Allow setting username and id
This commit is contained in:
parent
9b2556f49a
commit
b7ce160dc3
14
README.md
14
README.md
@ -1,19 +1,23 @@
|
||||
# NOVNC-BASE
|
||||
|
||||
A desktop environment with sound in docker
|
||||
A desktop environment with sound in docker.
|
||||
|
||||
Can be used as a base file for application specific containers.
|
||||
|
||||
- `thomasloven/novnc-ubuntu`
|
||||
- `thomasloven/novnc-debuan`
|
||||
- `thomasloven/novnc-alpine`
|
||||
|
||||
To just get a desktop environment at `http://localhost:8080`:
|
||||
|
||||
```bash
|
||||
docker run --rm thomasloven/novnc-base -p 8080:8080
|
||||
docker run --rm -p 8080:8080 thomasloven/novnc-ubuntu
|
||||
```
|
||||
|
||||
Or used as a base for specific applications:
|
||||
|
||||
```dockerfile
|
||||
FROM thomasloven/novnc-base
|
||||
FROM thomasloven/novnc-ubuntu
|
||||
|
||||
RUN sudo apt-get update \
|
||||
&& DEBIAN_FRONTEND=noninteractive \
|
||||
@ -24,6 +28,10 @@ CMD ["blender"]
|
||||
|
||||
See more examples in `apps/`.
|
||||
|
||||
|
||||
The container will run as user `$USERNAME` (default `novnc`) with uid `${UUID}` (default `1000`) and group id `${GUID}` (default `1000`).
|
||||
The user has sudo privileges with no password(!).
|
||||
|
||||
### Bonus functionality - dotfiles installation.
|
||||
If the environment variable `DOTFILES_REPO` is set, the container will `git
|
||||
clone` that into `~/dotfiles` and then run `~/dotfiles/install.sh` if it
|
||||
|
||||
@ -50,17 +50,12 @@ COPY entrypoint.sh /opt/noVNC/entrypoint.sh
|
||||
ENTRYPOINT ["/opt/noVNC/entrypoint.sh"]
|
||||
EXPOSE 8080
|
||||
|
||||
RUN adduser --home /home/novnc --shell /bin/bash --system --disabled-password novnc \
|
||||
&& echo "novnc ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
|
||||
|
||||
# Add a custom version of vncserver which discards all arguments but the display
|
||||
RUN mv /usr/bin/vncserver /usr/bin/vncserver-orig \
|
||||
&& echo -e "#!/bin/bash \n \
|
||||
/usr/bin/vncserver-orig \$1" > /usr/bin/vncserver \
|
||||
&& chmod +x /usr/bin/vncserver
|
||||
|
||||
USER novnc
|
||||
RUN mkdir -p /home/novnc/.vnc/ \
|
||||
&& echo -e "-Securitytypes=none" > /home/novnc/.vnc/config \
|
||||
&& touch /home/novnc/.vnc/passwd && chmod 0600 /home/novnc/.vnc/passwd
|
||||
WORKDIR /home/novnc
|
||||
RUN mkdir -p /etc/skel/.vnc/ \
|
||||
&& echo -e "-Securitytypes=none" > /etc/skel/.vnc/config \
|
||||
&& touch /etc/skel/.vnc/passwd && chmod 0600 /etc/skel/.vnc/passwd
|
||||
|
||||
@ -57,8 +57,3 @@ COPY entrypoint.sh /opt/noVNC/entrypoint.sh
|
||||
|
||||
ENTRYPOINT ["/opt/noVNC/entrypoint.sh"]
|
||||
EXPOSE 8080
|
||||
|
||||
RUN adduser --home /home/novnc --shell /bin/bash --system --disabled-password novnc \
|
||||
&& echo "novnc ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
|
||||
USER novnc
|
||||
WORKDIR /home/novnc
|
||||
|
||||
@ -18,43 +18,63 @@ kill_pid ~/.tcp-pid
|
||||
kill_pid ~/.ws-pid
|
||||
|
||||
|
||||
# Clone and install dotfiles if DOTFILES_REPO is defined
|
||||
if [ -n "$DOTFILES_REPO" ]; then
|
||||
if [ ! -d ~/dotfiles ]; then
|
||||
git clone $DOTFILES_REPO ~/dotfiles
|
||||
if [ -f ~/dotfiles/install.sh ]; then
|
||||
/bin/bash ~/dotfiles/install.sh
|
||||
user_entrypoint() {
|
||||
cd ~
|
||||
|
||||
# Clone and install dotfiles if DOTFILES_REPO is defined
|
||||
if [ -n "$DOTFILES_REPO" ]; then
|
||||
if [ ! -d ~/dotfiles ]; then
|
||||
git clone --depth 1 --recurse-submodules --shallow-submodules $DOTFILES_REPO ~/dotfiles
|
||||
if [ -f ~/dotfiles/install.sh ]; then
|
||||
/bin/bash ~/dotfiles/install.sh
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
# Launch VNC server - view :1 defaults to port 5901
|
||||
vncserver :1 -SecurityTypes None -localhost no --I-KNOW-THIS-IS-INSECURE &
|
||||
# vncserver :1 &
|
||||
echo "$!" > ~/.vnc-pid
|
||||
|
||||
# Launch pulseaudio server
|
||||
# /etc/pulse/client.conf and /etc/pulse/default.pa are setup to make a default
|
||||
# audio sink which outputs to a socket at /tmp/pulseaudio.socket
|
||||
DISPLAY=:0.0 pulseaudio --disallow-module-loading --disallow-exit --exit-idle-time=-1&
|
||||
echo "$!" > ~/.pa-pid
|
||||
|
||||
# Use gstreamer to stream the pulseaudio source /tmp/pulseaudio.socket to stdout (fd=1)
|
||||
# the tcpserver from ucspi-tcp pipes this to tcp port 6901
|
||||
tcpserver localhost 6901 gst-launch-1.0 -q pulsesrc server=/tmp/pulseaudio.socket ! audio/x-raw, channels=2, rate=12000 ! cutter ! opusenc ! webmmux ! fdsink fd=1 &
|
||||
echo "$!" > ~/.tcp-pid
|
||||
|
||||
# Websockify does three things:
|
||||
# - publishes /opt/noVNC to http port 8080
|
||||
# - proxies vnc port 5901 to 8080/websockify?token=vnc
|
||||
# - proxies pulseaudio port 6901 to 8080/websockify?token=pulse
|
||||
# The latter two are defined through the tokenfile
|
||||
/opt/noVNC/utils/websockify/websockify.py --web /opt/noVNC 8080 --token-plugin=TokenFile --token-source=/opt/noVNC/tokenfile &
|
||||
echo "$!" > ~/.ws-pid
|
||||
|
||||
if [ -n "$@" ]; then
|
||||
DISPLAY=:1.0 exec "$@" &
|
||||
fi
|
||||
|
||||
wait
|
||||
}
|
||||
|
||||
uname=${USERNAME:-novnc}
|
||||
uid=${UUID:-1000}
|
||||
gid=${GUID:-1000}
|
||||
|
||||
if ! id -u ${uname} > /dev/null 2>&1; then
|
||||
addgroup --gid ${gid} ${uname}
|
||||
adduser --home /home/${uname} --shell /bin/bash --system --disabled-password --uid ${uid} --ingroup ${uname} ${uname}
|
||||
echo "${uname} ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
|
||||
mkdir -p /home/${uname}
|
||||
chown ${uname}:${uname} /home/${uname}
|
||||
fi
|
||||
|
||||
# Launch VNC server - view :1 defaults to port 5901
|
||||
vncserver :1 -SecurityTypes None -localhost no --I-KNOW-THIS-IS-INSECURE &
|
||||
# vncserver :1 &
|
||||
echo "$!" > ~/.vnc-pid
|
||||
|
||||
# Launch pulseaudio server
|
||||
# /etc/pulse/client.conf and /etc/pulse/default.pa are setup to make a default
|
||||
# audio sink which outputs to a socket at /tmp/pulseaudio.socket
|
||||
DISPLAY=:0.0 pulseaudio --disallow-module-loading --disallow-exit --exit-idle-time=-1&
|
||||
echo "$!" > ~/.pa-pid
|
||||
|
||||
# Use gstreamer to stream the pulseaudio source /tmp/pulseaudio.socket to stdout (fd=1)
|
||||
# the tcpserver from ucspi-tcp pipes this to tcp port 6901
|
||||
tcpserver localhost 6901 gst-launch-1.0 -q pulsesrc server=/tmp/pulseaudio.socket ! audio/x-raw, channels=2, rate=12000 ! cutter ! opusenc ! webmmux ! fdsink fd=1 &
|
||||
echo "$!" > ~/.tcp-pid
|
||||
|
||||
# Websockify does three things:
|
||||
# - publishes /opt/noVNC to http port 8080
|
||||
# - proxies vnc port 5901 to 8080/websockify?token=vnc
|
||||
# - proxies pulseaudio port 6901 to 8080/websockify?token=pulse
|
||||
# The latter two are defined through the tokenfile
|
||||
/opt/noVNC/utils/websockify/websockify.py --web /opt/noVNC 8080 --token-plugin=TokenFile --token-source=/opt/noVNC/tokenfile &
|
||||
echo "$!" > ~/.ws-pid
|
||||
|
||||
if [ -n "$@" ]; then
|
||||
DISPLAY=:1.0 exec "$@" &
|
||||
fi
|
||||
export -f user_entrypoint
|
||||
su ${uname} -c "bash -c user_entrypoint ${@}" &
|
||||
|
||||
wait
|
||||
|
||||
|
||||
@ -57,8 +57,3 @@ COPY entrypoint.sh /opt/noVNC/entrypoint.sh
|
||||
|
||||
ENTRYPOINT ["/opt/noVNC/entrypoint.sh"]
|
||||
EXPOSE 8080
|
||||
|
||||
RUN adduser --home /home/novnc --shell /bin/bash --system --disabled-password novnc \
|
||||
&& echo "novnc ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
|
||||
USER novnc
|
||||
WORKDIR /home/novnc
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user