From c59eb0c0cc0093c8c3e69b22bc334c07b181af3d Mon Sep 17 00:00:00 2001 From: Michael Smith Date: Mon, 1 Jul 2024 10:22:22 -0400 Subject: [PATCH 1/7] chore: add new video to README --- windows-rdp/README.md | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/windows-rdp/README.md b/windows-rdp/README.md index 5d86082..a050854 100644 --- a/windows-rdp/README.md +++ b/windows-rdp/README.md @@ -19,17 +19,11 @@ module "windows_rdp" { agent_id = resource.coder_agent.main.id resource_id = resource.aws_instance.dev.id } -module "windows_rdp" { - count = data.coder_workspace.me.start_count - source = "github.com/coder/modules//windows-rdp" - agent_id = resource.coder_agent.main.id - resource_id = resource.google_compute_instance.dev[0].id -} ``` ## Video -<-- Insert demo video here --> +https://github.com/coder/modules/assets/28937484/fb5f4a55-7b69-4550-ab62-301e13a4be02 ## Examples From fd2f91c0434f69db656d20e95714e00b48b38c75 Mon Sep 17 00:00:00 2001 From: Parkreiner Date: Mon, 1 Jul 2024 18:56:42 +0000 Subject: [PATCH 2/7] fix: remove commented-out code --- windows-rdp/main.tf | 23 ----------------------- 1 file changed, 23 deletions(-) diff --git a/windows-rdp/main.tf b/windows-rdp/main.tf index 273ad20..9de4783 100644 --- a/windows-rdp/main.tf +++ b/windows-rdp/main.tf @@ -152,26 +152,3 @@ resource "coder_app" "rdp-docs" { url = "https://coder.com/docs/v2/latest/ides/remote-desktops#rdp-desktop" external = true } - -# For some reason this is not rendering, commented out for now -# resource "coder_metadata" "rdp_details" { -# resource_id = var.resource_id -# daily_cost = 0 -# item { -# key = "Host" -# value = "localhost" -# } -# item { -# key = "Port" -# value = "3389" -# } -# item { -# key = "Username" -# value = "Administrator" -# } -# item { -# key = "Password" -# value = var.admin_password -# sensitive = true -# } -# } From b4153a6aaa5414479cde9cdc48662d6288be89ea Mon Sep 17 00:00:00 2001 From: Parkreiner Date: Mon, 1 Jul 2024 19:09:43 +0000 Subject: [PATCH 3/7] refactor: split off Windows script logic into separate file --- windows-rdp/main.tf | 97 ++------------------------ windows-rdp/windows-installation.tftpl | 88 +++++++++++++++++++++++ 2 files changed, 93 insertions(+), 92 deletions(-) create mode 100644 windows-rdp/windows-installation.tftpl diff --git a/windows-rdp/main.tf b/windows-rdp/main.tf index 9de4783..cd52c67 100644 --- a/windows-rdp/main.tf +++ b/windows-rdp/main.tf @@ -34,99 +34,12 @@ resource "coder_script" "windows-rdp" { agent_id = var.agent_id display_name = "windows-rdp" icon = "https://svgur.com/i/158F.svg" # TODO: add to Coder icons - script = <', "$patch") | Set-Content $devolutionsHtml - } - } - - Set-AdminPassword -adminPassword "${var.admin_password}" - Configure-RDP - Install-DevolutionsGateway - Patch-Devolutions-HTML - - EOF + script = templatefile("./windows-installation.tftpl", { + CODER_USERNAME : var.admin_username, + CODER_PASSWORD : var.admin_password, + }) -run_on_start = true + run_on_start = true } resource "coder_app" "windows-rdp" { diff --git a/windows-rdp/windows-installation.tftpl b/windows-rdp/windows-installation.tftpl new file mode 100644 index 0000000..fc0404a --- /dev/null +++ b/windows-rdp/windows-installation.tftpl @@ -0,0 +1,88 @@ +function Set-AdminPassword { + param ( + [string]$adminPassword + ) + # Set admin password + Get-LocalUser -Name "${var.admin_username}" | Set-LocalUser -Password (ConvertTo-SecureString -AsPlainText $adminPassword -Force) + # Enable admin user + Get-LocalUser -Name "${var.admin_username}" | Enable-LocalUser +} + +function Configure-RDP { + # Enable RDP + New-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -Name "fDenyTSConnections" -Value 0 -PropertyType DWORD -Force + # Disable NLA + New-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -Name "UserAuthentication" -Value 0 -PropertyType DWORD -Force + New-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -Name "SecurityLayer" -Value 1 -PropertyType DWORD -Force + # Enable RDP through Windows Firewall + Enable-NetFirewallRule -DisplayGroup "Remote Desktop" +} + +function Install-DevolutionsGateway { +# Define the module name and version +$moduleName = "DevolutionsGateway" +$moduleVersion = "2024.1.5" + +# Install the module with the specified version for all users +# This requires administrator privileges +try { + # Install-PackageProvider is required for AWS. Need to set command to + # terminate on failure so that try/catch actually triggers + Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force -ErrorAction Stop + Install-Module -Name $moduleName -RequiredVersion $moduleVersion -Force +} +catch { + # If the first command failed, assume that we're on GCP and run + # Install-Module only + Install-Module -Name $moduleName -RequiredVersion $moduleVersion -Force +} + +# Construct the module path for system-wide installation +$moduleBasePath = "C:\Windows\system32\config\systemprofile\Documents\PowerShell\Modules\$moduleName\$moduleVersion" +$modulePath = Join-Path -Path $moduleBasePath -ChildPath "$moduleName.psd1" + +# Import the module using the full path +Import-Module $modulePath +Install-DGatewayPackage + +# Configure Devolutions Gateway +$Hostname = "localhost" +$HttpListener = New-DGatewayListener 'http://*:7171' 'http://*:7171' +$WebApp = New-DGatewayWebAppConfig -Enabled $true -Authentication None +$ConfigParams = @{ + Hostname = $Hostname + Listeners = @($HttpListener) + WebApp = $WebApp +} +Set-DGatewayConfig @ConfigParams +New-DGatewayProvisionerKeyPair -Force + +# Configure and start the Windows service +Set-Service 'DevolutionsGateway' -StartupType 'Automatic' +Start-Service 'DevolutionsGateway' +} + +function Patch-Devolutions-HTML { +$root = "C:\Program Files\Devolutions\Gateway\webapp\client" +$devolutionsHtml = "$root\index.html" +$patch = '' + +# Always copy the file in case we change it. +@' +${templatefile("${path.module}/devolutions-patch.js", { +CODER_USERNAME : var.admin_username, +CODER_PASSWORD : var.admin_password, +})} +'@ | Set-Content "$root\coder.js" + +# Only inject the src if we have not before. +$isPatched = Select-String -Path "$devolutionsHtml" -Pattern "$patch" -SimpleMatch +if ($isPatched -eq $null) { + (Get-Content $devolutionsHtml).Replace('', "$patch") | Set-Content $devolutionsHtml +} +} + +Set-AdminPassword -adminPassword "${var.admin_password}" +Configure-RDP +Install-DevolutionsGateway +Patch-Devolutions-HTML From 49f060549ee48b0e305b7b2039fa52d8c6cc730e Mon Sep 17 00:00:00 2001 From: Parkreiner Date: Mon, 1 Jul 2024 19:14:05 +0000 Subject: [PATCH 4/7] fix: update TF import --- windows-rdp/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows-rdp/main.tf b/windows-rdp/main.tf index cd52c67..cccaf85 100644 --- a/windows-rdp/main.tf +++ b/windows-rdp/main.tf @@ -34,7 +34,7 @@ resource "coder_script" "windows-rdp" { agent_id = var.agent_id display_name = "windows-rdp" icon = "https://svgur.com/i/158F.svg" # TODO: add to Coder icons - script = templatefile("./windows-installation.tftpl", { + script = templatefile("${path.module}/./windows-installation.tftpl", { CODER_USERNAME : var.admin_username, CODER_PASSWORD : var.admin_password, }) From a8580fe6b92389f2e985136301b83a167ebfe826 Mon Sep 17 00:00:00 2001 From: Parkreiner Date: Mon, 1 Jul 2024 19:24:47 +0000 Subject: [PATCH 5/7] fix: update object definition for top-level templatefile --- windows-rdp/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows-rdp/main.tf b/windows-rdp/main.tf index cccaf85..06f2c17 100644 --- a/windows-rdp/main.tf +++ b/windows-rdp/main.tf @@ -34,9 +34,9 @@ resource "coder_script" "windows-rdp" { agent_id = var.agent_id display_name = "windows-rdp" icon = "https://svgur.com/i/158F.svg" # TODO: add to Coder icons - script = templatefile("${path.module}/./windows-installation.tftpl", { - CODER_USERNAME : var.admin_username, - CODER_PASSWORD : var.admin_password, + script = templatefile("${path.module}/windows-installation.tftpl", { + CODER_USERNAME = var.admin_username, + CODER_PASSWORD = var.admin_password, }) run_on_start = true From b23d85327ceb56707bc2a62cf3ce8dc488484c31 Mon Sep 17 00:00:00 2001 From: Parkreiner Date: Mon, 1 Jul 2024 20:11:40 +0000 Subject: [PATCH 6/7] refactor: try extracting main script into separate template file --- windows-rdp/main.tf | 9 +++++++-- windows-rdp/windows-installation.tftpl | 11 ++++------- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/windows-rdp/main.tf b/windows-rdp/main.tf index 06f2c17..f47e94e 100644 --- a/windows-rdp/main.tf +++ b/windows-rdp/main.tf @@ -34,9 +34,14 @@ resource "coder_script" "windows-rdp" { agent_id = var.agent_id display_name = "windows-rdp" icon = "https://svgur.com/i/158F.svg" # TODO: add to Coder icons + script = templatefile("${path.module}/windows-installation.tftpl", { - CODER_USERNAME = var.admin_username, - CODER_PASSWORD = var.admin_password, + admin_username = var.admin_username + admin_password = var.admin_password + patch_file_contents = templatefile("${path.module}/devolutions-patch.js", { + CODER_USERNAME = var.admin_username + CODER_PASSWORD = var.admin_password + }) }) run_on_start = true diff --git a/windows-rdp/windows-installation.tftpl b/windows-rdp/windows-installation.tftpl index fc0404a..1b7ab48 100644 --- a/windows-rdp/windows-installation.tftpl +++ b/windows-rdp/windows-installation.tftpl @@ -3,9 +3,9 @@ function Set-AdminPassword { [string]$adminPassword ) # Set admin password - Get-LocalUser -Name "${var.admin_username}" | Set-LocalUser -Password (ConvertTo-SecureString -AsPlainText $adminPassword -Force) + Get-LocalUser -Name "${admin_username}" | Set-LocalUser -Password (ConvertTo-SecureString -AsPlainText $adminPassword -Force) # Enable admin user - Get-LocalUser -Name "${var.admin_username}" | Enable-LocalUser + Get-LocalUser -Name "${admin_username}" | Enable-LocalUser } function Configure-RDP { @@ -69,10 +69,7 @@ $patch = '' # Always copy the file in case we change it. @' -${templatefile("${path.module}/devolutions-patch.js", { -CODER_USERNAME : var.admin_username, -CODER_PASSWORD : var.admin_password, -})} +${patch_file_contents} '@ | Set-Content "$root\coder.js" # Only inject the src if we have not before. @@ -82,7 +79,7 @@ if ($isPatched -eq $null) { } } -Set-AdminPassword -adminPassword "${var.admin_password}" +Set-AdminPassword -adminPassword "${admin_password}" Configure-RDP Install-DevolutionsGateway Patch-Devolutions-HTML From 3f8f6181e0a67115145cfd8cf00c8bc58f291600 Mon Sep 17 00:00:00 2001 From: Parkreiner Date: Mon, 1 Jul 2024 20:31:43 +0000 Subject: [PATCH 7/7] refactor: clean up final code --- windows-rdp/devolutions-patch.js | 9 ++++----- windows-rdp/main.tf | 6 +++++- ...lation.tftpl => powershell-installation-script.tftpl} | 0 3 files changed, 9 insertions(+), 6 deletions(-) rename windows-rdp/{windows-installation.tftpl => powershell-installation-script.tftpl} (100%) diff --git a/windows-rdp/devolutions-patch.js b/windows-rdp/devolutions-patch.js index a1e9da4..020a40f 100644 --- a/windows-rdp/devolutions-patch.js +++ b/windows-rdp/devolutions-patch.js @@ -12,11 +12,10 @@ * - A lot of the HTML selectors in this file will look nonstandard. This is * because they are actually custom Angular components. * - It is strongly advised that you avoid template literals that use the - * placeholder syntax via the dollar sign. The Terraform script looks for - * these characters so that it can inject Coder-specific values, so any - * template literal that uses the character actually needs to double up each - * of them. There are already a few places in this file where it couldn't be - * avoided, but avoiding this as much as possible will save you some headache. + * placeholder syntax via the dollar sign. The Terraform file is treating this + * as a template file, and because it also uses a similar syntax, there's a + * risk that some values will trigger false positives. If a template literal + * must be used, be sure to use a double dollar sign to escape things. * - All the CSS should be written via custom style tags and the !important * directive (as much as that is a bad idea most of the time). We do not * control the Angular app, so we have to modify things from afar to ensure diff --git a/windows-rdp/main.tf b/windows-rdp/main.tf index f47e94e..563e10f 100644 --- a/windows-rdp/main.tf +++ b/windows-rdp/main.tf @@ -35,9 +35,13 @@ resource "coder_script" "windows-rdp" { display_name = "windows-rdp" icon = "https://svgur.com/i/158F.svg" # TODO: add to Coder icons - script = templatefile("${path.module}/windows-installation.tftpl", { + script = templatefile("${path.module}/powershell-installation-script.tftpl", { admin_username = var.admin_username admin_password = var.admin_password + + # Wanted to have this be in the powershell template file, but Terraform + # doesn't allow recursive calls to the templatefile function. Have to feed + # results of the JS template replace into the powershell template patch_file_contents = templatefile("${path.module}/devolutions-patch.js", { CODER_USERNAME = var.admin_username CODER_PASSWORD = var.admin_password diff --git a/windows-rdp/windows-installation.tftpl b/windows-rdp/powershell-installation-script.tftpl similarity index 100% rename from windows-rdp/windows-installation.tftpl rename to windows-rdp/powershell-installation-script.tftpl