jesus/provisioning
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: add current provisioning state before migration

Browse source
This commit is contained in:
Jesús Pérez 2025-09-22 23:11:41 +01:00
parent a9703b4748
commit 50745b0f22
660 changed files with 88126 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

63
taskservs/desktop/default/desktop-apps.conf.j2 Normal file
View file

@ -0,0 +1,63 @@
# Desktop Applications Configuration
# Generated for {{ desktop.name }} - {{ desktop.desktop_env.type | upper }} Desktop
[applications]
# Editor Applications
{% for editor in desktop.applications.editors %}
{{ editor }}_enabled = true
{% endfor %}
# Browser Applications
{% for browser in desktop.applications.browsers %}
{{ browser }}_enabled = true
{% endfor %}
# Terminal Applications
{% for terminal in desktop.applications.terminals %}
{{ terminal }}_enabled = true
{% endfor %}
# Development Tools
{% for dev_tool in desktop.applications.development %}
{{ dev_tool | replace('-', '_') }}_enabled = true
{% endfor %}
# Media Applications
{% for media_app in desktop.applications.media %}
{{ media_app }}_enabled = true
{% endfor %}
# Office Applications
{% for office_app in desktop.applications.office %}
{{ office_app }}_enabled = true
{% endfor %}
# Utility Applications
{% for utility in desktop.applications.utilities %}
{{ utility }}_enabled = true
{% endfor %}
[desktop_environment]
type = "{{ desktop.desktop_env.type }}"
display_manager = "{{ desktop.desktop_env.display_manager }}"
resolution = "{{ desktop.desktop_env.resolution }}"
{% if desktop.desktop_env.theme %}
theme = "{{ desktop.desktop_env.theme }}"
{% endif %}
[user_settings]
username = "{{ desktop.run_user.name }}"
home_directory = "{{ desktop.run_user.home }}"
shell = "{{ desktop.run_user.shell }}"
auto_login = {{ desktop.auto_login | lower }}
[vnc_settings]
enabled = {{ desktop.vnc.enabled | lower }}
port = {{ desktop.vnc.port }}
geometry = "{{ desktop.vnc.geometry }}"
depth = {{ desktop.vnc.depth }}
[graphics]
driver = "{{ desktop.graphics.driver }}"
acceleration = {{ desktop.graphics.acceleration | lower }}
compositing = {{ desktop.graphics.compositing | lower }}

53
taskservs/desktop/default/env-desktop.j2 Normal file
View file

@ -0,0 +1,53 @@
# Desktop Environment Variables
DESKTOP_USER={{ desktop.run_user.name }}
DESKTOP_HOME={{ desktop.run_user.home }}
DESKTOP_TYPE={{ desktop.desktop_env.type }}
DISPLAY_MANAGER={{ desktop.desktop_env.display_manager }}
DESKTOP_RESOLUTION={{ desktop.desktop_env.resolution }}
# VNC Configuration
VNC_ENABLED={{ desktop.vnc.enabled | lower }}
VNC_PORT={{ desktop.vnc.port }}
VNC_GEOMETRY={{ desktop.vnc.geometry }}
VNC_DEPTH={{ desktop.vnc.depth }}
{% if desktop.vnc.password %}VNC_PASSWORD={{ desktop.vnc.password }}{% endif %}
# Graphics Configuration
GRAPHICS_DRIVER={{ desktop.graphics.driver }}
GRAPHICS_ACCELERATION={{ desktop.graphics.acceleration | lower }}
GRAPHICS_COMPOSITING={{ desktop.graphics.compositing | lower }}
# Applications Lists
EDITORS="{{ desktop.applications.editors | join(' ') }}"
BROWSERS="{{ desktop.applications.browsers | join(' ') }}"
TERMINALS="{{ desktop.applications.terminals | join(' ') }}"
DEVELOPMENT="{{ desktop.applications.development | join(' ') }}"
MEDIA="{{ desktop.applications.media | join(' ') }}"
OFFICE="{{ desktop.applications.office | join(' ') }}"
UTILITIES="{{ desktop.applications.utilities | join(' ') }}"
# RustDesk Configuration
RUSTDESK_ENABLED={{ desktop.rustdesk.enabled | lower }}
RUSTDESK_PORT={{ desktop.rustdesk.port }}
RUSTDESK_HBBR_PORT={{ desktop.rustdesk.hbbr_port }}
{% if desktop.rustdesk.custom_server %}RUSTDESK_CUSTOM_SERVER={{ desktop.rustdesk.custom_server }}{% endif %}
{% if desktop.rustdesk.password %}RUSTDESK_PASSWORD={{ desktop.rustdesk.password }}{% endif %}
{% if desktop.rustdesk.permanent_password %}RUSTDESK_PERMANENT_PASSWORD={{ desktop.rustdesk.permanent_password }}{% endif %}
RUSTDESK_ALLOW_GUEST={{ desktop.rustdesk.allow_guest | upper }}
RUSTDESK_AUTO_START={{ desktop.rustdesk.auto_start | lower }}
# SSH Configuration
SSH_ENABLED={{ desktop.ssh.enabled | lower }}
SSH_PORT={{ desktop.ssh.port }}
SSH_PASSWORD_AUTH={{ desktop.ssh.password_auth | lower }}
SSH_KEY_AUTH={{ desktop.ssh.key_auth | lower }}
SSH_ROOT_LOGIN={{ desktop.ssh.root_login }}
SSH_MAX_AUTH_TRIES={{ desktop.ssh.max_auth_tries }}
SSH_CLIENT_ALIVE_INTERVAL={{ desktop.ssh.client_alive_interval }}
SSH_CLIENT_ALIVE_COUNT_MAX={{ desktop.ssh.client_alive_count_max }}
{% if desktop.ssh.allowed_users %}SSH_ALLOWED_USERS="{{ desktop.ssh.allowed_users | join(' ') }}"{% endif %}
{% if desktop.ssh.denied_users %}SSH_DENIED_USERS="{{ desktop.ssh.denied_users | join(' ') }}"{% endif %}
# System Configuration
AUTO_LOGIN={{ desktop.auto_login | lower }}
{% if desktop.startup_script %}STARTUP_SCRIPT={{ desktop.startup_script }}{% endif %}

363
taskservs/desktop/default/install-desktop.sh Executable file
View file

@ -0,0 +1,363 @@
#!/usr/bin/env bash
# Desktop Environment Installation Script
# Installs minimal desktop environment with essential applications
set -euo pipefail
# Load environment variables
source /tmp/env-desktop
log() {
echo "[$(date +'%Y-%m-%d %H:%M:%S')] $1"
}
error() {
echo "[$(date +'%Y-%m-%d %H:%M:%S')] ERROR: $1" >&2
exit 1
}
# Detect OS
detect_os() {
if [[ -f /etc/os-release ]]; then
. /etc/os-release
OS=$ID
VERSION=$VERSION_ID
else
error "Cannot detect OS"
fi
log "Detected OS: $OS $VERSION"
}
# Update system packages
update_system() {
log "Updating system packages..."
case $OS in
ubuntu|debian)
apt-get update -y
apt-get upgrade -y
;;
centos|rhel|fedora)
if command -v dnf >/dev/null 2>&1; then
dnf update -y
else
yum update -y
fi
;;
*)
error "Unsupported OS: $OS"
;;
esac
}
# Install desktop environment
install_desktop_environment() {
log "Installing $DESKTOP_TYPE desktop environment..."
case $OS in
ubuntu|debian)
case $DESKTOP_TYPE in
xfce)
apt-get install -y xfce4 xfce4-goodies
if [[ "$DISPLAY_MANAGER" == "lightdm" ]]; then
apt-get install -y lightdm lightdm-gtk-greeter
fi
;;
gnome)
apt-get install -y ubuntu-desktop-minimal
;;
kde)
apt-get install -y kde-plasma-desktop
;;
lxde)
apt-get install -y lxde
;;
mate)
apt-get install -y ubuntu-mate-desktop
;;
esac
;;
centos|rhel|fedora)
case $DESKTOP_TYPE in
xfce)
if command -v dnf >/dev/null 2>&1; then
dnf groupinstall -y "Xfce Desktop"
else
yum groupinstall -y "Xfce Desktop"
fi
;;
gnome)
if command -v dnf >/dev/null 2>&1; then
dnf groupinstall -y "GNOME Desktop Environment"
else
yum groupinstall -y "GNOME Desktop Environment"
fi
;;
esac
;;
esac
}
# Install VNC server
install_vnc_server() {
if [[ "$VNC_ENABLED" == "true" ]]; then
log "Installing VNC server..."
case $OS in
ubuntu|debian)
apt-get install -y tightvncserver
;;
centos|rhel|fedora)
if command -v dnf >/dev/null 2>&1; then
dnf install -y tigervnc-server
else
yum install -y tigervnc-server
fi
;;
esac
# Configure VNC for desktop user
setup_vnc_user
fi
}
# Setup VNC for desktop user
setup_vnc_user() {
log "Setting up VNC for user $DESKTOP_USER..."
# Create user if not exists
if ! id "$DESKTOP_USER" &>/dev/null; then
useradd -m -s /bin/bash "$DESKTOP_USER"
log "Created user $DESKTOP_USER"
fi
# Setup VNC directory
sudo -u "$DESKTOP_USER" mkdir -p "$DESKTOP_HOME/.vnc"
# Create VNC startup script
cat > "$DESKTOP_HOME/.vnc/xstartup" << EOF
#!/bin/bash
xrdb \$HOME/.Xresources
startxfce4 &
EOF
chmod +x "$DESKTOP_HOME/.vnc/xstartup"
chown "$DESKTOP_USER:$DESKTOP_USER" "$DESKTOP_HOME/.vnc/xstartup"
# Set VNC password if provided
if [[ -n "${VNC_PASSWORD:-}" ]]; then
echo "$VNC_PASSWORD" | sudo -u "$DESKTOP_USER" vncpasswd -f > "$DESKTOP_HOME/.vnc/passwd"
chmod 600 "$DESKTOP_HOME/.vnc/passwd"
chown "$DESKTOP_USER:$DESKTOP_USER" "$DESKTOP_HOME/.vnc/passwd"
fi
# Create VNC service
create_vnc_service
}
# Create VNC systemd service
create_vnc_service() {
log "Creating VNC systemd service..."
cat > "/etc/systemd/system/vncserver@.service" << EOF
[Unit]
Description=Start TightVNC server at startup
After=syslog.target network.target
[Service]
Type=forking
User=$DESKTOP_USER
Group=$DESKTOP_USER
WorkingDirectory=$DESKTOP_HOME
PIDFile=$DESKTOP_HOME/.vnc/%H:%i.pid
ExecStartPre=-/usr/bin/vncserver -kill :%i > /dev/null 2>&1
ExecStart=/usr/bin/vncserver -depth $VNC_DEPTH -geometry $VNC_GEOMETRY :%i
ExecStop=/usr/bin/vncserver -kill :%i
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable "vncserver@1.service"
log "VNC service created and enabled"
}
# Install applications
install_applications() {
log "Installing applications..."
case $OS in
ubuntu|debian)
# Install packages
local packages=""
# Editors
for editor in $EDITORS; do
case $editor in
zed)
# Install Zed editor
install_zed_editor
;;
*)
packages="$packages $editor"
;;
esac
done
# Add other application categories
packages="$packages $BROWSERS $TERMINALS $DEVELOPMENT $MEDIA $OFFICE $UTILITIES"
if [[ -n "$packages" ]]; then
apt-get install -y $packages
fi
;;
centos|rhel|fedora)
local packages="$BROWSERS $TERMINALS $DEVELOPMENT $MEDIA $OFFICE $UTILITIES"
# Install Zed if in editors list
if echo "$EDITORS" | grep -q "zed"; then
install_zed_editor
fi
# Remove zed from package list and add other editors
local filtered_editors=$(echo "$EDITORS" | sed 's/zed//g')
packages="$packages $filtered_editors"
if command -v dnf >/dev/null 2>&1; then
dnf install -y $packages
else
yum install -y $packages
fi
;;
esac
}
# Install Zed editor
install_zed_editor() {
log "Installing Zed editor..."
# Download and install Zed
case $(uname -m) in
x86_64)
curl -f https://zed.dev/install.sh | sh
;;
*)
log "Zed editor not available for $(uname -m) architecture, skipping..."
;;
esac
}
# Configure graphics
configure_graphics() {
log "Configuring graphics driver: $GRAPHICS_DRIVER"
case $OS in
ubuntu|debian)
case $GRAPHICS_DRIVER in
nvidia)
apt-get install -y nvidia-driver-470
;;
amd)
apt-get install -y mesa-vulkan-drivers xserver-xorg-video-amdgpu
;;
intel)
apt-get install -y mesa-vulkan-drivers xserver-xorg-video-intel
;;
nouveau)
apt-get install -y xserver-xorg-video-nouveau
;;
esac
;;
esac
}
# Setup auto-login if enabled
setup_auto_login() {
if [[ "$AUTO_LOGIN" == "true" ]]; then
log "Setting up auto-login for $DESKTOP_USER..."
case $DISPLAY_MANAGER in
lightdm)
sed -i "s/#autologin-user=/autologin-user=$DESKTOP_USER/" /etc/lightdm/lightdm.conf
sed -i "s/#autologin-user-timeout=0/autologin-user-timeout=0/" /etc/lightdm/lightdm.conf
;;
gdm)
cat > "/etc/gdm3/custom.conf" << EOF
[daemon]
AutomaticLoginEnable=true
AutomaticLogin=$DESKTOP_USER
EOF
;;
esac
fi
}
# Run remote access setup scripts
setup_remote_access() {
log "Setting up remote access services..."
# Run SSH setup if enabled
if [[ "${SSH_ENABLED:-true}" == "true" ]]; then
log "Running SSH setup..."
bash /tmp/ssh-setup.sh
fi
# Run RustDesk setup if enabled
if [[ "${RUSTDESK_ENABLED:-true}" == "true" ]]; then
log "Running RustDesk setup..."
bash /tmp/rustdesk-setup.sh
fi
# Run Zed setup
log "Running Zed editor setup..."
bash /tmp/zed-setup.sh
}
# Display connection summary
display_connection_summary() {
log ""
log "=== Desktop Environment Setup Complete ==="
log ""
log "Remote Access Options:"
if [[ "${VNC_ENABLED:-true}" == "true" ]]; then
log " VNC Server: Port $VNC_PORT"
log " Start with: systemctl start vncserver@1.service"
fi
if [[ "${RUSTDESK_ENABLED:-true}" == "true" ]]; then
log " RustDesk: Ports $RUSTDESK_PORT (main), $RUSTDESK_HBBR_PORT (hbbr)"
log " Get ID: sudo -u $DESKTOP_USER rustdesk --get-id"
fi
if [[ "${SSH_ENABLED:-true}" == "true" ]]; then
log " SSH Server: Port $SSH_PORT"
log " Connect: ssh $DESKTOP_USER@<server-ip> -p $SSH_PORT"
fi
log ""
log "Desktop Environment: $DESKTOP_TYPE"
log "Desktop User: $DESKTOP_USER"
log "Applications installed: Zed editor and standard desktop apps"
}
# Main installation function
main() {
log "Starting desktop environment installation..."
detect_os
update_system
install_desktop_environment
install_vnc_server
install_applications
configure_graphics
setup_auto_login
setup_remote_access
display_connection_summary
log "Desktop environment installation completed successfully!"
}
# Run main function
main "$@"

131
taskservs/desktop/default/prepare Executable file
View file

@ -0,0 +1,131 @@
#!/usr/bin/env bash
# Desktop taskserv preparation script
set -euo pipefail
log() {
echo "[$(date +'%Y-%m-%d %H:%M:%S')] PREPARE: $1"
}
# Create desktop user home directory structure
prepare_user_directories() {
local desktop_user="${DESKTOP_USER:-desktop}"
local desktop_home="${DESKTOP_HOME:-/home/$desktop_user}"
log "Preparing directories for user $desktop_user"
# Create standard user directories
mkdir -p "$desktop_home"/{Desktop,Documents,Downloads,Pictures,Videos,Music}
mkdir -p "$desktop_home"/.config
mkdir -p "$desktop_home"/.local/{bin,share}
# Set proper ownership if user exists
if id "$desktop_user" &>/dev/null; then
chown -R "$desktop_user:$desktop_user" "$desktop_home"
fi
}
# Download application assets
download_assets() {
log "Downloading application assets..."
# Create assets directory
mkdir -p /tmp/desktop-assets
# Download Zed editor GPG key for verification
if command -v curl >/dev/null 2>&1; then
curl -fsSL https://zed.dev/install.sh > /tmp/desktop-assets/zed-install.sh
chmod +x /tmp/desktop-assets/zed-install.sh
fi
}
# Prepare configuration templates
prepare_configs() {
log "Preparing configuration templates..."
# Create XFCE configuration template
mkdir -p /tmp/desktop-configs/xfce4
cat > /tmp/desktop-configs/xfce4/desktop.xml << 'EOF'
<?xml version="1.0" encoding="UTF-8"?>
<channel name="xfce4-desktop" version="1.0">
<property name="backdrop" type="empty">
<property name="screen0" type="empty">
<property name="monitor0" type="empty">
<property name="workspace0" type="empty">
<property name="color-style" type="int" value="0"/>
<property name="image-style" type="int" value="5"/>
<property name="last-image" type="string" value="/usr/share/pixmaps/xfce-blue.jpg"/>
</property>
</property>
</property>
</property>
</channel>
EOF
# Create application menu template
cat > /tmp/desktop-configs/applications.menu << 'EOF'
<!DOCTYPE Menu PUBLIC "-//freedesktop//DTD Menu 1.0//EN"
"http://www.freedesktop.org/standards/menu-spec/menu-1.0.dtd">
<Menu>
<Name>Applications</Name>
<Directory>X-GNOME-Menu-Applications.directory</Directory>
<Menu>
<Name>Development</Name>
<Directory>Development.directory</Directory>
<Include>
<Category>Development</Category>
</Include>
</Menu>
<Menu>
<Name>Graphics</Name>
<Directory>Graphics.directory</Directory>
<Include>
<Category>Graphics</Category>
</Include>
</Menu>
<Menu>
<Name>Internet</Name>
<Directory>Network.directory</Directory>
<Include>
<Category>Network</Category>
</Include>
</Menu>
<Menu>
<Name>Office</Name>
<Directory>Office.directory</Directory>
<Include>
<Category>Office</Category>
</Include>
</Menu>
<Menu>
<Name>System</Name>
<Directory>System-Tools.directory</Directory>
<Include>
<Category>System</Category>
</Include>
</Menu>
</Menu>
EOF
}
# Main preparation function
main() {
log "Starting desktop taskserv preparation..."
prepare_user_directories
download_assets
prepare_configs
log "Desktop taskserv preparation completed!"
}
# Run main function if script is executed directly
if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
main "$@"
fi

2
taskservs/desktop/default/provisioning.toml Normal file
View file

@ -0,0 +1,2 @@
info = "desktop"
release = "1.0"

281
taskservs/desktop/default/rustdesk-setup.sh Executable file
View file

@ -0,0 +1,281 @@
#!/usr/bin/env bash
# RustDesk Remote Desktop Setup Script
set -euo pipefail
# Load environment variables
source /tmp/env-desktop
log() {
echo "[$(date +'%Y-%m-%d %H:%M:%S')] RUSTDESK: $1"
}
error() {
echo "[$(date +'%Y-%m-%d %H:%M:%S')] RUSTDESK ERROR: $1" >&2
exit 1
}
# Detect OS and architecture
detect_system() {
if [[ -f /etc/os-release ]]; then
. /etc/os-release
OS=$ID
VERSION=$VERSION_ID
else
error "Cannot detect OS"
fi
ARCH=$(uname -m)
case $ARCH in
x86_64)
RUSTDESK_ARCH="x86_64"
;;
aarch64|arm64)
RUSTDESK_ARCH="aarch64"
;;
*)
error "Unsupported architecture: $ARCH"
;;
esac
log "Detected system: $OS $VERSION ($RUSTDESK_ARCH)"
}
# Download and install RustDesk
install_rustdesk() {
log "Installing RustDesk for $OS..."
local temp_dir="/tmp/rustdesk-install"
mkdir -p "$temp_dir"
cd "$temp_dir"
case $OS in
ubuntu|debian)
# Download RustDesk .deb package
local rustdesk_url="https://github.com/rustdesk/rustdesk/releases/latest/download/rustdesk-${RUSTDESK_ARCH}.deb"
log "Downloading RustDesk from $rustdesk_url"
curl -fsSL -o rustdesk.deb "$rustdesk_url" || error "Failed to download RustDesk"
# Install dependencies
apt-get update
apt-get install -y libgtk-3-0 libxcb-randr0 libxdo3 libxfixes3 libasound2-dev libsystemd0
# Install RustDesk
dpkg -i rustdesk.deb || apt-get install -f -y
;;
centos|rhel|fedora)
# Download RustDesk .rpm package
local rustdesk_url="https://github.com/rustdesk/rustdesk/releases/latest/download/rustdesk-${RUSTDESK_ARCH}.rpm"
log "Downloading RustDesk from $rustdesk_url"
curl -fsSL -o rustdesk.rpm "$rustdesk_url" || error "Failed to download RustDesk"
# Install dependencies
if command -v dnf >/dev/null 2>&1; then
dnf install -y gtk3 libxcb libXfixes alsa-lib systemd
dnf install -y rustdesk.rpm
else
yum install -y gtk3 libxcb libXfixes alsa-lib systemd
yum localinstall -y rustdesk.rpm
fi
;;
*)
error "Unsupported OS for RustDesk installation: $OS"
;;
esac
# Clean up
cd /
rm -rf "$temp_dir"
log "RustDesk installation completed"
}
# Configure RustDesk
configure_rustdesk() {
local desktop_user="${DESKTOP_USER:-desktop}"
local desktop_home="${DESKTOP_HOME:-/home/$desktop_user}"
log "Configuring RustDesk for user $desktop_user"
# Create RustDesk config directory
sudo -u "$desktop_user" mkdir -p "$desktop_home/.config/rustdesk"
# Create RustDesk configuration
local config_file="$desktop_home/.config/rustdesk/RustDesk2.toml"
cat > "$config_file" << EOF
[options]
custom-rendezvous-server = "${RUSTDESK_CUSTOM_SERVER:-}"
relay-server = "${RUSTDESK_CUSTOM_SERVER:-}"
api-server = "${RUSTDESK_CUSTOM_SERVER:-}"
key = ""
auto-disconnect-timeout = "10"
keep-screen-on = "Y"
wake-on-lan = "Y"
allow-guest-access = "${RUSTDESK_ALLOW_GUEST:-N}"
[ui]
hide-cm = ""
hide-connection-management = ""
hide-network-setting = ""
hide-password-setting = ""
hide-about-link = ""
hide-software-update = ""
[network]
rendezvous-server = "${RUSTDESK_CUSTOM_SERVER:-}"
nat-type = ""
serial = ""
[security]
access-mode = "custom"
EOF
# Set custom server if provided
if [[ -n "${RUSTDESK_CUSTOM_SERVER:-}" ]]; then
log "Using custom RustDesk server: $RUSTDESK_CUSTOM_SERVER"
fi
# Set permanent password if provided
if [[ -n "${RUSTDESK_PERMANENT_PASSWORD:-}" ]]; then
log "Setting permanent password for RustDesk"
# Note: RustDesk permanent password is set via GUI or command line
# This is a placeholder for the configuration
echo "permanent_password = \"$RUSTDESK_PERMANENT_PASSWORD\"" >> "$config_file"
fi
chown -R "$desktop_user:$desktop_user" "$desktop_home/.config/rustdesk"
log "RustDesk configuration created"
}
# Create RustDesk systemd service
create_rustdesk_service() {
local desktop_user="${DESKTOP_USER:-desktop}"
log "Creating RustDesk systemd service for user $desktop_user"
# Create systemd user service
local service_dir="/home/$desktop_user/.config/systemd/user"
mkdir -p "$service_dir"
cat > "$service_dir/rustdesk.service" << EOF
[Unit]
Description=RustDesk Remote Desktop
After=graphical-session.target
[Service]
Type=simple
ExecStart=/usr/bin/rustdesk --service
Restart=always
RestartSec=5
Environment=DISPLAY=:0
[Install]
WantedBy=default.target
EOF
chown -R "$desktop_user:$desktop_user" "/home/$desktop_user/.config/systemd"
# Enable user service
sudo -u "$desktop_user" systemctl --user daemon-reload
if [[ "${RUSTDESK_AUTO_START:-true}" == "true" ]]; then
sudo -u "$desktop_user" systemctl --user enable rustdesk.service
log "RustDesk service enabled for auto-start"
fi
log "RustDesk systemd service created"
}
# Setup RustDesk desktop shortcut
create_desktop_shortcut() {
local desktop_user="${DESKTOP_USER:-desktop}"
local desktop_home="${DESKTOP_HOME:-/home/$desktop_user}"
log "Creating RustDesk desktop shortcut"
cat > "$desktop_home/Desktop/rustdesk.desktop" << 'EOF'
[Desktop Entry]
Version=1.0
Type=Application
Name=RustDesk
Comment=Remote Desktop Software
Exec=rustdesk
Icon=rustdesk
Terminal=false
StartupNotify=true
Categories=Network;RemoteAccess;
Keywords=remote;desktop;vnc;connection;
EOF
chmod +x "$desktop_home/Desktop/rustdesk.desktop"
chown "$desktop_user:$desktop_user" "$desktop_home/Desktop/rustdesk.desktop"
log "RustDesk desktop shortcut created"
}
# Setup firewall rules for RustDesk
setup_firewall() {
log "Setting up firewall rules for RustDesk"
local rustdesk_port="${RUSTDESK_PORT:-21116}"
local rustdesk_hbbr_port="${RUSTDESK_HBBR_PORT:-21117}"
# Try different firewall tools
if command -v ufw >/dev/null 2>&1; then
ufw allow "$rustdesk_port/tcp" comment "RustDesk"
ufw allow "$rustdesk_port/udp" comment "RustDesk"
ufw allow "$rustdesk_hbbr_port/tcp" comment "RustDesk hbbr"
log "UFW rules added for RustDesk ports $rustdesk_port and $rustdesk_hbbr_port"
elif command -v firewall-cmd >/dev/null 2>&1; then
firewall-cmd --permanent --add-port="$rustdesk_port/tcp"
firewall-cmd --permanent --add-port="$rustdesk_port/udp"
firewall-cmd --permanent --add-port="$rustdesk_hbbr_port/tcp"
firewall-cmd --reload
log "FirewallD rules added for RustDesk ports $rustdesk_port and $rustdesk_hbbr_port"
else
log "WARNING: No supported firewall tool found. Manual firewall configuration may be needed."
fi
}
# Get RustDesk ID and password
get_rustdesk_info() {
log "RustDesk installation completed!"
log "To get your RustDesk ID and password, run:"
log " sudo -u $DESKTOP_USER rustdesk --get-id"
log " sudo -u $DESKTOP_USER rustdesk --password"
log ""
log "RustDesk will be available on ports:"
log " Main port: ${RUSTDESK_PORT:-21116}"
log " hbbr port: ${RUSTDESK_HBBR_PORT:-21117}"
}
# Main installation function
main() {
if [[ "${RUSTDESK_ENABLED:-true}" != "true" ]]; then
log "RustDesk is disabled, skipping installation"
return 0
fi
log "Starting RustDesk installation and configuration..."
detect_system
install_rustdesk
configure_rustdesk
create_rustdesk_service
create_desktop_shortcut
setup_firewall
get_rustdesk_info
log "RustDesk setup completed successfully!"
}
# Run main function if script is executed directly
if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
main "$@"
fi

344
taskservs/desktop/default/ssh-setup.sh Executable file
View file

@ -0,0 +1,344 @@
#!/usr/bin/env bash
# SSH Server Setup and Hardening Script
set -euo pipefail
# Load environment variables
source /tmp/env-desktop
log() {
echo "[$(date +'%Y-%m-%d %H:%M:%S')] SSH: $1"
}
error() {
echo "[$(date +'%Y-%m-%d %H:%M:%S')] SSH ERROR: $1" >&2
exit 1
}
# Detect OS
detect_os() {
if [[ -f /etc/os-release ]]; then
. /etc/os-release
OS=$ID
VERSION=$VERSION_ID
else
error "Cannot detect OS"
fi
log "Detected OS: $OS $VERSION"
}
# Install SSH server
install_ssh_server() {
log "Installing SSH server..."
case $OS in
ubuntu|debian)
apt-get update
apt-get install -y openssh-server openssh-client
;;
centos|rhel|fedora)
if command -v dnf >/dev/null 2>&1; then
dnf install -y openssh-server openssh-clients
else
yum install -y openssh-server openssh-clients
fi
;;
*)
error "Unsupported OS for SSH installation: $OS"
;;
esac
log "SSH server installed"
}
# Configure SSH server
configure_ssh_server() {
log "Configuring SSH server..."
local ssh_port="${SSH_PORT:-22}"
local password_auth="${SSH_PASSWORD_AUTH:-yes}"
local key_auth="${SSH_KEY_AUTH:-yes}"
local root_login="${SSH_ROOT_LOGIN:-prohibit-password}"
local max_auth_tries="${SSH_MAX_AUTH_TRIES:-3}"
local client_alive_interval="${SSH_CLIENT_ALIVE_INTERVAL:-300}"
local client_alive_count_max="${SSH_CLIENT_ALIVE_COUNT_MAX:-2}"
# Backup original config
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup.$(date +%Y%m%d_%H%M%S)
# Create new SSH configuration
cat > /etc/ssh/sshd_config << EOF
# SSH Configuration for Desktop Environment
# Generated by provisioning system
# Connection settings
Port $ssh_port
AddressFamily any
ListenAddress 0.0.0.0
ListenAddress ::
# Host keys
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
RekeyLimit default none
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication
LoginGraceTime 2m
PermitRootLogin $root_login
StrictModes yes
MaxAuthTries $max_auth_tries
MaxSessions 10
PubkeyAuthentication $key_auth
AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
# Password authentication
PasswordAuthentication $password_auth
PermitEmptyPasswords no
ChallengeResponseAuthentication no
# Kerberos and GSSAPI (disabled for security)
KerberosAuthentication no
GSSAPIAuthentication no
# Connection timeouts
ClientAliveInterval $client_alive_interval
ClientAliveCountMax $client_alive_count_max
TCPKeepAlive yes
# Compression
Compression delayed
# Environment
AcceptEnv LANG LC_*
AcceptEnv XMODIFIERS
# X11 forwarding (enabled for desktop environment)
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
# Agent forwarding (be careful with security)
AllowAgentForwarding yes
# TCP forwarding
AllowTcpForwarding yes
GatewayPorts no
# Tunnel device forwarding
PermitTunnel no
# chroot directory
ChrootDirectory none
# Banner
Banner none
# Subsystem
Subsystem sftp /usr/lib/openssh/sftp-server
# User/Group restrictions
EOF
# Add user restrictions if specified
if [[ -n "${SSH_ALLOWED_USERS:-}" ]]; then
echo "AllowUsers $SSH_ALLOWED_USERS" >> /etc/ssh/sshd_config
log "SSH access restricted to users: $SSH_ALLOWED_USERS"
fi
if [[ -n "${SSH_DENIED_USERS:-}" ]]; then
echo "DenyUsers $SSH_DENIED_USERS" >> /etc/ssh/sshd_config
log "SSH access denied for users: $SSH_DENIED_USERS"
fi
# Fix sftp-server path for different distributions
case $OS in
ubuntu|debian)
sed -i 's|/usr/lib/openssh/sftp-server|/usr/lib/openssh/sftp-server|' /etc/ssh/sshd_config
;;
centos|rhel|fedora)
sed -i 's|/usr/lib/openssh/sftp-server|/usr/libexec/openssh/sftp-server|' /etc/ssh/sshd_config
;;
esac
# Test SSH configuration
sshd -t || error "SSH configuration is invalid"
log "SSH server configured"
}
# Setup SSH keys for desktop user
setup_ssh_keys() {
local desktop_user="${DESKTOP_USER:-desktop}"
local desktop_home="${DESKTOP_HOME:-/home/$desktop_user}"
log "Setting up SSH keys for user $desktop_user"
# Create user if not exists
if ! id "$desktop_user" &>/dev/null; then
useradd -m -s /bin/bash "$desktop_user"
log "Created user $desktop_user"
fi
# Create .ssh directory
sudo -u "$desktop_user" mkdir -p "$desktop_home/.ssh"
chmod 700 "$desktop_home/.ssh"
# Generate SSH key pair if not exists
if [[ ! -f "$desktop_home/.ssh/id_rsa" ]]; then
log "Generating SSH key pair for $desktop_user"
sudo -u "$desktop_user" ssh-keygen -t rsa -b 4096 -f "$desktop_home/.ssh/id_rsa" -N "" -C "$desktop_user@$(hostname)"
log "SSH key pair generated"
fi
# Create authorized_keys file
sudo -u "$desktop_user" touch "$desktop_home/.ssh/authorized_keys"
chmod 600 "$desktop_home/.ssh/authorized_keys"
# Set proper ownership
chown -R "$desktop_user:$desktop_user" "$desktop_home/.ssh"
log "SSH keys setup completed for $desktop_user"
}
# Setup fail2ban for SSH protection
setup_fail2ban() {
log "Setting up fail2ban for SSH protection..."
case $OS in
ubuntu|debian)
apt-get install -y fail2ban
;;
centos|rhel|fedora)
if command -v dnf >/dev/null 2>&1; then
dnf install -y fail2ban
else
yum install -y fail2ban
fi
;;
esac
# Create fail2ban configuration for SSH
cat > /etc/fail2ban/jail.local << EOF
[DEFAULT]
# Ban time in seconds (10 minutes)
bantime = 600
# Find time window (10 minutes)
findtime = 600
# Max retry attempts
maxretry = 3
[sshd]
enabled = true
port = ${SSH_PORT:-22}
filter = sshd
logpath = /var/log/auth.log
maxretry = ${SSH_MAX_AUTH_TRIES:-3}
bantime = 3600
EOF
# Start and enable fail2ban
systemctl enable fail2ban
systemctl start fail2ban
log "fail2ban configured and started"
}
# Setup firewall rules for SSH
setup_firewall() {
log "Setting up firewall rules for SSH"
local ssh_port="${SSH_PORT:-22}"
# Try different firewall tools
if command -v ufw >/dev/null 2>&1; then
ufw allow "$ssh_port/tcp" comment "SSH"
log "UFW rule added for SSH port $ssh_port"
elif command -v firewall-cmd >/dev/null 2>&1; then
if [[ "$ssh_port" != "22" ]]; then
firewall-cmd --permanent --add-port="$ssh_port/tcp"
else
firewall-cmd --permanent --add-service=ssh
fi
firewall-cmd --reload
log "FirewallD rule added for SSH port $ssh_port"
else
log "WARNING: No supported firewall tool found. Manual firewall configuration may be needed."
fi
}
# Start and enable SSH service
start_ssh_service() {
log "Starting SSH service..."
# Enable and start SSH service
systemctl enable ssh sshd 2>/dev/null || systemctl enable sshd
systemctl restart ssh sshd 2>/dev/null || systemctl restart sshd
# Check service status
if systemctl is-active --quiet ssh || systemctl is-active --quiet sshd; then
log "SSH service is running"
else
error "Failed to start SSH service"
fi
log "SSH service started and enabled"
}
# Display connection information
display_connection_info() {
local desktop_user="${DESKTOP_USER:-desktop}"
local ssh_port="${SSH_PORT:-22}"
local server_ip=$(ip route get 1.1.1.1 | grep -oP 'src \K\S+' 2>/dev/null || echo "$(hostname -I | awk '{print $1}')")
log "SSH setup completed!"
log ""
log "SSH Connection Information:"
log " Server IP: $server_ip"
log " SSH Port: $ssh_port"
log " Desktop User: $desktop_user"
log ""
log "Connect via SSH:"
log " ssh $desktop_user@$server_ip -p $ssh_port"
log ""
log "Public key location (for key-based auth):"
log " /home/$desktop_user/.ssh/id_rsa.pub"
log ""
log "To copy your public key to another machine:"
log " ssh-copy-id -i /home/$desktop_user/.ssh/id_rsa.pub user@remote-host"
}
# Main installation function
main() {
if [[ "${SSH_ENABLED:-true}" != "true" ]]; then
log "SSH is disabled, skipping installation"
return 0
fi
log "Starting SSH server installation and configuration..."
detect_os
install_ssh_server
configure_ssh_server
setup_ssh_keys
setup_fail2ban
setup_firewall
start_ssh_service
display_connection_info
log "SSH setup completed successfully!"
}
# Run main function if script is executed directly
if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
main "$@"
fi

182
taskservs/desktop/default/zed-setup.sh Executable file
View file

@ -0,0 +1,182 @@
#!/usr/bin/env bash
# Zed Editor Setup Script for Desktop Environment
set -euo pipefail
log() {
echo "[$(date +'%Y-%m-%d %H:%M:%S')] ZED: $1"
}
error() {
echo "[$(date +'%Y-%m-%d %H:%M:%S')] ZED ERROR: $1" >&2
exit 1
}
# Install Zed editor
install_zed() {
local desktop_user="${DESKTOP_USER:-desktop}"
log "Installing Zed editor for user $desktop_user"
# Check architecture
local arch=$(uname -m)
case $arch in
x86_64)
log "Installing Zed for x86_64 architecture"
;;
aarch64|arm64)
log "Installing Zed for ARM64 architecture"
;;
*)
log "WARNING: Zed may not be available for $arch architecture"
return 0
;;
esac
# Download and install Zed
if command -v curl >/dev/null 2>&1; then
# Install system-wide
curl -f https://zed.dev/install.sh | sh
# Also install for the desktop user
sudo -u "$desktop_user" bash -c 'curl -f https://zed.dev/install.sh | sh'
else
error "curl not found - required for Zed installation"
fi
}
# Configure Zed for desktop user
configure_zed() {
local desktop_user="${DESKTOP_USER:-desktop}"
local desktop_home="${DESKTOP_HOME:-/home/$desktop_user}"
log "Configuring Zed editor for $desktop_user"
# Create Zed config directory
sudo -u "$desktop_user" mkdir -p "$desktop_home/.config/zed"
# Create basic Zed configuration
cat > "$desktop_home/.config/zed/settings.json" << 'EOF'
{
"assistant": {
"default_model": {
"provider": "zed.dev",
"model": "claude-3-5-sonnet-20241022"
},
"version": "2"
},
"vim_mode": false,
"ui_font_size": 16,
"buffer_font_size": 14,
"theme": {
"mode": "system",
"light": "One Light",
"dark": "One Dark"
},
"project_panel": {
"dock": "left"
},
"outline_panel": {
"dock": "right"
},
"collaboration_panel": {
"dock": "left"
},
"chat_panel": {
"dock": "right"
},
"notification_panel": {
"dock": "right"
},
"terminal": {
"dock": "bottom"
},
"git": {
"git_gutter": "tracked_files",
"inline_blame": {
"enabled": true
}
},
"lsp": {
"rust-analyzer": {
"binary": {
"path_lookup": true
}
}
},
"languages": {
"Python": {
"format_on_save": "on",
"formatter": "auto"
},
"JavaScript": {
"format_on_save": "on"
},
"TypeScript": {
"format_on_save": "on"
},
"Rust": {
"format_on_save": "on"
},
"Go": {
"format_on_save": "on"
}
},
"auto_update": true,
"telemetry": {
"diagnostics": false,
"metrics": false
}
}
EOF
# Set proper ownership
chown -R "$desktop_user:$desktop_user" "$desktop_home/.config/zed"
log "Zed configuration created"
}
# Create desktop shortcut for Zed
create_desktop_shortcut() {
local desktop_user="${DESKTOP_USER:-desktop}"
local desktop_home="${DESKTOP_HOME:-/home/$desktop_user}"
log "Creating desktop shortcut for Zed"
# Create desktop shortcut
cat > "$desktop_home/Desktop/zed.desktop" << 'EOF'
[Desktop Entry]
Version=1.0
Type=Application
Name=Zed
Comment=A high-performance, multiplayer code editor
Exec=zed %F
Icon=zed
Terminal=false
MimeType=text/plain;text/x-chdr;text/x-csrc;text/x-c++hdr;text/x-c++src;text/x-java;text/x-dsrc;text/x-pascal;text/x-perl;text/x-python;application/x-php;application/x-httpd-php3;application/x-httpd-php4;application/x-httpd-php5;application/x-ruby;text/x-tcl;text/x-tex;application/x-sh;text/x-chdr;text/x-csrc;text/css;text/html;text/xml;text/javascript;application/javascript;application/json;text/x-markdown;text/x-rust;text/x-go;
StartupNotify=true
Categories=Development;TextEditor;
Keywords=editor;development;programming;
EOF
chmod +x "$desktop_home/Desktop/zed.desktop"
chown "$desktop_user:$desktop_user" "$desktop_home/Desktop/zed.desktop"
log "Desktop shortcut created"
}
# Main function
main() {
log "Starting Zed editor setup..."
install_zed
configure_zed
create_desktop_shortcut
log "Zed editor setup completed!"
}
# Run main function if script is executed directly
if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
main "$@"
fi