Update KasmVNC user group and config settings

- Use `usermod` to add user to ssl-cert group for compatibility.
- Simplify KasmVNC config with protocol and SSL parameters.
- Ensure UDP communication is confined to localhost for security.

filebrowser/README.md

@@ -14,7 +14,7 @@ A file browser for your workspace.
 ```tf
 module "filebrowser" {
   source   = "registry.coder.com/modules/filebrowser/coder"
-  version  = "1.0.23"
+  version  = "1.0.22"
   agent_id = coder_agent.example.id
 }
 ```
@@ -28,7 +28,7 @@ module "filebrowser" {
 ```tf
 module "filebrowser" {
   source   = "registry.coder.com/modules/filebrowser/coder"
-  version  = "1.0.23"
+  version  = "1.0.22"
   agent_id = coder_agent.example.id
   folder   = "/home/coder/project"
 }
@@ -39,7 +39,7 @@ module "filebrowser" {
 ```tf
 module "filebrowser" {
   source        = "registry.coder.com/modules/filebrowser/coder"
-  version       = "1.0.23"
+  version       = "1.0.22"
   agent_id      = coder_agent.example.id
   database_path = ".config/filebrowser.db"
 }

filebrowser/main.tf

@@ -20,8 +20,13 @@ data "coder_workspace_owner" "me" {}
 
 variable "agent_name" {
   type        = string
-  description = "The name of the coder_agent resource. (Only required if subdomain is false and the template uses multiple agents.)"
+  description = "The name of the main deployment. (Used to build the subpath for coder_app.)"
-  default     = null
+  default     = ""
+  validation {
+    # If subdomain is false, then agent_name must be set.
+    condition     = var.subdomain || var.agent_name != ""
+    error_message = "The agent_name must be set."
+  }
 }
 
 variable "database_path" {
@@ -68,12 +73,6 @@ variable "order" {
   default     = null
 }
 
-variable "slug" {
-  type        = string
-  description = "The slug of the coder_app resource."
-  default     = "filebrowser"
-}
-
 variable "subdomain" {
   type        = bool
   description = <<-EOT
@@ -86,7 +85,7 @@ variable "subdomain" {
 resource "coder_script" "filebrowser" {
   agent_id     = var.agent_id
   display_name = "File Browser"
-  icon         = "/icon/filebrowser.svg"
+  icon         = "https://raw.githubusercontent.com/filebrowser/logo/master/icon_raw.svg"
   script = templatefile("${path.module}/run.sh", {
     LOG_PATH : var.log_path,
     PORT : var.port,
@@ -94,30 +93,18 @@ resource "coder_script" "filebrowser" {
     LOG_PATH : var.log_path,
     DB_PATH : var.database_path,
     SUBDOMAIN : var.subdomain,
-    SERVER_BASE_PATH : local.server_base_path
+    SERVER_BASE_PATH : var.subdomain ? "" : format("/@%s/%s.%s/apps/filebrowser", data.coder_workspace_owner.me.name, data.coder_workspace.me.name, var.agent_name),
   })
   run_on_start = true
 }
 
 resource "coder_app" "filebrowser" {
   agent_id     = var.agent_id
-  slug         = var.slug
+  slug         = "filebrowser"
   display_name = "File Browser"
-  url          = local.url
+  url          = "http://localhost:${var.port}"
-  icon         = "/icon/filebrowser.svg"
+  icon         = "https://raw.githubusercontent.com/filebrowser/logo/master/icon_raw.svg"
   subdomain    = var.subdomain
   share        = var.share
   order        = var.order
-
-  healthcheck {
-    url       = local.healthcheck_url
-    interval  = 5
-    threshold = 6
-  }
 }
-
-locals {
-  server_base_path = var.subdomain ? "" : format("/@%s/%s%s/apps/%s", data.coder_workspace_owner.me.name, data.coder_workspace.me.name, var.agent_name != null ? ".${var.agent_name}" : "", var.slug)
-  url              = "http://localhost:${var.port}${local.server_base_path}"
-  healthcheck_url  = "http://localhost:${var.port}${local.server_base_path}/health"
-}

filebrowser/run.sh

@@ -1,13 +1,9 @@
 #!/usr/bin/env bash
 
 BOLD='\033[0;1m'
-
 printf "$${BOLD}Installing filebrowser \n\n"
 
-# Check if filebrowser is installed
+curl -fsSL https://raw.githubusercontent.com/filebrowser/get/master/get.sh | bash
-if ! command -v filebrowser &> /dev/null; then
-  curl -fsSL https://raw.githubusercontent.com/filebrowser/get/master/get.sh | bash
-fi
 
 printf "🥳 Installation complete! \n\n"
 

jetbrains-gateway/README.md

@@ -14,12 +14,12 @@ This module adds a JetBrains Gateway Button to open any workspace with a single
 ```tf
 module "jetbrains_gateway" {
   source         = "registry.coder.com/modules/jetbrains-gateway/coder"
-  version        = "1.0.24"
+  version        = "1.0.21"
   agent_id       = coder_agent.example.id
   agent_name     = "example"
   folder         = "/home/coder/example"
   jetbrains_ides = ["CL", "GO", "IU", "PY", "WS"]
-  default        = ["GO"]
+  default        = "GO"
 }
 ```
 
@@ -32,12 +32,12 @@ module "jetbrains_gateway" {
 ```tf
 module "jetbrains_gateway" {
   source         = "registry.coder.com/modules/jetbrains-gateway/coder"
-  version        = "1.0.24"
+  version        = "1.0.21"
   agent_id       = coder_agent.example.id
   agent_name     = "example"
   folder         = "/home/coder/example"
   jetbrains_ides = ["GO", "WS"]
-  default        = ["GO"]
+  default        = "GO"
 }
 ```
 
@@ -46,12 +46,12 @@ module "jetbrains_gateway" {
 ```tf
 module "jetbrains_gateway" {
   source         = "registry.coder.com/modules/jetbrains-gateway/coder"
-  version        = "1.0.24"
+  version        = "1.0.21"
   agent_id       = coder_agent.example.id
   agent_name     = "example"
   folder         = "/home/coder/example"
   jetbrains_ides = ["GO", "WS"]
-  default        = ["GO"]
+  default        = "GO"
   latest         = true
 }
 ```
@@ -61,49 +61,17 @@ module "jetbrains_gateway" {
 ```tf
 module "jetbrains_gateway" {
   source         = "registry.coder.com/modules/jetbrains-gateway/coder"
-  version        = "1.0.24"
+  version        = "1.0.21"
   agent_id       = coder_agent.example.id
   agent_name     = "example"
   folder         = "/home/coder/example"
   jetbrains_ides = ["GO", "WS"]
-  default        = ["GO"]
+  default        = "GO"
   latest         = true
   channel        = "eap"
 }
 ```
 
-### Add Multiple IDEs with the default set to GoLand
-
-```tf
-module "jetbrains_gateway" {
-  source         = "registry.coder.com/modules/jetbrains-gateway/coder"
-  version        = "1.0.24"
-  agent_id       = coder_agent.example.id
-  agent_name     = "example"
-  folder         = "/home/coder/example"
-  jetbrains_ides = ["GO", "WS", "RD", "PY"]
-  default        = ["GO", "PY"]
-}
-```
-
-### Custom release download link
-
-Due to the highest priority of the `ide_download_link` parameter in the `(jetbrains-gateway://...` within IDEA, the pre-configured download address will be overridden when using [IDEA's offline mode](https://www.jetbrains.com/help/idea/fully-offline-mode.html). Therefore, it is necessary to configure the `download_base_link` parameter for the `jetbrains_gateway` module to change the value of `ide_download_link`.
-
-```tf
-module "jetbrains_gateway" {
-  source             = "registry.coder.com/modules/jetbrains-gateway/coder"
-  version            = "1.0.24"
-  agent_id           = coder_agent.example.id
-  agent_name         = "example"
-  folder             = "/home/coder/example"
-  jetbrains_ides     = ["GO", "WS"]
-  releases_base_link = "https://releases.internal.site/"
-  download_base_link = "https://download.internal.site/"
-  default            = ["GO"]
-}
-```
-
 ## Supported IDEs
 
 This module and JetBrains Gateway support the following JetBrains IDEs:

jetbrains-gateway/main.tf

@@ -20,7 +20,7 @@ variable "agent_id" {
 
 variable "slug" {
   type        = string
-  description = "The slug for the coder_app"
+  description = "The slug for the coder_app. Allows resuing the module with the same template."
   default     = "gateway"
 }
 
@@ -39,9 +39,9 @@ variable "folder" {
 }
 
 variable "default" {
-  default     = []
+  default     = ""
-  type        = list(string)
+  type        = string
-  description = "Default IDEs to be added to the Workspace page."
+  description = "Default IDE"
 }
 
 variable "order" {
@@ -146,35 +146,9 @@ variable "jetbrains_ides" {
   }
 }
 
-variable "releases_base_link" {
-  type        = string
-  description = ""
-  default     = "https://data.services.jetbrains.com"
-  validation {
-    condition     = can(regex("^https?://.+$", var.releases_base_link))
-    error_message = "The releases_base_link must be a valid HTTP/S address."
-  }
-}
-
-variable "download_base_link" {
-  type        = string
-  description = ""
-  default     = "https://download.jetbrains.com"
-  validation {
-    condition     = can(regex("^https?://.+$", var.download_base_link))
-    error_message = "The download_base_link must be a valid HTTP/S address."
-  }
-}
-
-variable "provide_options" {
-  type        = bool
-  description = "Whether to provide coder_parameter options."
-  default     = true
-}
-
 data "http" "jetbrains_ide_versions" {
   for_each = var.latest ? toset(var.jetbrains_ides) : toset([])
-  url      = "${var.releases_base_link}/products/releases?code=${each.key}&latest=true&type=${var.channel}"
+  url      = "https://data.services.jetbrains.com/products/releases?code=${each.key}&latest=true&type=${var.channel}"
 }
 
 locals {
@@ -184,7 +158,7 @@ locals {
       name          = "GoLand",
       identifier    = "GO",
       build_number  = var.jetbrains_ide_versions["GO"].build_number,
-      download_link = "${var.download_base_link}/go/goland-${var.jetbrains_ide_versions["GO"].version}.tar.gz"
+      download_link = "https://download.jetbrains.com/go/goland-${var.jetbrains_ide_versions["GO"].version}.tar.gz"
       version       = var.jetbrains_ide_versions["GO"].version
     },
     "WS" = {
@@ -192,7 +166,7 @@ locals {
       name          = "WebStorm",
       identifier    = "WS",
       build_number  = var.jetbrains_ide_versions["WS"].build_number,
-      download_link = "${var.download_base_link}/webstorm/WebStorm-${var.jetbrains_ide_versions["WS"].version}.tar.gz"
+      download_link = "https://download.jetbrains.com/webstorm/WebStorm-${var.jetbrains_ide_versions["WS"].version}.tar.gz"
       version       = var.jetbrains_ide_versions["WS"].version
     },
     "IU" = {
@@ -200,7 +174,7 @@ locals {
       name          = "IntelliJ IDEA Ultimate",
       identifier    = "IU",
       build_number  = var.jetbrains_ide_versions["IU"].build_number,
-      download_link = "${var.download_base_link}/idea/ideaIU-${var.jetbrains_ide_versions["IU"].version}.tar.gz"
+      download_link = "https://download.jetbrains.com/idea/ideaIU-${var.jetbrains_ide_versions["IU"].version}.tar.gz"
       version       = var.jetbrains_ide_versions["IU"].version
     },
     "PY" = {
@@ -208,7 +182,7 @@ locals {
       name          = "PyCharm Professional",
       identifier    = "PY",
       build_number  = var.jetbrains_ide_versions["PY"].build_number,
-      download_link = "${var.download_base_link}/python/pycharm-professional-${var.jetbrains_ide_versions["PY"].version}.tar.gz"
+      download_link = "https://download.jetbrains.com/python/pycharm-professional-${var.jetbrains_ide_versions["PY"].version}.tar.gz"
       version       = var.jetbrains_ide_versions["PY"].version
     },
     "CL" = {
@@ -216,7 +190,7 @@ locals {
       name          = "CLion",
       identifier    = "CL",
       build_number  = var.jetbrains_ide_versions["CL"].build_number,
-      download_link = "${var.download_base_link}/cpp/CLion-${var.jetbrains_ide_versions["CL"].version}.tar.gz"
+      download_link = "https://download.jetbrains.com/cpp/CLion-${var.jetbrains_ide_versions["CL"].version}.tar.gz"
       version       = var.jetbrains_ide_versions["CL"].version
     },
     "PS" = {
@@ -224,7 +198,7 @@ locals {
       name          = "PhpStorm",
       identifier    = "PS",
       build_number  = var.jetbrains_ide_versions["PS"].build_number,
-      download_link = "${var.download_base_link}/webide/PhpStorm-${var.jetbrains_ide_versions["PS"].version}.tar.gz"
+      download_link = "https://download.jetbrains.com/webide/PhpStorm-${var.jetbrains_ide_versions["PS"].version}.tar.gz"
       version       = var.jetbrains_ide_versions["PS"].version
     },
     "RM" = {
@@ -232,7 +206,7 @@ locals {
       name          = "RubyMine",
       identifier    = "RM",
       build_number  = var.jetbrains_ide_versions["RM"].build_number,
-      download_link = "${var.download_base_link}/ruby/RubyMine-${var.jetbrains_ide_versions["RM"].version}.tar.gz"
+      download_link = "https://download.jetbrains.com/ruby/RubyMine-${var.jetbrains_ide_versions["RM"].version}.tar.gz"
       version       = var.jetbrains_ide_versions["RM"].version
     }
     "RD" = {
@@ -240,24 +214,28 @@ locals {
       name          = "Rider",
       identifier    = "RD",
       build_number  = var.jetbrains_ide_versions["RD"].build_number,
-      download_link = "${var.download_base_link}/rider/JetBrains.Rider-${var.jetbrains_ide_versions["RD"].version}.tar.gz"
+      download_link = "https://download.jetbrains.com/rider/JetBrains.Rider-${var.jetbrains_ide_versions["RD"].version}.tar.gz"
       version       = var.jetbrains_ide_versions["RD"].version
     }
   }
 
-  default_ide_map = {
+  icon          = local.jetbrains_ides[data.coder_parameter.jetbrains_ide.value].icon
-    for ide in var.default : ide => local.jetbrains_ides[ide]
+  json_data     = var.latest ? jsondecode(data.http.jetbrains_ide_versions[data.coder_parameter.jetbrains_ide.value].response_body) : {}
-  }
+  key           = var.latest ? keys(local.json_data)[0] : ""
+  display_name  = local.jetbrains_ides[data.coder_parameter.jetbrains_ide.value].name
+  identifier    = data.coder_parameter.jetbrains_ide.value
+  download_link = var.latest ? local.json_data[local.key][0].downloads.linux.link : local.jetbrains_ides[data.coder_parameter.jetbrains_ide.value].download_link
+  build_number  = var.latest ? local.json_data[local.key][0].build : local.jetbrains_ides[data.coder_parameter.jetbrains_ide.value].build_number
+  version       = var.latest ? local.json_data[local.key][0].version : var.jetbrains_ide_versions[data.coder_parameter.jetbrains_ide.value].version
 }
 
 data "coder_parameter" "jetbrains_ide" {
-  for_each     = local.default_ide_map
   type         = "string"
-  name         = "jetbrains_ide_${each.key}"
+  name         = "jetbrains_ide"
-  display_name = "JetBrains IDE ${each.key}"
+  display_name = "JetBrains IDE"
   icon         = "/icon/gateway.svg"
   mutable      = true
-  default      = each.key
+  default      = var.default == "" ? var.jetbrains_ides[0] : var.default
   order        = var.coder_parameter_order
 
   dynamic "option" {
@@ -274,11 +252,10 @@ data "coder_workspace" "me" {}
 data "coder_workspace_owner" "me" {}
 
 resource "coder_app" "gateway" {
-  for_each     = local.default_ide_map
   agent_id     = var.agent_id
-  slug         = "${var.slug}-${lower(each.key)}"
+  slug         = var.slug
-  display_name = each.value.name
+  display_name = local.display_name
-  icon         = each.value.icon
+  icon         = local.icon
   external     = true
   order        = var.order
   url = join("", [
@@ -295,23 +272,38 @@ resource "coder_app" "gateway" {
     "&token=",
     "$SESSION_TOKEN",
     "&ide_product_code=",
-    each.key,
+    data.coder_parameter.jetbrains_ide.value,
     "&ide_build_number=",
-    each.value.build_number,
+    local.build_number,
     "&ide_download_link=",
-    each.value.download_link,
+    local.download_link,
   ])
 }
 
-output "coder_apps" {
+output "identifier" {
-  value = {
+  value = local.identifier
-    for key, app in coder_app.gateway : key => {
+}
-      identifier    = key
+
-      display_name  = app.display_name
+output "display_name" {
-      icon          = local.jetbrains_ides[key].icon
+  value = local.display_name
-      download_link = local.jetbrains_ides[key].download_link
+}
-      build_number  = local.jetbrains_ides[key].build_number
+
-      version       = local.jetbrains_ides[key].version
+output "icon" {
-    }
+  value = local.icon
-  }
+}
+
+output "download_link" {
+  value = local.download_link
+}
+
+output "build_number" {
+  value = local.build_number
+}
+
+output "version" {
+  value = local.version
+}
+
+output "url" {
+  value = coder_app.gateway.url
 }

jupyterlab/README.md

@@ -16,7 +16,7 @@ A module that adds JupyterLab in your Coder template.
 ```tf
 module "jupyterlab" {
   source   = "registry.coder.com/modules/jupyterlab/coder"
-  version  = "1.0.23"
+  version  = "1.0.22"
   agent_id = coder_agent.example.id
 }
 ```

jupyterlab/run.sh

@@ -9,7 +9,7 @@ BOLD='\033[0;1m'
 printf "$${BOLD}Installing jupyterlab!\n"
 
 # check if jupyterlab is installed
-if ! command -v jupyter-lab > /dev/null 2>&1; then
+if ! command -v jupyterlab > /dev/null 2>&1; then
   # install jupyterlab
   # check if pipx is installed
   if ! command -v pipx > /dev/null 2>&1; then

kasmvnc/README.md

@@ -21,3 +21,22 @@ module "kasmvnc" {
 ```
 
 > **Note:** This module only works on workspaces with a pre-installed desktop environment. As an example base image you can use `codercom/enterprise-desktop` image.
+
+> **Note:** You can also use the kasmtech [custom images](https://kasmweb.com/docs/latest/guide/custom_images.html) by extending them as following:
+
+```Dockerfile
+FROM kasmweb/postman:1.16.0
+ARG USER=kasm-user
+USER root
+# Overwrite the existing config file to disable ssl
+RUN cat <<EOF > /etc/kasmvnc/kasmvnc.yaml
+network:
+  protocol: http
+  ssl:
+    require_ssl: false
+  udp:
+    public_ip: 127.0.0.1
+EOF
+RUN addgroup $USER ssl-cert
+USER $USER
+```

kasmvnc/main.tf

@@ -42,7 +42,7 @@ resource "coder_script" "kasm_vnc" {
   script = templatefile("${path.module}/run.sh", {
     PORT : var.port,
     DESKTOP_ENVIRONMENT : var.desktop_environment,
-    KASM_VERSION : var.kasm_version
+    VERSION : var.kasm_version
   })
   run_on_start = true
 }

kasmvnc/run.sh

@@ -1,12 +1,11 @@
 #!/usr/bin/env bash
 
-# Exit on error, undefined variables, and pipe failures
+#!/bin/bash
-set -euo pipefail
 
 # Function to check if vncserver is already installed
 check_installed() {
   if command -v vncserver &> /dev/null; then
-    echo "vncserver is already installed."
+    echo "A binary with name vncserver already installed."
     return 0 # Don't exit, just indicate it's installed
   else
     return 1 # Indicates not installed
@@ -15,195 +14,167 @@ check_installed() {
 
 # Function to download a file using wget, curl, or busybox as a fallback
 download_file() {
-  local url="$1"
+  local url=$1
-  local output="$2"
+  local output=$2
-  local download_tool
+  if command -v wget &> /dev/null; then
-
+    wget $url -O $output
-  if command -v curl &> /dev/null; then
+  elif command -v curl &> /dev/null; then
-    # shellcheck disable=SC2034
+    curl -fsSL $url -o $output
-    download_tool=(curl -fsSL)
-  elif command -v wget &> /dev/null; then
-    # shellcheck disable=SC2034
-    download_tool=(wget -q -O-)
   elif command -v busybox &> /dev/null; then
-    # shellcheck disable=SC2034
+    busybox wget -O $output $url
-    download_tool=(busybox wget -O-)
   else
-    echo "ERROR: No download tool available (curl, wget, or busybox required)"
+    echo "Neither wget, curl, nor busybox is installed. Please install one of them to proceed."
     exit 1
   fi
-
-  # shellcheck disable=SC2288
-  "$${download_tool[@]}" "$url" > "$output" || {
-    echo "ERROR: Failed to download $url"
-    exit 1
-  }
 }
 
 # Function to install kasmvncserver for debian-based distros
 install_deb() {
   local url=$1
-  local kasmdeb="/tmp/kasmvncserver.deb"
+  download_file $url /tmp/kasmvncserver.deb
+  sudo apt-get update
+  DEBIAN_FRONTEND=noninteractive sudo apt-get install --yes -qq --no-install-recommends --no-install-suggests /tmp/kasmvncserver.deb
+  sudo usermod -aG ssl-cert $USER
+  rm /tmp/kasmvncserver.deb
+}
 
-  download_file "$url" "$kasmdeb"
+# Function to install kasmvncserver for Oracle 8
+install_rpm_oracle8() {
+  local url=$1
+  download_file $url /tmp/kasmvncserver.rpm
+  sudo dnf config-manager --set-enabled ol8_codeready_builder
+  sudo dnf install oracle-epel-release-el8 -y
+  sudo dnf localinstall /tmp/kasmvncserver.rpm -y
+  sudo usermod -aG kasmvnc-cert $USER
+  rm /tmp/kasmvncserver.rpm
+}
 
-  CACHE_DIR="/var/lib/apt/lists/partial"
+# Function to install kasmvncserver for CentOS 7
-  # Check if the directory exists and was modified in the last 60 minutes
+install_rpm_centos7() {
-  if [[ ! -d "$CACHE_DIR" ]] || ! find "$CACHE_DIR" -mmin -60 -print -quit &> /dev/null; then
+  local url=$1
-    echo "Stale package cache, updating..."
+  download_file $url /tmp/kasmvncserver.rpm
-    # Update package cache with a 300-second timeout for dpkg lock
+  sudo yum install epel-release -y
-    sudo apt-get -o DPkg::Lock::Timeout=300 -qq update
+  sudo yum install /tmp/kasmvncserver.rpm -y
-  fi
+  sudo usermod -aG kasmvnc-cert $USER
-
+  rm /tmp/kasmvncserver.rpm
-  DEBIAN_FRONTEND=noninteractive sudo apt-get -o DPkg::Lock::Timeout=300 install --yes -qq --no-install-recommends --no-install-suggests "$kasmdeb"
-  rm "$kasmdeb"
 }
 
 # Function to install kasmvncserver for rpm-based distros
 install_rpm() {
   local url=$1
-  local kasmrpm="/tmp/kasmvncserver.rpm"
+  download_file $url /tmp/kasmvncserver.rpm
-  local package_manager
+  sudo rpm -i /tmp/kasmvncserver.rpm
-
+  rm /tmp/kasmvncserver.rpm
-  if command -v dnf &> /dev/null; then
-    # shellcheck disable=SC2034
-    package_manager=(dnf localinstall -y)
-  elif command -v zypper &> /dev/null; then
-    # shellcheck disable=SC2034
-    package_manager=(zypper install -y)
-  elif command -v yum &> /dev/null; then
-    # shellcheck disable=SC2034
-    package_manager=(yum localinstall -y)
-  elif command -v rpm &> /dev/null; then
-    # Do we need to manually handle missing dependencies?
-    # shellcheck disable=SC2034
-    package_manager=(rpm -i)
-  else
-    echo "ERROR: No supported package manager available (dnf, zypper, yum, or rpm required)"
-    exit 1
-  fi
-
-  download_file "$url" "$kasmrpm"
-
-  # shellcheck disable=SC2288
-  sudo "$${package_manager[@]}" "$kasmrpm" || {
-    echo "ERROR: Failed to install $kasmrpm"
-    exit 1
-  }
-
-  rm "$kasmrpm"
 }
 
 # Function to install kasmvncserver for Alpine Linux
 install_alpine() {
   local url=$1
-  local kasmtgz="/tmp/kasmvncserver.tgz"
+  download_file $url /tmp/kasmvncserver.tgz
-
+  tar -xzf /tmp/kasmvncserver.tgz -C /usr/local/bin/
-  download_file "$url" "$kasmtgz"
+  rm /tmp/kasmvncserver.tgz
-
-  tar -xzf "$kasmtgz" -C /usr/local/bin/
-  rm "$kasmtgz"
 }
 
-# Detect system information
-if [[ ! -f /etc/os-release ]]; then
-  echo "ERROR: Cannot detect OS: /etc/os-release not found"
-  exit 1
-fi
-
-# shellcheck disable=SC1091
-source /etc/os-release
-distro="$ID"
-distro_version="$VERSION_ID"
-codename="$VERSION_CODENAME"
-arch="$(uname -m)"
-if [[ "$ID" == "ol" ]]; then
-  distro="oracle"
-  distro_version="$${distro_version%%.*}"
-elif [[ "$ID" == "fedora" ]]; then
-  distro_version="$(grep -oP '\(\K[\w ]+' /etc/fedora-release | tr '[:upper:]' '[:lower:]' | tr -d ' ')"
-fi
-
-echo "Detected Distribution: $distro"
-echo "Detected Version: $distro_version"
-echo "Detected Codename: $codename"
-echo "Detected Architecture: $arch"
-
-# Map arch to package arch
-case "$arch" in
-  x86_64)
-    if [[ "$distro" =~ ^(ubuntu|debian|kali)$ ]]; then
-      arch="amd64"
-    fi
-    ;;
-  aarch64)
-    if [[ "$distro" =~ ^(ubuntu|debian|kali)$ ]]; then
-      arch="arm64"
-    fi
-    ;;
-  arm64)
-    : # This is effectively a noop
-    ;;
-  *)
-    echo "ERROR: Unsupported architecture: $arch"
-    exit 1
-    ;;
-esac
-
 # Check if vncserver is installed, and install if not
 if ! check_installed; then
-  # Check for NOPASSWD sudo (required)
+  # Detect system information
-  if ! command -v sudo &> /dev/null || ! sudo -n true 2> /dev/null; then
+  distro=$(grep "^ID=" /etc/os-release | awk -F= '{print $2}')
-    echo "ERROR: sudo NOPASSWD access required!"
+  version=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
+  arch=$(uname -m)
+
+  echo "Detected Distribution: $distro"
+  echo "Detected Version: $version"
+  echo "Detected Architecture: $arch"
+
+  # Map arch to package arch
+  if [[ "$arch" == "x86_64" ]]; then
+    if [[ "$distro" == "ubuntu" || "$distro" == "debian" || "$distro" == "kali" ]]; then
+      arch="amd64"
+    else
+      arch="x86_64"
+    fi
+  elif [[ "$arch" == "aarch64" || "$arch" == "arm64" ]]; then
+    if [[ "$distro" == "ubuntu" || "$distro" == "debian" || "$distro" == "kali" ]]; then
+      arch="arm64"
+    else
+      arch="aarch64"
+    fi
+  else
+    echo "Unsupported architecture: $arch"
     exit 1
   fi
 
-  base_url="https://github.com/kasmtech/KasmVNC/releases/download/v${KASM_VERSION}"
+  echo "Installing KASM version: ${VERSION}"
-
-  echo "Installing KASM version: ${KASM_VERSION}"
   case $distro in
     ubuntu | debian | kali)
-      bin_name="kasmvncserver_$${codename}_${KASM_VERSION}_$${arch}.deb"
+      case $version in
-      install_deb "$base_url/$bin_name"
+        "20.04")
+          install_deb "https://github.com/kasmtech/KasmVNC/releases/download/v${VERSION}/kasmvncserver_focal_${VERSION}_$${arch}.deb"
+          ;;
+        "22.04")
+          install_deb "https://github.com/kasmtech/KasmVNC/releases/download/v${VERSION}/kasmvncserver_jammy_${VERSION}_$${arch}.deb"
+          ;;
+        "24.04")
+          install_deb "https://github.com/kasmtech/KasmVNC/releases/download/v${VERSION}/kasmvncserver_noble_${VERSION}_$${arch}.deb"
+          ;;
+        *)
+          echo "Unsupported Ubuntu/Debian/Kali version: $${version}"
+          exit 1
+          ;;
+      esac
       ;;
-    oracle | fedora | opensuse)
+    oracle)
-      bin_name="kasmvncserver_$${distro}_$${distro_version}_${KASM_VERSION}_$${arch}.rpm"
+      if [[ "$version" == "8" ]]; then
-      install_rpm "$base_url/$bin_name"
+        install_rpm_oracle8 "https://github.com/kasmtech/KasmVNC/releases/download/v${VERSION}/kasmvncserver_oracle_8_${VERSION}_$${arch}.rpm"
+      else
+        echo "Unsupported Oracle version: $${version}"
+        exit 1
+      fi
+      ;;
+    centos)
+      if [[ "$version" == "7" ]]; then
+        install_rpm_centos7 "https://github.com/kasmtech/KasmVNC/releases/download/v${VERSION}/kasmvncserver_centos_core_${VERSION}_$${arch}.rpm"
+      else
+        install_rpm "https://github.com/kasmtech/KasmVNC/releases/download/v${VERSION}/kasmvncserver_centos_core_${VERSION}_$${arch}.rpm"
+      fi
       ;;
     alpine)
-      bin_name="kasmvnc.alpine_$${distro_version//./}_$${arch}.tgz"
+      if [[ "$version" == "3.17" || "$version" == "3.18" || "$version" == "3.19" || "$version" == "3.20" ]]; then
-      install_alpine "$base_url/$bin_name"
+        install_alpine "https://github.com/kasmtech/KasmVNC/releases/download/v${VERSION}/kasmvnc.alpine_$${version}_$${arch}.tgz"
+      else
+        echo "Unsupported Alpine version: $${version}"
+        exit 1
+      fi
+      ;;
+    fedora | opensuse)
+      install_rpm "https://github.com/kasmtech/KasmVNC/releases/download/v${VERSION}/kasmvncserver_$${distro}_$${version}_${VERSION}_$${arch}.rpm"
       ;;
     *)
-      echo "Unsupported distribution: $distro"
+      echo "Unsupported distribution: $${distro}"
       exit 1
       ;;
   esac
 else
-  echo "vncserver already installed. Skipping installation."
+  echo "Skipping installation."
 fi
 
-if command -v sudo &> /dev/null && sudo -n true 2> /dev/null; then
+# Try to create /etc/kasmvnc/kasmvnc.yaml system-wide
-  kasm_config_file="/etc/kasmvnc/kasmvnc.yaml"
+# we don't fail as some images might be missing sudo permissions
-  SUDO=sudo
+sudo mkdir -p /etc/kasmvnc || true
-else
+sudo bash -c "cat > /etc/kasmvnc/kasmvnc.yaml <<EOF
-  kasm_config_file="$HOME/.vnc/kasmvnc.yaml"
+network:
-  SUDO=
+  protocol: http
+  websocket_port: ${PORT}
+  ssl:
+    require_ssl: false
+  udp:
+    public_ip: 127.0.0.1
+EOF" || true
 
-  echo "WARNING: Sudo access not available, using user config dir!"
 
-  if [[ -f "$kasm_config_file" ]]; then
+# There could already be a config file in the image at /etc/kasmvnc/kasmvnc.yaml, but we need to set the websocket port
-    echo "WARNING: Custom user KasmVNC config exists, not overwriting!"
+mkdir -p "$HOME/.vnc"
-    echo "WARNING: Ensure that you manually configure the appropriate settings."
+cat > "$HOME/.vnc/kasmvnc.yaml" <<EOF
-    kasm_config_file="/dev/stderr"
-  else
-    echo "WARNING: This may prevent custom user KasmVNC settings from applying!"
-    mkdir -p "$HOME/.vnc"
-  fi
-fi
-
-echo "Writing KasmVNC config to $kasm_config_file"
-$SUDO tee "$kasm_config_file" > /dev/null << EOF
 network:
   protocol: http
   websocket_port: ${PORT}
@@ -218,18 +189,8 @@ EOF
 # This password is not used since we start the server without auth.
 # The server is protected via the Coder session token / tunnel
 # and does not listen publicly
-echo -e "password\npassword\n" | vncpasswd -wo -u "$USER"
+echo -e "password\npassword\n" | vncpasswd -wo -u $USER
 
 # Start the server
 printf "🚀 Starting KasmVNC server...\n"
-vncserver -select-de "${DESKTOP_ENVIRONMENT}" -disableBasicAuth > /tmp/kasmvncserver.log 2>&1 &
+vncserver -select-de ${DESKTOP_ENVIRONMENT} -disableBasicAuth > /tmp/kasmvncserver.log 2>&1 &
-pid=$!
-
-# Wait for server to start
-sleep 5
-grep -v '^[[:space:]]*$' /tmp/kasmvncserver.log | tail -n 10
-if ps -p $pid | grep -q "^$pid"; then
-  echo "ERROR: Failed to start KasmVNC server. Check full logs at /tmp/kasmvncserver.log"
-  exit 1
-fi
-printf "🚀 KasmVNC server started successfully!\n"