From 18d447f7794454ac50a71f5396959b2f271378bb Mon Sep 17 00:00:00 2001 From: Ben Potter Date: Fri, 13 Jun 2025 15:10:07 +0000 Subject: [PATCH 1/9] add support for kasm config --- registry/coder/modules/kasmvnc/main.tf | 6 ++++++ registry/coder/modules/kasmvnc/run.sh | 28 ++++++++++++++++++++++++++ 2 files changed, 34 insertions(+) diff --git a/registry/coder/modules/kasmvnc/main.tf b/registry/coder/modules/kasmvnc/main.tf index ca7315ec..e39c02b7 100644 --- a/registry/coder/modules/kasmvnc/main.tf +++ b/registry/coder/modules/kasmvnc/main.tf @@ -54,6 +54,12 @@ variable "subdomain" { description = "Is subdomain sharing enabled in your cluster?" } +variable "kasm_config" { + type = map(any) + default = {} + description = "Additional KasmVNC configuration options. Can be used to set DLP policies and other advanced settings. See https://kasmweb.com/docs/develop/how_to/kasmvnc_dlp_policies.html for details." +} + resource "coder_script" "kasm_vnc" { agent_id = var.agent_id display_name = "KasmVNC" diff --git a/registry/coder/modules/kasmvnc/run.sh b/registry/coder/modules/kasmvnc/run.sh index 67a8a310..c497ecac 100644 --- a/registry/coder/modules/kasmvnc/run.sh +++ b/registry/coder/modules/kasmvnc/run.sh @@ -205,6 +205,8 @@ else fi echo "Writing KasmVNC config to $kasm_config_file" + +# Create base config $SUDO tee "$kasm_config_file" > /dev/null << EOF network: protocol: http @@ -218,6 +220,32 @@ network: public_ip: 127.0.0.1 EOF +# Add additional KasmVNC configuration if provided +if [[ -n "${KASM_CONFIG}" && "${KASM_CONFIG}" != "{}" ]]; then + # Check if jq is available + if ! command -v jq &> /dev/null; then + echo "WARNING: jq is not installed. Cannot parse additional KasmVNC configuration." + echo "WARNING: Install jq or provide configuration in the correct format." + else + # Create a temporary file for the additional config + TEMP_CONFIG_FILE=$(mktemp) + + # Parse the JSON and convert to YAML format + echo '${KASM_CONFIG}' | jq -r 'to_entries | .[] | + if .value | type == "object" then + .key + ":\n" + (.value | to_entries | map(" " + .key + ": " + (.value | tostring)) | join("\n")) + else + .key + ": " + (.value | tostring) + end' > "$TEMP_CONFIG_FILE" + + # Append the additional config to the main config file + $SUDO tee -a "$kasm_config_file" > /dev/null < "$TEMP_CONFIG_FILE" + + # Clean up + rm "$TEMP_CONFIG_FILE" + fi +fi + # This password is not used since we start the server without auth. # The server is protected via the Coder session token / tunnel # and does not listen publicly From bb634a2b5b9f75c0f7992bb0edc90102609ed061 Mon Sep 17 00:00:00 2001 From: Ben Potter Date: Fri, 13 Jun 2025 15:11:09 +0000 Subject: [PATCH 2/9] fix: add KASM_CONFIG environment variable to VNC template --- registry/coder/modules/kasmvnc/main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/registry/coder/modules/kasmvnc/main.tf b/registry/coder/modules/kasmvnc/main.tf index e39c02b7..054a278e 100644 --- a/registry/coder/modules/kasmvnc/main.tf +++ b/registry/coder/modules/kasmvnc/main.tf @@ -71,6 +71,7 @@ resource "coder_script" "kasm_vnc" { KASM_VERSION = var.kasm_version SUBDOMAIN = tostring(var.subdomain) PATH_VNC_HTML = var.subdomain ? "" : file("${path.module}/path_vnc.html") + KASM_CONFIG = jsonencode(var.kasm_config) }) } From e753134bff047ed9f2ff1019c48ed9f433e0c1ec Mon Sep 17 00:00:00 2001 From: Ben Potter Date: Fri, 13 Jun 2025 15:18:12 +0000 Subject: [PATCH 3/9] refactor: change KasmVNC config from JSON map to YAML string with improved config merging --- registry/coder/modules/kasmvnc/main.tf | 8 +-- registry/coder/modules/kasmvnc/run.sh | 91 +++++++++++++++++--------- 2 files changed, 63 insertions(+), 36 deletions(-) diff --git a/registry/coder/modules/kasmvnc/main.tf b/registry/coder/modules/kasmvnc/main.tf index 054a278e..64d52bd6 100644 --- a/registry/coder/modules/kasmvnc/main.tf +++ b/registry/coder/modules/kasmvnc/main.tf @@ -55,9 +55,9 @@ variable "subdomain" { } variable "kasm_config" { - type = map(any) - default = {} - description = "Additional KasmVNC configuration options. Can be used to set DLP policies and other advanced settings. See https://kasmweb.com/docs/develop/how_to/kasmvnc_dlp_policies.html for details." + type = string + default = "" + description = "Additional KasmVNC configuration in YAML format. Can be used to set DLP policies and other advanced settings. See https://kasmweb.com/docs/develop/how_to/kasmvnc_dlp_policies.html for details." } resource "coder_script" "kasm_vnc" { @@ -71,7 +71,7 @@ resource "coder_script" "kasm_vnc" { KASM_VERSION = var.kasm_version SUBDOMAIN = tostring(var.subdomain) PATH_VNC_HTML = var.subdomain ? "" : file("${path.module}/path_vnc.html") - KASM_CONFIG = jsonencode(var.kasm_config) + KASM_CONFIG = var.kasm_config }) } diff --git a/registry/coder/modules/kasmvnc/run.sh b/registry/coder/modules/kasmvnc/run.sh index c497ecac..a3817e30 100644 --- a/registry/coder/modules/kasmvnc/run.sh +++ b/registry/coder/modules/kasmvnc/run.sh @@ -193,21 +193,35 @@ else SUDO="" echo "WARNING: Sudo access not available, using user config dir!" - + + # Always ensure the directory exists + mkdir -p "$HOME/.vnc" + + # We'll handle existing configs differently - we'll merge instead of skipping if [[ -f "$kasm_config_file" ]]; then - echo "WARNING: Custom user KasmVNC config exists, not overwriting!" - echo "WARNING: Ensure that you manually configure the appropriate settings." - kasm_config_file="/dev/stderr" - else - echo "WARNING: This may prevent custom user KasmVNC settings from applying!" - mkdir -p "$HOME/.vnc" + echo "INFO: Custom user KasmVNC config exists, will merge with new settings." + # Create a backup of the existing config + cp "$kasm_config_file" "${kasm_config_file}.bak" fi fi echo "Writing KasmVNC config to $kasm_config_file" -# Create base config -$SUDO tee "$kasm_config_file" > /dev/null << EOF +# Create a temporary file for our config +TEMP_CONFIG_FILE=$(mktemp) + +# Check if existing config file exists and preserve its content +if [[ -f "$kasm_config_file" ]]; then + echo "Preserving existing KasmVNC configuration settings." + cp "$kasm_config_file" "$TEMP_CONFIG_FILE" + + # Update only the network section + if grep -q "^network:" "$TEMP_CONFIG_FILE"; then + # Network section exists, update only the websocket_port + sed -i "s/\([ \t]*websocket_port:\).*/\1 ${PORT}/" "$TEMP_CONFIG_FILE" + else + # Network section doesn't exist, add it + cat >> "$TEMP_CONFIG_FILE" << EOF network: protocol: http interface: 127.0.0.1 @@ -219,33 +233,46 @@ network: udp: public_ip: 127.0.0.1 EOF + fi +else + # Start with base network configuration for new config + cat > "$TEMP_CONFIG_FILE" << EOF +network: + protocol: http + interface: 127.0.0.1 + websocket_port: ${PORT} + ssl: + require_ssl: false + pem_certificate: + pem_key: + udp: + public_ip: 127.0.0.1 +EOF +fi # Add additional KasmVNC configuration if provided -if [[ -n "${KASM_CONFIG}" && "${KASM_CONFIG}" != "{}" ]]; then - # Check if jq is available - if ! command -v jq &> /dev/null; then - echo "WARNING: jq is not installed. Cannot parse additional KasmVNC configuration." - echo "WARNING: Install jq or provide configuration in the correct format." - else - # Create a temporary file for the additional config - TEMP_CONFIG_FILE=$(mktemp) - - # Parse the JSON and convert to YAML format - echo '${KASM_CONFIG}' | jq -r 'to_entries | .[] | - if .value | type == "object" then - .key + ":\n" + (.value | to_entries | map(" " + .key + ": " + (.value | tostring)) | join("\n")) - else - .key + ": " + (.value | tostring) - end' > "$TEMP_CONFIG_FILE" - - # Append the additional config to the main config file - $SUDO tee -a "$kasm_config_file" > /dev/null < "$TEMP_CONFIG_FILE" - - # Clean up - rm "$TEMP_CONFIG_FILE" - fi +if [[ -n "${KASM_CONFIG}" ]]; then + echo "Adding custom KasmVNC configuration." + + # Add a comment to mark the start of custom config + echo "" >> "$TEMP_CONFIG_FILE" + echo "# ---- START CUSTOM KASMVNC CONFIG ----" >> "$TEMP_CONFIG_FILE" + echo "" >> "$TEMP_CONFIG_FILE" + + # Directly append the YAML configuration + echo "${KASM_CONFIG}" >> "$TEMP_CONFIG_FILE" + + # Add a comment to mark the end of custom config + echo "" >> "$TEMP_CONFIG_FILE" + echo "# ---- END CUSTOM KASMVNC CONFIG ----" >> "$TEMP_CONFIG_FILE" fi +# Apply the configuration +$SUDO cp "$TEMP_CONFIG_FILE" "$kasm_config_file" + +# Clean up +rm "$TEMP_CONFIG_FILE" + # This password is not used since we start the server without auth. # The server is protected via the Coder session token / tunnel # and does not listen publicly From 7da54c210f02367f4a5ade1aecf8cab047203c14 Mon Sep 17 00:00:00 2001 From: Ben Potter Date: Fri, 13 Jun 2025 15:20:01 +0000 Subject: [PATCH 4/9] fix variables --- registry/coder/modules/kasmvnc/run.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/registry/coder/modules/kasmvnc/run.sh b/registry/coder/modules/kasmvnc/run.sh index a3817e30..a244c912 100644 --- a/registry/coder/modules/kasmvnc/run.sh +++ b/registry/coder/modules/kasmvnc/run.sh @@ -201,7 +201,7 @@ else if [[ -f "$kasm_config_file" ]]; then echo "INFO: Custom user KasmVNC config exists, will merge with new settings." # Create a backup of the existing config - cp "$kasm_config_file" "${kasm_config_file}.bak" + cp "$kasm_config_file" "$${kasm_config_file}.bak" fi fi @@ -218,7 +218,7 @@ if [[ -f "$kasm_config_file" ]]; then # Update only the network section if grep -q "^network:" "$TEMP_CONFIG_FILE"; then # Network section exists, update only the websocket_port - sed -i "s/\([ \t]*websocket_port:\).*/\1 ${PORT}/" "$TEMP_CONFIG_FILE" + sed -i "s/\([ \t]*websocket_port:\).*/\1 $PORT/" "$TEMP_CONFIG_FILE" else # Network section doesn't exist, add it cat >> "$TEMP_CONFIG_FILE" << EOF From e0708ce04124d16262d5b786b90ba5f14c070a79 Mon Sep 17 00:00:00 2001 From: Ben Potter Date: Fri, 13 Jun 2025 15:24:00 +0000 Subject: [PATCH 5/9] fixes --- registry/coder/modules/kasmvnc/main.tf | 16 ++++++++++++++- registry/coder/modules/kasmvnc/run.sh | 27 ++++++++++++++++++++++++++ 2 files changed, 42 insertions(+), 1 deletion(-) diff --git a/registry/coder/modules/kasmvnc/main.tf b/registry/coder/modules/kasmvnc/main.tf index 64d52bd6..18638148 100644 --- a/registry/coder/modules/kasmvnc/main.tf +++ b/registry/coder/modules/kasmvnc/main.tf @@ -57,7 +57,21 @@ variable "subdomain" { variable "kasm_config" { type = string default = "" - description = "Additional KasmVNC configuration in YAML format. Can be used to set DLP policies and other advanced settings. See https://kasmweb.com/docs/develop/how_to/kasmvnc_dlp_policies.html for details." + description = <<-EOT + Additional KasmVNC configuration in YAML format. Can be used to set DLP policies and other advanced settings. + + Example for DLP policies: + ```yaml + data_loss_prevention: + clipboard: + server_to_client: false + client_to_server: false + printing: false + download: false + ``` + + See https://kasmweb.com/docs/develop/how_to/kasmvnc_dlp_policies.html for details. + EOT } resource "coder_script" "kasm_vnc" { diff --git a/registry/coder/modules/kasmvnc/run.sh b/registry/coder/modules/kasmvnc/run.sh index a244c912..66e6bdd6 100644 --- a/registry/coder/modules/kasmvnc/run.sh +++ b/registry/coder/modules/kasmvnc/run.sh @@ -254,6 +254,33 @@ fi if [[ -n "${KASM_CONFIG}" ]]; then echo "Adding custom KasmVNC configuration." + # Check for common configuration errors + if echo "${KASM_CONFIG}" | grep -q "^policies:"; then + echo "WARNING: Found 'policies:' at the top level of your configuration." + echo "WARNING: DLP policies should be under the 'data_loss_prevention:' section." + echo "WARNING: Example:" + echo "WARNING: data_loss_prevention:" + echo "WARNING: clipboard:" + echo "WARNING: server_to_client: false" + echo "WARNING: client_to_server: false" + echo "WARNING: printing: false" + echo "WARNING: download: false" + + # Create a temporary file for the fixed configuration + FIXED_CONFIG_FILE=$(mktemp) + + # Replace 'policies:' with 'data_loss_prevention:' + echo "${KASM_CONFIG}" | sed 's/^policies:/data_loss_prevention:/' > "$FIXED_CONFIG_FILE" + + # Use the fixed configuration + KASM_CONFIG=$(cat "$FIXED_CONFIG_FILE") + + # Clean up + rm "$FIXED_CONFIG_FILE" + + echo "WARNING: Automatically fixed configuration. Please update your Terraform code." + fi + # Add a comment to mark the start of custom config echo "" >> "$TEMP_CONFIG_FILE" echo "# ---- START CUSTOM KASMVNC CONFIG ----" >> "$TEMP_CONFIG_FILE" From 7571b91780d79fb1bf686cdc84eff2f1b38d68f4 Mon Sep 17 00:00:00 2001 From: Ben Potter Date: Fri, 13 Jun 2025 15:28:19 +0000 Subject: [PATCH 6/9] simplofy --- registry/coder/modules/kasmvnc/main.tf | 11 +++++++---- registry/coder/modules/kasmvnc/run.sh | 27 -------------------------- 2 files changed, 7 insertions(+), 31 deletions(-) diff --git a/registry/coder/modules/kasmvnc/main.tf b/registry/coder/modules/kasmvnc/main.tf index 18638148..3174e9d0 100644 --- a/registry/coder/modules/kasmvnc/main.tf +++ b/registry/coder/modules/kasmvnc/main.tf @@ -60,17 +60,20 @@ variable "kasm_config" { description = <<-EOT Additional KasmVNC configuration in YAML format. Can be used to set DLP policies and other advanced settings. - Example for DLP policies: + Example for DLP policies (according to KasmVNC documentation): ```yaml data_loss_prevention: clipboard: - server_to_client: false - client_to_server: false + server_to_client: + enabled: false + client_to_server: + enabled: false printing: false download: false ``` - See https://kasmweb.com/docs/develop/how_to/kasmvnc_dlp_policies.html for details. + For more advanced configuration options, see the KasmVNC documentation: + https://kasmweb.com/docs/latest/how_to/kasmvnc_dlp_policies.html EOT } diff --git a/registry/coder/modules/kasmvnc/run.sh b/registry/coder/modules/kasmvnc/run.sh index 66e6bdd6..a244c912 100644 --- a/registry/coder/modules/kasmvnc/run.sh +++ b/registry/coder/modules/kasmvnc/run.sh @@ -254,33 +254,6 @@ fi if [[ -n "${KASM_CONFIG}" ]]; then echo "Adding custom KasmVNC configuration." - # Check for common configuration errors - if echo "${KASM_CONFIG}" | grep -q "^policies:"; then - echo "WARNING: Found 'policies:' at the top level of your configuration." - echo "WARNING: DLP policies should be under the 'data_loss_prevention:' section." - echo "WARNING: Example:" - echo "WARNING: data_loss_prevention:" - echo "WARNING: clipboard:" - echo "WARNING: server_to_client: false" - echo "WARNING: client_to_server: false" - echo "WARNING: printing: false" - echo "WARNING: download: false" - - # Create a temporary file for the fixed configuration - FIXED_CONFIG_FILE=$(mktemp) - - # Replace 'policies:' with 'data_loss_prevention:' - echo "${KASM_CONFIG}" | sed 's/^policies:/data_loss_prevention:/' > "$FIXED_CONFIG_FILE" - - # Use the fixed configuration - KASM_CONFIG=$(cat "$FIXED_CONFIG_FILE") - - # Clean up - rm "$FIXED_CONFIG_FILE" - - echo "WARNING: Automatically fixed configuration. Please update your Terraform code." - fi - # Add a comment to mark the start of custom config echo "" >> "$TEMP_CONFIG_FILE" echo "# ---- START CUSTOM KASMVNC CONFIG ----" >> "$TEMP_CONFIG_FILE" From 99c9a32f493ce726450927101dacaa4302defa89 Mon Sep 17 00:00:00 2001 From: Ben Potter Date: Fri, 13 Jun 2025 15:42:52 +0000 Subject: [PATCH 7/9] fix bug --- registry/coder/modules/kasmvnc/run.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/registry/coder/modules/kasmvnc/run.sh b/registry/coder/modules/kasmvnc/run.sh index a244c912..d48e496f 100644 --- a/registry/coder/modules/kasmvnc/run.sh +++ b/registry/coder/modules/kasmvnc/run.sh @@ -225,7 +225,7 @@ if [[ -f "$kasm_config_file" ]]; then network: protocol: http interface: 127.0.0.1 - websocket_port: ${PORT} + websocket_port: $PORT ssl: require_ssl: false pem_certificate: @@ -240,7 +240,7 @@ else network: protocol: http interface: 127.0.0.1 - websocket_port: ${PORT} + websocket_port: $PORT ssl: require_ssl: false pem_certificate: From bfbcb3eea937a4d13e48975ba33e2d9d13441d6f Mon Sep 17 00:00:00 2001 From: Ben Potter Date: Fri, 13 Jun 2025 15:45:50 +0000 Subject: [PATCH 8/9] umm? --- registry/coder/modules/kasmvnc/main.tf | 2 +- registry/coder/modules/kasmvnc/run.sh | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/registry/coder/modules/kasmvnc/main.tf b/registry/coder/modules/kasmvnc/main.tf index 3174e9d0..9ae18bdf 100644 --- a/registry/coder/modules/kasmvnc/main.tf +++ b/registry/coder/modules/kasmvnc/main.tf @@ -1,4 +1,4 @@ -terraform { +r wterraform { required_version = ">= 1.0" required_providers { diff --git a/registry/coder/modules/kasmvnc/run.sh b/registry/coder/modules/kasmvnc/run.sh index d48e496f..0dda839f 100644 --- a/registry/coder/modules/kasmvnc/run.sh +++ b/registry/coder/modules/kasmvnc/run.sh @@ -218,14 +218,14 @@ if [[ -f "$kasm_config_file" ]]; then # Update only the network section if grep -q "^network:" "$TEMP_CONFIG_FILE"; then # Network section exists, update only the websocket_port - sed -i "s/\([ \t]*websocket_port:\).*/\1 $PORT/" "$TEMP_CONFIG_FILE" + sed -i "s/\([ \t]*websocket_port:\).*/\1 ${PORT}/" "$TEMP_CONFIG_FILE" else # Network section doesn't exist, add it cat >> "$TEMP_CONFIG_FILE" << EOF network: protocol: http interface: 127.0.0.1 - websocket_port: $PORT + websocket_port: ${PORT} ssl: require_ssl: false pem_certificate: @@ -240,7 +240,7 @@ else network: protocol: http interface: 127.0.0.1 - websocket_port: $PORT + websocket_port: ${PORT} ssl: require_ssl: false pem_certificate: From f05f3f23a49ac5f9426732a7b73bef91aff08432 Mon Sep 17 00:00:00 2001 From: Ben Potter Date: Fri, 13 Jun 2025 15:46:24 +0000 Subject: [PATCH 9/9] ok --- registry/coder/modules/kasmvnc/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/registry/coder/modules/kasmvnc/main.tf b/registry/coder/modules/kasmvnc/main.tf index 9ae18bdf..3174e9d0 100644 --- a/registry/coder/modules/kasmvnc/main.tf +++ b/registry/coder/modules/kasmvnc/main.tf @@ -1,4 +1,4 @@ -r wterraform { +terraform { required_version = ">= 1.0" required_providers {