mirror of
https://github.com/kasmtech/workspaces-images.git
synced 2024-11-21 23:53:10 +01:00
KASM-4867 add new focal based vpn image
This commit is contained in:
parent
4512d5ee3e
commit
c4114c453e
@ -177,6 +177,32 @@ multiImages:
|
|||||||
- src/ubuntu/install/chromium/**
|
- src/ubuntu/install/chromium/**
|
||||||
- src/ubuntu/install/ansible/**
|
- src/ubuntu/install/ansible/**
|
||||||
- src/ubuntu/install/chrome/**
|
- src/ubuntu/install/chrome/**
|
||||||
|
- name: ubuntu-focal-desktop-vpn
|
||||||
|
base: core-ubuntu-focal
|
||||||
|
dockerfile: dockerfile-kasm-ubuntu-focal-desktop-vpn
|
||||||
|
changeFiles:
|
||||||
|
- dockerfile-kasm-ubuntu-focal-desktop
|
||||||
|
- src/ubuntu/install/zoom/**
|
||||||
|
- src/ubuntu/install/vs_code/**
|
||||||
|
- src/ubuntu/install/tools/**
|
||||||
|
- src/ubuntu/install/thunderbird/**
|
||||||
|
- src/ubuntu/install/terraform/**
|
||||||
|
- src/ubuntu/install/telegram/**
|
||||||
|
- src/ubuntu/install/sublime_text/**
|
||||||
|
- src/ubuntu/install/signal/**
|
||||||
|
- src/ubuntu/install/remmina/**
|
||||||
|
- src/ubuntu/install/only_office/**
|
||||||
|
- src/ubuntu/install/obs/**
|
||||||
|
- src/ubuntu/install/nextcloud/**
|
||||||
|
- src/ubuntu/install/misc/**
|
||||||
|
- src/ubuntu/install/gimp/**
|
||||||
|
- src/ubuntu/install/gamepad_utils/**
|
||||||
|
- src/ubuntu/install/firefox/**
|
||||||
|
- src/ubuntu/install/cleanup/**
|
||||||
|
- src/ubuntu/install/chromium/**
|
||||||
|
- src/ubuntu/install/ansible/**
|
||||||
|
- src/ubuntu/install/chrome/**
|
||||||
|
- src/ubuntu/install/vpn/**
|
||||||
- name: ubuntu-jammy-desktop
|
- name: ubuntu-jammy-desktop
|
||||||
base: core-ubuntu-jammy
|
base: core-ubuntu-jammy
|
||||||
dockerfile: dockerfile-kasm-ubuntu-jammy-desktop
|
dockerfile: dockerfile-kasm-ubuntu-jammy-desktop
|
||||||
|
60
dockerfile-kasm-ubuntu-focal-desktop-vpn
Normal file
60
dockerfile-kasm-ubuntu-focal-desktop-vpn
Normal file
@ -0,0 +1,60 @@
|
|||||||
|
ARG BASE_TAG="develop"
|
||||||
|
ARG BASE_IMAGE="core-ubuntu-focal"
|
||||||
|
FROM kasmweb/$BASE_IMAGE:$BASE_TAG
|
||||||
|
|
||||||
|
USER root
|
||||||
|
|
||||||
|
ENV HOME /home/kasm-default-profile
|
||||||
|
ENV STARTUPDIR /dockerstartup
|
||||||
|
WORKDIR $HOME
|
||||||
|
|
||||||
|
### Envrionment config
|
||||||
|
ENV DEBIAN_FRONTEND=noninteractive \
|
||||||
|
SKIP_CLEAN=true \
|
||||||
|
KASM_RX_HOME=$STARTUPDIR/kasmrx \
|
||||||
|
DONT_PROMPT_WSL_INSTALL="No_Prompt_please" \
|
||||||
|
INST_DIR=$STARTUPDIR/install \
|
||||||
|
INST_SCRIPTS="/ubuntu/install/tools/install_tools_deluxe.sh \
|
||||||
|
/ubuntu/install/misc/install_tools.sh \
|
||||||
|
/ubuntu/install/chrome/install_chrome.sh \
|
||||||
|
/ubuntu/install/chromium/install_chromium.sh \
|
||||||
|
/ubuntu/install/firefox/install_firefox.sh \
|
||||||
|
/ubuntu/install/sublime_text/install_sublime_text.sh \
|
||||||
|
/ubuntu/install/vs_code/install_vs_code.sh \
|
||||||
|
/ubuntu/install/nextcloud/install_nextcloud.sh \
|
||||||
|
/ubuntu/install/remmina/install_remmina.sh \
|
||||||
|
/ubuntu/install/only_office/install_only_office.sh \
|
||||||
|
/ubuntu/install/signal/install_signal.sh \
|
||||||
|
/ubuntu/install/gimp/install_gimp.sh \
|
||||||
|
/ubuntu/install/zoom/install_zoom.sh \
|
||||||
|
/ubuntu/install/obs/install_obs.sh \
|
||||||
|
/ubuntu/install/ansible/install_ansible.sh \
|
||||||
|
/ubuntu/install/terraform/install_terraform.sh \
|
||||||
|
/ubuntu/install/telegram/install_telegram.sh \
|
||||||
|
/ubuntu/install/thunderbird/install_thunderbird.sh \
|
||||||
|
/ubuntu/install/gamepad_utils/install_gamepad_utils.sh \
|
||||||
|
/ubuntu/install/vpn/install_vpn.sh \
|
||||||
|
/ubuntu/install/cleanup/cleanup.sh"
|
||||||
|
|
||||||
|
# Copy install scripts
|
||||||
|
COPY ./src/ $INST_DIR
|
||||||
|
|
||||||
|
# Run installations
|
||||||
|
RUN \
|
||||||
|
for SCRIPT in $INST_SCRIPTS; do \
|
||||||
|
bash ${INST_DIR}${SCRIPT}; \
|
||||||
|
done && \
|
||||||
|
$STARTUPDIR/set_user_permission.sh $HOME && \
|
||||||
|
rm -f /etc/X11/xinit/Xclients && \
|
||||||
|
chown 1000:0 $HOME && \
|
||||||
|
mkdir -p /home/kasm-user && \
|
||||||
|
chown -R 1000:0 /home/kasm-user && \
|
||||||
|
rm -Rf ${INST_DIR}
|
||||||
|
|
||||||
|
# Userspace Runtime
|
||||||
|
ENV HOME /home/kasm-user
|
||||||
|
WORKDIR $HOME
|
||||||
|
USER 1000
|
||||||
|
|
||||||
|
CMD ["--tail-log"]
|
||||||
|
|
7
docs/ubuntu-focal-desktop-vpn/README.md
Normal file
7
docs/ubuntu-focal-desktop-vpn/README.md
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
# About This Image
|
||||||
|
|
||||||
|
This Image contains a browser-accessible Ubuntu Focal Desktop with various productivity, development, and VPN apps installed.
|
||||||
|
|
||||||
|
![Screenshot][Image_Screenshot]
|
||||||
|
|
||||||
|
[Image_Screenshot]: https://f.hubspotusercontent30.net/hubfs/5856039/dockerhub/image-screenshots/ubuntu-focal-desktop.png "Image Screenshot"
|
9
docs/ubuntu-focal-desktop-vpn/demo.txt
Normal file
9
docs/ubuntu-focal-desktop-vpn/demo.txt
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
# Live Demo
|
||||||
|
|
||||||
|
<a href="https://app.kasmweb.com/#/cast/5124887069" target="_blank"><img src="https://info.kasmweb.com/hubfs/dockerhub/GIFs/ubuntu-focal-desktop.gif" width="640" height="360"></a>
|
||||||
|
|
||||||
|
**Launch a real-time demo in a new browser window:** <a href="https://app.kasmweb.com/#/cast/5124887069" target="_blank">Live Demo</a>.
|
||||||
|
|
||||||
|
<a href="https://app.kasmweb.com/#/cast/5124887069" target="_blank"><img src="https://5856039.fs1.hubspotusercontent-na1.net/hub/5856039/hubfs/dockerhub/casting-buttons/UbuntuFocalDesktop.png" width="300" height="104"></a>
|
||||||
|
|
||||||
|
∗*Note: Demo is limited to 3 minutes and has upload/downloads restricted for security purposes.*
|
1
docs/ubuntu-focal-desktop-vpn/description.txt
Normal file
1
docs/ubuntu-focal-desktop-vpn/description.txt
Normal file
@ -0,0 +1 @@
|
|||||||
|
Ubuntu productivity desktop for Kasm Workspaces with tools for connecting to a VPN provider
|
94
src/ubuntu/install/vpn/install_vpn.sh
Normal file
94
src/ubuntu/install/vpn/install_vpn.sh
Normal file
@ -0,0 +1,94 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
set -ex
|
||||||
|
|
||||||
|
# Install OpenVPN/Wireguard deps
|
||||||
|
if [[ "${DISTRO}" == @(ubuntu|kali|debian|parrotos5) ]]; then
|
||||||
|
echo "resolvconf resolvconf/linkify-resolvconf boolean false" | debconf-set-selections
|
||||||
|
apt-get update
|
||||||
|
apt-get install -y --no-install-recommends \
|
||||||
|
openvpn \
|
||||||
|
resolvconf \
|
||||||
|
wireguard-tools \
|
||||||
|
zenity
|
||||||
|
elif [ "${DISTRO}" == "alpine" ]; then
|
||||||
|
apk add --no-cache \
|
||||||
|
openresolv \
|
||||||
|
openvpn \
|
||||||
|
tailscale \
|
||||||
|
wireguard-tools \
|
||||||
|
zenity
|
||||||
|
elif [[ "${DISTRO}" == @(oracle8|oracle9|rockylinux8|rockylinux9|almalinux8|almalinux9) ]] ; then
|
||||||
|
dnf install -y epel-release
|
||||||
|
dnf install -y \
|
||||||
|
openvpn \
|
||||||
|
wireguard-tools
|
||||||
|
elif [[ "${DISTRO}" == @(centos|oracle7) ]]; then
|
||||||
|
yum install -y epel-release
|
||||||
|
yum install -y \
|
||||||
|
openvpn \
|
||||||
|
wireguard-tools \
|
||||||
|
zenity
|
||||||
|
elif [[ "${DISTRO}" == @(fedora37|fedora38) ]] ; then
|
||||||
|
dnf install -y \
|
||||||
|
openresolv \
|
||||||
|
openvpn \
|
||||||
|
wireguard-tools \
|
||||||
|
zenity
|
||||||
|
elif [ "${DISTRO}" == "opensuse" ]; then
|
||||||
|
zypper install -y \
|
||||||
|
openresolv \
|
||||||
|
openvpn \
|
||||||
|
wireguard-tools \
|
||||||
|
zenity
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Install tailscale
|
||||||
|
FLAVOR=$(cat /etc/os-release | awk -F'=' '/^VERSION_CODENAME=/ {print $2}' | sed 's/""//g')
|
||||||
|
ID=$(cat /etc/os-release | awk -F'=' '/^ID=/ {print $2}')
|
||||||
|
VERSION=$(cat /etc/os-release | awk -F'"' '/^VERSION_ID=/ {print $2}')
|
||||||
|
VERSION2=$(cat /etc/os-release | awk -F'=' '/^VERSION_ID=/ {print $2}')
|
||||||
|
if [[ "${FLAVOR}" ]]; then
|
||||||
|
if [[ "${FLAVOR}" == "bionic" ]]; then
|
||||||
|
curl -fsSL https://pkgs.tailscale.com/stable/${ID}/${FLAVOR}.asc | apt-key add -
|
||||||
|
curl -fsSL https://pkgs.tailscale.com/stable/${ID}/${FLAVOR}.list | tee /etc/apt/sources.list.d/tailscale.list
|
||||||
|
apt-get update
|
||||||
|
apt-get install -y --no-install-recommends tailscale
|
||||||
|
else
|
||||||
|
FLAVOR=$(echo ${FLAVOR} | sed -e 's/ara/sid/g' -e 's/kali-rolling/sid/g')
|
||||||
|
ID=$(echo ${ID} | sed -e 's/kali/debian/g' -e 's/parrot/debian/g')
|
||||||
|
mkdir -p --mode=0755 /usr/share/keyrings
|
||||||
|
curl -fsSL https://pkgs.tailscale.com/stable/${ID}/${FLAVOR}.noarmor.gpg | tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null
|
||||||
|
curl -fsSL https://pkgs.tailscale.com/stable/${ID}/${FLAVOR}.tailscale-keyring.list | tee /etc/apt/sources.list.d/tailscale.list
|
||||||
|
apt-get update
|
||||||
|
apt-get install -y --no-install-recommends tailscale
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
if [[ "${VERSION}" == "7" ]] || [[ "${VERSION}" = "7*" ]]; then
|
||||||
|
yum install -y yum-utils
|
||||||
|
yum-config-manager --add-repo https://pkgs.tailscale.com/stable/centos/7/tailscale.repo
|
||||||
|
yum install -y tailscale
|
||||||
|
elif [[ "${VERSION}" == "8" ]] || [[ "${VERSION}" = "8*" ]]; then
|
||||||
|
dnf install -y 'dnf-command(config-manager)'
|
||||||
|
dnf config-manager --add-repo https://pkgs.tailscale.com/stable/centos/8/tailscale.repo
|
||||||
|
dnf install -y tailscale
|
||||||
|
elif [[ "${VERSION}" == "9" ]] || [[ "${VERSION}" = "9*" ]]; then
|
||||||
|
dnf install -y 'dnf-command(config-manager)'
|
||||||
|
dnf config-manager --add-repo https://pkgs.tailscale.com/stable/centos/9/tailscale.repo
|
||||||
|
dnf install -y tailscale
|
||||||
|
elif [[ "${ID}" == "fedora" ]]; then
|
||||||
|
dnf install -y 'dnf-command(config-manager)'
|
||||||
|
dnf config-manager --add-repo https://pkgs.tailscale.com/stable/fedora/${VERSION2}/tailscale.repo
|
||||||
|
dnf install -y tailscale
|
||||||
|
elif [[ "${ID}" == "\"opensuse-leap\"" ]]; then
|
||||||
|
zypper ar -g -r https://pkgs.tailscale.com/stable/opensuse/leap/15.5/tailscale.repo
|
||||||
|
zypper --gpg-auto-import-keys ref
|
||||||
|
zypper install -ny tailscale
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Tweaks to wg-up
|
||||||
|
sed -i '/cmd sysctl -q/d' $(which wg-quick)
|
||||||
|
|
||||||
|
# Copy startup script
|
||||||
|
cp ${INST_DIR}/ubuntu/install/vpn/start_vpn.sh /
|
||||||
|
chmod +x /start_vpn.sh
|
90
src/ubuntu/install/vpn/start_vpn.sh
Normal file
90
src/ubuntu/install/vpn/start_vpn.sh
Normal file
@ -0,0 +1,90 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
set -ex
|
||||||
|
|
||||||
|
# Logging and trap
|
||||||
|
LOGFILE="/vpn_start.log"
|
||||||
|
function notify_err() {
|
||||||
|
zenity --error --text="An error has occurred configuring the VPN please review the log at ${LOGFILE}"
|
||||||
|
}
|
||||||
|
function cleanup_log() {
|
||||||
|
rm -f ${LOGFILE}
|
||||||
|
}
|
||||||
|
trap notify_err ERR
|
||||||
|
exec &> >(tee ${LOGFILE})
|
||||||
|
|
||||||
|
# If user input is needed for openvpn
|
||||||
|
function get_set_creds() {
|
||||||
|
CREDENTIALS=$(zenity --forms --title="VPN credentials" --text="Enter your VPN auth credentials" --add-entry="Username" --add-password="Password" --separator ",,,,,,")
|
||||||
|
USER=$(awk -F',,,,,,' '{print $1}' <<<$CREDENTIALS)
|
||||||
|
PASS=$(awk -F',,,,,,' '{print $2}' <<<$CREDENTIALS)
|
||||||
|
echo ${USER} > /home/kasm-user/vpn_credentials
|
||||||
|
echo ${PASS} >> /home/kasm-user/vpn_credentials
|
||||||
|
chown kasm-user:kasm-user /home/kasm-user/vpn_credentials
|
||||||
|
cp ${VPN_CONFIG} /home/kasm-user/vpn.ovpn
|
||||||
|
chown kasm-user:kasm-user /home/kasm-user/vpn.ovpn
|
||||||
|
sed -i "s#auth-user-pass#auth-user-pass /home/kasm-user/vpn_credentials#g" /home/kasm-user/vpn.ovpn
|
||||||
|
VPN_CONFIG=/home/kasm-user/vpn.ovpn
|
||||||
|
}
|
||||||
|
|
||||||
|
# Start VPN based on content
|
||||||
|
if [ ! -z ${VPN_CONFIG+x} ]; then
|
||||||
|
if [ "${VPN_CONFIG: -4}" == "conf" ]; then
|
||||||
|
echo "wireguard config detected checking for support"
|
||||||
|
if ip link add dev test type wireguard; then
|
||||||
|
echo "wireguard kernel module is present on this host continuing"
|
||||||
|
ip link del dev test
|
||||||
|
else
|
||||||
|
zenity --error --text="wireguard kernel module is not present on this host and a wireguard config was passed will not continue"
|
||||||
|
echo "wireguard kernel module is not present on this host and a wireguard config was passed will not continue"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
wg-quick up ${VPN_CONFIG}
|
||||||
|
fi
|
||||||
|
if [ "${VPN_CONFIG: -4}" == "ovpn" ]; then
|
||||||
|
# Check if we need user credentials
|
||||||
|
if grep -x auth-user-pass ${VPN_CONFIG}; then
|
||||||
|
get_set_creds
|
||||||
|
fi
|
||||||
|
# Create tun device
|
||||||
|
if [ ! -c /dev/net/tun ]; then
|
||||||
|
mkdir -p /dev/net
|
||||||
|
mknod /dev/net/tun c 10 200
|
||||||
|
fi
|
||||||
|
if which resolvconf; then
|
||||||
|
openvpn --pull-filter ignore route-ipv6 --pull-filter ignore ifconfig-ipv6 --config "${VPN_CONFIG}" &
|
||||||
|
sleep 10
|
||||||
|
if ! pgrep openvpn; then
|
||||||
|
zenity --error --text="An error has occurred starting the VPN please review the log at ${LOGFILE}"
|
||||||
|
echo "An error has occurred starting the VPN please review the log at ${LOGFILE}"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
zenity --error --text="Resolvconf is not found on this system this container is not compatible with wireguard"
|
||||||
|
echo "Resolvconf is not found on this system this container is not compatible with wireguard"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
if [ "${VPN_CONFIG:0:5}" == "tskey" ]; then
|
||||||
|
# Create tun device
|
||||||
|
if [ ! -c /dev/net/tun ]; then
|
||||||
|
mkdir -p /dev/net
|
||||||
|
mknod /dev/net/tun c 10 200
|
||||||
|
fi
|
||||||
|
tailscaled &
|
||||||
|
sleep 2
|
||||||
|
tailscale up --authkey=${VPN_CONFIG}
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
zenity --error --text="VPN_CONFIG is not defined there is no tunnel to start"
|
||||||
|
echo "VPN_CONFIG is not defined there is no tunnel to start"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Log success
|
||||||
|
zenity \
|
||||||
|
--info \
|
||||||
|
--title "VPN configured" \
|
||||||
|
--text "VPN connected!"
|
||||||
|
echo "VPN started using the config file ${VPN_CONFIG}"
|
||||||
|
cleanup_log
|
Loading…
Reference in New Issue
Block a user