From c4114c453e0fc4e8864c759f1873696062961e63 Mon Sep 17 00:00:00 2001
From: "ryan.kuba" <ryan.kuba@kasmweb.com>
Date: Thu, 28 Sep 2023 14:17:32 -0400
Subject: [PATCH] KASM-4867 add new focal based vpn image

---
 ci-scripts/template-vars.yaml                 | 26 +++++
 dockerfile-kasm-ubuntu-focal-desktop-vpn      | 60 ++++++++++++
 docs/ubuntu-focal-desktop-vpn/README.md       |  7 ++
 docs/ubuntu-focal-desktop-vpn/demo.txt        |  9 ++
 docs/ubuntu-focal-desktop-vpn/description.txt |  1 +
 src/ubuntu/install/vpn/install_vpn.sh         | 94 +++++++++++++++++++
 src/ubuntu/install/vpn/start_vpn.sh           | 90 ++++++++++++++++++
 7 files changed, 287 insertions(+)
 create mode 100644 dockerfile-kasm-ubuntu-focal-desktop-vpn
 create mode 100644 docs/ubuntu-focal-desktop-vpn/README.md
 create mode 100644 docs/ubuntu-focal-desktop-vpn/demo.txt
 create mode 100644 docs/ubuntu-focal-desktop-vpn/description.txt
 create mode 100644 src/ubuntu/install/vpn/install_vpn.sh
 create mode 100644 src/ubuntu/install/vpn/start_vpn.sh

diff --git a/ci-scripts/template-vars.yaml b/ci-scripts/template-vars.yaml
index 63e9e94..3eb4738 100644
--- a/ci-scripts/template-vars.yaml
+++ b/ci-scripts/template-vars.yaml
@@ -177,6 +177,32 @@ multiImages:
       - src/ubuntu/install/chromium/**
       - src/ubuntu/install/ansible/**
       - src/ubuntu/install/chrome/**
+  - name: ubuntu-focal-desktop-vpn
+    base: core-ubuntu-focal
+    dockerfile: dockerfile-kasm-ubuntu-focal-desktop-vpn
+    changeFiles:
+      - dockerfile-kasm-ubuntu-focal-desktop
+      - src/ubuntu/install/zoom/**
+      - src/ubuntu/install/vs_code/**
+      - src/ubuntu/install/tools/**
+      - src/ubuntu/install/thunderbird/**
+      - src/ubuntu/install/terraform/**
+      - src/ubuntu/install/telegram/**
+      - src/ubuntu/install/sublime_text/**
+      - src/ubuntu/install/signal/**
+      - src/ubuntu/install/remmina/**
+      - src/ubuntu/install/only_office/**
+      - src/ubuntu/install/obs/**
+      - src/ubuntu/install/nextcloud/**
+      - src/ubuntu/install/misc/**
+      - src/ubuntu/install/gimp/**
+      - src/ubuntu/install/gamepad_utils/**
+      - src/ubuntu/install/firefox/**
+      - src/ubuntu/install/cleanup/**
+      - src/ubuntu/install/chromium/**
+      - src/ubuntu/install/ansible/**
+      - src/ubuntu/install/chrome/**
+      - src/ubuntu/install/vpn/**
   - name: ubuntu-jammy-desktop
     base: core-ubuntu-jammy
     dockerfile: dockerfile-kasm-ubuntu-jammy-desktop
diff --git a/dockerfile-kasm-ubuntu-focal-desktop-vpn b/dockerfile-kasm-ubuntu-focal-desktop-vpn
new file mode 100644
index 0000000..847066c
--- /dev/null
+++ b/dockerfile-kasm-ubuntu-focal-desktop-vpn
@@ -0,0 +1,60 @@
+ARG BASE_TAG="develop"
+ARG BASE_IMAGE="core-ubuntu-focal"
+FROM kasmweb/$BASE_IMAGE:$BASE_TAG
+
+USER root
+
+ENV HOME /home/kasm-default-profile
+ENV STARTUPDIR /dockerstartup
+WORKDIR $HOME
+
+### Envrionment config
+ENV DEBIAN_FRONTEND=noninteractive \
+    SKIP_CLEAN=true \
+    KASM_RX_HOME=$STARTUPDIR/kasmrx \
+    DONT_PROMPT_WSL_INSTALL="No_Prompt_please" \
+    INST_DIR=$STARTUPDIR/install \
+    INST_SCRIPTS="/ubuntu/install/tools/install_tools_deluxe.sh \
+                  /ubuntu/install/misc/install_tools.sh \
+                  /ubuntu/install/chrome/install_chrome.sh \
+                  /ubuntu/install/chromium/install_chromium.sh \
+                  /ubuntu/install/firefox/install_firefox.sh \
+                  /ubuntu/install/sublime_text/install_sublime_text.sh \
+                  /ubuntu/install/vs_code/install_vs_code.sh \
+                  /ubuntu/install/nextcloud/install_nextcloud.sh \
+                  /ubuntu/install/remmina/install_remmina.sh \
+                  /ubuntu/install/only_office/install_only_office.sh \
+                  /ubuntu/install/signal/install_signal.sh \
+                  /ubuntu/install/gimp/install_gimp.sh \
+                  /ubuntu/install/zoom/install_zoom.sh \
+                  /ubuntu/install/obs/install_obs.sh \
+                  /ubuntu/install/ansible/install_ansible.sh \
+                  /ubuntu/install/terraform/install_terraform.sh \
+                  /ubuntu/install/telegram/install_telegram.sh \
+                  /ubuntu/install/thunderbird/install_thunderbird.sh \
+                  /ubuntu/install/gamepad_utils/install_gamepad_utils.sh \
+                  /ubuntu/install/vpn/install_vpn.sh \
+                  /ubuntu/install/cleanup/cleanup.sh"
+
+# Copy install scripts
+COPY ./src/ $INST_DIR
+
+# Run installations
+RUN \
+  for SCRIPT in $INST_SCRIPTS; do \
+    bash ${INST_DIR}${SCRIPT}; \
+  done && \
+  $STARTUPDIR/set_user_permission.sh $HOME && \
+  rm -f /etc/X11/xinit/Xclients && \
+  chown 1000:0 $HOME && \
+  mkdir -p /home/kasm-user && \
+  chown -R 1000:0 /home/kasm-user && \
+  rm -Rf ${INST_DIR}
+
+# Userspace Runtime
+ENV HOME /home/kasm-user
+WORKDIR $HOME
+USER 1000
+
+CMD ["--tail-log"]
+
diff --git a/docs/ubuntu-focal-desktop-vpn/README.md b/docs/ubuntu-focal-desktop-vpn/README.md
new file mode 100644
index 0000000..f5f6c90
--- /dev/null
+++ b/docs/ubuntu-focal-desktop-vpn/README.md
@@ -0,0 +1,7 @@
+# About This Image
+
+This Image contains a browser-accessible Ubuntu Focal Desktop with various productivity, development, and VPN  apps installed.
+
+![Screenshot][Image_Screenshot]
+
+[Image_Screenshot]: https://f.hubspotusercontent30.net/hubfs/5856039/dockerhub/image-screenshots/ubuntu-focal-desktop.png "Image Screenshot"
diff --git a/docs/ubuntu-focal-desktop-vpn/demo.txt b/docs/ubuntu-focal-desktop-vpn/demo.txt
new file mode 100644
index 0000000..5f8e2fd
--- /dev/null
+++ b/docs/ubuntu-focal-desktop-vpn/demo.txt
@@ -0,0 +1,9 @@
+# Live Demo
+
+<a href="https://app.kasmweb.com/#/cast/5124887069" target="_blank"><img src="https://info.kasmweb.com/hubfs/dockerhub/GIFs/ubuntu-focal-desktop.gif" width="640" height="360"></a>
+
+**Launch a real-time demo in a new browser window:** <a href="https://app.kasmweb.com/#/cast/5124887069" target="_blank">Live Demo</a>.
+
+<a href="https://app.kasmweb.com/#/cast/5124887069" target="_blank"><img src="https://5856039.fs1.hubspotusercontent-na1.net/hub/5856039/hubfs/dockerhub/casting-buttons/UbuntuFocalDesktop.png" width="300" height="104"></a>
+
+&lowast;*Note: Demo is limited to 3 minutes and has upload/downloads restricted for security purposes.*
diff --git a/docs/ubuntu-focal-desktop-vpn/description.txt b/docs/ubuntu-focal-desktop-vpn/description.txt
new file mode 100644
index 0000000..f977b2a
--- /dev/null
+++ b/docs/ubuntu-focal-desktop-vpn/description.txt
@@ -0,0 +1 @@
+Ubuntu productivity desktop for Kasm Workspaces with tools for connecting to a VPN provider
diff --git a/src/ubuntu/install/vpn/install_vpn.sh b/src/ubuntu/install/vpn/install_vpn.sh
new file mode 100644
index 0000000..d954354
--- /dev/null
+++ b/src/ubuntu/install/vpn/install_vpn.sh
@@ -0,0 +1,94 @@
+#!/usr/bin/env bash
+set -ex
+
+# Install OpenVPN/Wireguard deps
+if [[ "${DISTRO}" == @(ubuntu|kali|debian|parrotos5) ]]; then
+  echo "resolvconf resolvconf/linkify-resolvconf boolean false" | debconf-set-selections
+  apt-get update
+  apt-get install -y --no-install-recommends \
+    openvpn \
+    resolvconf \
+    wireguard-tools \
+    zenity
+elif [ "${DISTRO}" == "alpine" ]; then
+  apk add --no-cache \
+    openresolv \
+    openvpn \
+    tailscale \
+    wireguard-tools \
+    zenity
+elif [[ "${DISTRO}" == @(oracle8|oracle9|rockylinux8|rockylinux9|almalinux8|almalinux9) ]] ; then
+  dnf install -y epel-release
+  dnf install -y \
+    openvpn \
+    wireguard-tools
+elif [[ "${DISTRO}" == @(centos|oracle7) ]]; then
+  yum install -y epel-release
+  yum install -y \
+    openvpn \
+    wireguard-tools \
+    zenity
+elif [[ "${DISTRO}" == @(fedora37|fedora38) ]] ; then
+  dnf install -y \
+    openresolv \
+    openvpn \
+    wireguard-tools \
+    zenity
+elif [ "${DISTRO}" == "opensuse" ]; then
+  zypper install -y \
+    openresolv \
+    openvpn \
+    wireguard-tools \
+    zenity
+fi
+
+# Install tailscale
+FLAVOR=$(cat /etc/os-release | awk -F'=' '/^VERSION_CODENAME=/ {print $2}' | sed 's/""//g')
+ID=$(cat /etc/os-release | awk -F'=' '/^ID=/ {print $2}')
+VERSION=$(cat /etc/os-release | awk -F'"' '/^VERSION_ID=/ {print $2}')
+VERSION2=$(cat /etc/os-release | awk -F'=' '/^VERSION_ID=/ {print $2}')
+if [[ "${FLAVOR}" ]]; then
+  if [[ "${FLAVOR}" == "bionic" ]]; then
+    curl -fsSL https://pkgs.tailscale.com/stable/${ID}/${FLAVOR}.asc | apt-key add -
+    curl -fsSL https://pkgs.tailscale.com/stable/${ID}/${FLAVOR}.list | tee /etc/apt/sources.list.d/tailscale.list
+    apt-get update 
+    apt-get install -y --no-install-recommends tailscale
+  else
+    FLAVOR=$(echo ${FLAVOR} | sed -e 's/ara/sid/g' -e 's/kali-rolling/sid/g')
+    ID=$(echo ${ID} | sed -e 's/kali/debian/g' -e 's/parrot/debian/g')
+    mkdir -p --mode=0755 /usr/share/keyrings
+    curl -fsSL https://pkgs.tailscale.com/stable/${ID}/${FLAVOR}.noarmor.gpg | tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null
+    curl -fsSL https://pkgs.tailscale.com/stable/${ID}/${FLAVOR}.tailscale-keyring.list | tee /etc/apt/sources.list.d/tailscale.list
+    apt-get update
+    apt-get install -y --no-install-recommends tailscale
+  fi
+else
+  if [[ "${VERSION}" == "7" ]] || [[ "${VERSION}" = "7*" ]]; then
+    yum install -y yum-utils
+    yum-config-manager --add-repo https://pkgs.tailscale.com/stable/centos/7/tailscale.repo
+    yum install -y tailscale
+  elif [[ "${VERSION}" == "8" ]] || [[ "${VERSION}" = "8*" ]]; then
+    dnf install -y 'dnf-command(config-manager)'
+    dnf config-manager --add-repo https://pkgs.tailscale.com/stable/centos/8/tailscale.repo
+    dnf install -y tailscale
+  elif [[ "${VERSION}" == "9" ]] || [[ "${VERSION}" = "9*" ]]; then
+    dnf install -y 'dnf-command(config-manager)'
+    dnf config-manager --add-repo https://pkgs.tailscale.com/stable/centos/9/tailscale.repo
+    dnf install -y tailscale
+  elif [[ "${ID}" == "fedora" ]]; then
+    dnf install -y 'dnf-command(config-manager)'
+    dnf config-manager --add-repo https://pkgs.tailscale.com/stable/fedora/${VERSION2}/tailscale.repo
+    dnf install -y tailscale
+  elif [[ "${ID}" == "\"opensuse-leap\"" ]]; then
+    zypper ar -g -r https://pkgs.tailscale.com/stable/opensuse/leap/15.5/tailscale.repo
+    zypper --gpg-auto-import-keys ref
+    zypper install -ny tailscale
+  fi
+fi
+
+# Tweaks to wg-up
+sed -i '/cmd sysctl -q/d' $(which wg-quick)
+
+# Copy startup script
+cp ${INST_DIR}/ubuntu/install/vpn/start_vpn.sh /
+chmod +x /start_vpn.sh
diff --git a/src/ubuntu/install/vpn/start_vpn.sh b/src/ubuntu/install/vpn/start_vpn.sh
new file mode 100644
index 0000000..2b6eeae
--- /dev/null
+++ b/src/ubuntu/install/vpn/start_vpn.sh
@@ -0,0 +1,90 @@
+#!/usr/bin/env bash
+
+set -ex
+
+# Logging and trap
+LOGFILE="/vpn_start.log"
+function notify_err() {
+  zenity --error --text="An error has occurred configuring the VPN please review the log at ${LOGFILE}"
+}
+function cleanup_log() {
+  rm -f ${LOGFILE}
+}
+trap notify_err ERR
+exec &> >(tee ${LOGFILE})
+
+# If user input is needed for openvpn
+function get_set_creds() {
+  CREDENTIALS=$(zenity --forms --title="VPN credentials" --text="Enter your VPN auth credentials" --add-entry="Username" --add-password="Password" --separator ",,,,,,")
+  USER=$(awk -F',,,,,,' '{print $1}' <<<$CREDENTIALS)
+  PASS=$(awk -F',,,,,,' '{print $2}' <<<$CREDENTIALS)
+  echo ${USER} > /home/kasm-user/vpn_credentials
+  echo ${PASS} >> /home/kasm-user/vpn_credentials
+  chown kasm-user:kasm-user /home/kasm-user/vpn_credentials
+  cp ${VPN_CONFIG} /home/kasm-user/vpn.ovpn
+  chown kasm-user:kasm-user /home/kasm-user/vpn.ovpn
+  sed -i "s#auth-user-pass#auth-user-pass /home/kasm-user/vpn_credentials#g" /home/kasm-user/vpn.ovpn
+  VPN_CONFIG=/home/kasm-user/vpn.ovpn
+}
+
+# Start VPN based on content
+if [ ! -z ${VPN_CONFIG+x} ]; then
+  if [ "${VPN_CONFIG: -4}" == "conf" ]; then
+    echo "wireguard config detected checking for support"
+    if ip link add dev test type wireguard; then
+      echo "wireguard kernel module is present on this host continuing"
+      ip link del dev test
+    else
+      zenity --error --text="wireguard kernel module is not present on this host and a wireguard config was passed will not continue"
+      echo "wireguard kernel module is not present on this host and a wireguard config was passed will not continue"
+      exit 1
+    fi
+    wg-quick up ${VPN_CONFIG}
+  fi
+  if [ "${VPN_CONFIG: -4}" == "ovpn" ]; then
+    # Check if we need user credentials
+    if grep -x auth-user-pass ${VPN_CONFIG}; then
+      get_set_creds
+    fi
+    # Create tun device
+    if [ ! -c /dev/net/tun ]; then
+      mkdir -p /dev/net
+      mknod /dev/net/tun c 10 200
+    fi
+    if which resolvconf; then
+      openvpn --pull-filter ignore route-ipv6 --pull-filter ignore ifconfig-ipv6 --config "${VPN_CONFIG}" &
+      sleep 10
+      if ! pgrep openvpn; then
+        zenity --error --text="An error has occurred starting the VPN please review the log at ${LOGFILE}"
+	echo "An error has occurred starting the VPN please review the log at ${LOGFILE}"
+	exit 1
+      fi  
+    else
+      zenity --error --text="Resolvconf is not found on this system this container is not compatible with wireguard"
+      echo "Resolvconf is not found on this system this container is not compatible with wireguard"
+      exit 1
+    fi
+  fi
+  if [ "${VPN_CONFIG:0:5}" == "tskey" ]; then
+    # Create tun device
+    if [ ! -c /dev/net/tun ]; then
+      mkdir -p /dev/net
+      mknod /dev/net/tun c 10 200
+    fi
+    tailscaled &
+    sleep 2
+    tailscale up --authkey=${VPN_CONFIG} 
+  fi
+else
+  zenity --error --text="VPN_CONFIG is not defined there is no tunnel to start"
+  echo "VPN_CONFIG is not defined there is no tunnel to start"
+  exit 1
+fi
+
+# Log success
+zenity \
+  --info \
+  --title "VPN configured" \
+  --text "VPN connected!"
+echo "VPN started using the config file ${VPN_CONFIG}"
+cleanup_log