echo "# ---- START CUSTOM KASMVNC CONFIG ----" >> "$TEMP_CONFIG_FILE" + echo "" >> "$TEMP_CONFIG_FILE" + + # Directly append the YAML configuration + echo "${KASM_CONFIG}" >> "$TEMP_CONFIG_FILE" + + # Add a comment to mark the end of custom config + echo "" >> "$TEMP_CONFIG_FILE" + echo "# ---- END CUSTOM KASMVNC CONFIG ----" >> "$TEMP_CONFIG_FILE" +fi + +# Apply the configuration +$SUDO cp "$TEMP_CONFIG_FILE" "$kasm_config_file" + +# Clean up +rm "$TEMP_CONFIG_FILE" # This password is not used since we start the server without auth. # The server is protected via the Coder session token / tunnel