From: alex Date: Sun, 29 Oct 2023 23:04:52 +0000 (+0000) Subject: Add remote desktop X-Git-Tag: 20240214-emacs~140 X-Git-Url: https://xn--ix-yja.es/gitweb/?a=commitdiff_plain;h=bb3dd0066cb22474531f6f54b9465db6e3f80a76;p=alex.git Add remote desktop --- diff --git a/personal_infra/puppet/modules/remote_desktop/manifests/init.pp b/personal_infra/puppet/modules/remote_desktop/manifests/init.pp new file mode 100644 index 0000000..4989709 --- /dev/null +++ b/personal_infra/puppet/modules/remote_desktop/manifests/init.pp @@ -0,0 +1,18 @@ +class remote_desktop { + package {['xorgxrdp', 'xrdp']:} + + file {'/etc/xrdp/xrdp.ini': + content => template('remote_desktop/xrdp.ini'), + require => Package['xrdp'], + } + ~> + service {'xrdp': + enable => true, + ensure => running, + } + + exec {'/usr/bin/dnf group install -y GNOME': + unless => '/usr/bin/dnf grouplist -v hidden --installed | grep GNOME', + timeout => 0, + } +} diff --git a/personal_infra/puppet/modules/remote_desktop/templates/xrdp.ini b/personal_infra/puppet/modules/remote_desktop/templates/xrdp.ini new file mode 100644 index 0000000..3ab3ad5 --- /dev/null +++ b/personal_infra/puppet/modules/remote_desktop/templates/xrdp.ini @@ -0,0 +1,317 @@ +[Globals] +; xrdp.ini file version number +ini_version=1 + +; fork a new process for each incoming connection +fork=true + +; ports to listen on, number alone means listen on all interfaces +; 0.0.0.0 or :: if ipv6 is configured +; space between multiple occurrences +; ALL specified interfaces must be UP when xrdp starts, otherwise xrdp will fail to start +; +; Examples: +; port=3389 +; port=unix://./tmp/xrdp.socket +; port=tcp://.:3389 127.0.0.1:3389 +; port=tcp://:3389 *:3389 +; port=tcp://:3389 192.168.1.1:3389 +; port=tcp6://.:3389 ::1:3389 +; port=tcp6://:3389 *:3389 +; port=tcp6://{}:3389 {FC00:0:0:0:0:0:0:1}:3389 +; port=vsock://: +port=3389 + +; 'port' above should be connected to with vsock instead of tcp +; use this only with number alone in port above +; prefer use vsock://: above +use_vsock=false + +; regulate if the listening socket use socket option tcp_nodelay +; no buffering will be performed in the TCP stack +tcp_nodelay=true + +; regulate if the listening socket use socket option keepalive +; if the network connection disappear without close messages the connection will be closed +tcp_keepalive=true + +; set tcp send/recv buffer (for experts) +#tcp_send_buffer_bytes=32768 +#tcp_recv_buffer_bytes=32768 + +; security layer can be 'tls', 'rdp' or 'negotiate' +; for client compatible layer +security_layer=negotiate + +; minimum security level allowed for client for classic RDP encryption +; use tls_ciphers to configure TLS encryption +; can be 'none', 'low', 'medium', 'high', 'fips' +crypt_level=high + +; X.509 certificate and private key +; openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365 +certificate= +key_file= + +; set SSL protocols +; can be comma separated list of 'SSLv3', 'TLSv1', 'TLSv1.1', 'TLSv1.2', 'TLSv1.3' +ssl_protocols=TLSv1.2, TLSv1.3 +; set TLS cipher suites +#tls_ciphers=HIGH + +; concats the domain name to the user if set for authentication with the separator +; for example when the server is multi homed with SSSd +#domain_user_separator=@ + +; The following options will override the keyboard layout settings. +; These options are for DEBUG and are not recommended for regular use. +#xrdp.override_keyboard_type=0x04 +#xrdp.override_keyboard_subtype=0x01 +#xrdp.override_keylayout=0x00000409 + +; Section name to use for automatic login if the client sends username +; and password. If empty, the domain name sent by the client is used. +; If empty and no domain name is given, the first suitable section in +; this file will be used. +autorun= + +allow_channels=true +allow_multimon=true +bitmap_cache=true +bitmap_compression=true +bulk_compression=true +#hidelogwindow=true +max_bpp=32 +new_cursors=true +; fastpath - can be 'input', 'output', 'both', 'none' +use_fastpath=both +; when true, userid/password *must* be passed on cmd line +#require_credentials=true +; when true, the userid will be used to try to authenticate +#enable_token_login=true +; You can set the PAM error text in a gateway setup (MAX 256 chars) +#pamerrortxt=change your password according to policy at http://url + +; +; colors used by windows in RGB format +; +blue=009cb5 +grey=dedede +#black=000000 +#dark_grey=808080 +#blue=08246b +#dark_blue=08246b +#white=ffffff +#red=ff0000 +#green=00ff00 +#background=626c72 + +; +; configure login screen +; + +; Login Screen Window Title +#ls_title=My Login Title + +; top level window background color in RGB format +ls_top_window_bg_color=009cb5 + +; width and height of login screen +; +; The default height allows for about 5 fields to be comfortably displayed +; above the buttons at the bottom. To display more fields, make +; larger, and also increase and +; below +; +ls_width=350 +ls_height=430 + +; login screen background color in RGB format +ls_bg_color=dedede + +; optional background image filename. BMP format is always supported, +; but other formats will be supported if xrdp is build with imlib2 +; The transform can be one of the following:- +; none : No transformation. Image is placed in bottom-right corner +; of the screen. +; scale : Image is scaled to the screen size. The image aspect +; ratio is not preserved. +; zoom : Image is scaled to the screen size. The image aspect +; ratio is preserved by clipping the image. +#ls_background_image= +#ls_background_transform=none + +; logo +; full path to file or file in shared folder. BMP format is always supported, +; but other formats will be supported if xrdp is build with imlib2 +; For transform values, see 'ls_background_transform'. The logo width and +; logo height are ignored for a transform of 'none'. +ls_logo_filename= +#ls_logo_transform=none +#ls_logo_width=240 +#ls_logo_height=140 +ls_logo_x_pos=55 +ls_logo_y_pos=50 + +; for positioning labels such as username, password etc +ls_label_x_pos=30 +ls_label_width=65 + +; for positioning text and combo boxes next to above labels +ls_input_x_pos=110 +ls_input_width=210 + +; y pos for first label and combo box +ls_input_y_pos=220 + +; OK button +ls_btn_ok_x_pos=142 +ls_btn_ok_y_pos=370 +ls_btn_ok_width=85 +ls_btn_ok_height=30 + +; Cancel button +ls_btn_cancel_x_pos=237 +ls_btn_cancel_y_pos=370 +ls_btn_cancel_width=85 +ls_btn_cancel_height=30 + +[Logging] +; Note: Log levels can be any of: core, error, warning, info, debug, or trace +LogFile=xrdp.log +LogLevel=INFO +EnableSyslog=true +#SyslogLevel=INFO +#EnableConsole=false +#ConsoleLevel=INFO +#EnableProcessId=false + +[LoggingPerLogger] +; Note: per logger configuration is only used if xrdp is built with +; --enable-devel-logging +#xrdp.c=INFO +#main()=INFO + +[Channels] +; Channel names not listed here will be blocked by XRDP. +; You can block any channel by setting its value to false. +; IMPORTANT! All channels are not supported in all use +; cases even if you set all values to true. +; You can override these settings on each session type +; These settings are only used if allow_channels=true +rdpdr=true +rdpsnd=true +drdynvc=true +cliprdr=true +rail=true +xrdpvr=true +tcutils=true + +; for debugging xrdp, in section xrdp1, change port=-1 to this: +#port=/tmp/.xrdp/xrdp_display_10 + + +; +; Session types +; + +; Some session types such as Xorg, X11rdp and Xvnc start a display server. +; Startup command-line parameters for the display server are configured +; in sesman.ini. See and configure also sesman.ini. +[Xorg] +name=Xorg +lib=libxup.so +username=ask +password=ask +ip=127.0.0.1 +port=-1 +code=20 + +#[Xvnc] +#name=Xvnc +#lib=libvnc.so +#username=ask +#password=ask +#ip=127.0.0.1 +#port=-1 +##xserverbpp=24 +##delay_ms=2000 +; Disable requested encodings to support buggy VNC servers +; (1 = ExtendedDesktopSize) +##disabled_encodings_mask=0 +; Use this to connect to a chansrv instance created outside of sesman +; (e.g. as part of an x11vnc console session). Replace '0' with the +; display number of the session +##chansrvport=DISPLAY(0) + +; Generic VNC Proxy +; Tailor this to specific hosts and VNC instances by specifying an ip +; and port and setting a suitable name. +#[vnc-any] +#name=vnc-any +#lib=libvnc.so +#ip=ask +#port=ask5900 +#username=na +#password=ask +#pamusername=asksame +#pampassword=asksame +#pamsessionmng=127.0.0.1 +#delay_ms=2000 + +; Generic RDP proxy using NeutrinoRDP +; Tailor this to specific hosts by specifying an ip and port and setting +; a suitable name. +#[neutrinordp-any] +#name=neutrinordp-any +; To use this section, you should build xrdp with configure option +; --enable-neutrinordp. +#lib=libxrdpneutrinordp.so +#ip=ask +#port=ask3389 +#username=ask +#password=ask +; Uncomment the following lines to enable PAM authentication for proxy +; connections. +#pamusername=ask +#pampassword=ask +#pamsessionmng=127.0.0.1 +; Currently NeutrinoRDP doesn't support dynamic resizing. Uncomment +; this line if you're using a client which does. +#enable_dynamic_resizing=false +; By default, performance settings requested by the RDP client are ignored +; and chosen by NeutrinoRDP. Uncomment this line to allow the user to +; select performance settings in the RDP client. +#perf.allow_client_experiencesettings=true +; Override any experience setting by uncommenting one or more of the +; following lines. +#perf.wallpaper=false +#perf.font_smoothing=false +#perf.desktop_composition=false +#perf.full_window_drag=false +#perf.menu_anims=false +#perf.themes=false +#perf.cursor_blink=false +; By default NeutrinoRDP supports cursor shadows. If this is giving +; you problems (e.g. cursor is a black rectangle) try disabling cursor +; shadows by uncommenting the following line. +#perf.cursor_shadow=false +; By default, NeutrinoRDP uses the keyboard layout of the remote RDP Server. +; If you want to tell the remote the keyboard layout of the RDP Client, +; by uncommenting the following line. +#neutrinordp.allow_client_keyboardLayout=true +; The following options will override the remote keyboard layout settings. +; These options are for DEBUG and are not recommended for regular use. +#neutrinordp.override_keyboardLayout_mask=0x0000FFFF +#neutrinordp.override_kbd_type=0x04 +#neutrinordp.override_kbd_subtype=0x01 +#neutrinordp.override_kbd_fn_keys=12 +#neutrinordp.override_kbd_layout=0x00000409 + +; You can override the common channel settings for each session type +#channel.rdpdr=true +#channel.rdpsnd=true +#channel.drdynvc=true +#channel.cliprdr=true +#channel.rail=true +#channel.xrdpvr=true diff --git a/personal_infra/puppet/site/ws.h1.int.pdp7.net.pp b/personal_infra/puppet/site/ws.h1.int.pdp7.net.pp index 3a28895..7c972aa 100644 --- a/personal_infra/puppet/site/ws.h1.int.pdp7.net.pp +++ b/personal_infra/puppet/site/ws.h1.int.pdp7.net.pp @@ -5,4 +5,6 @@ node 'ws.h1.int.pdp7.net' { } package {['pipx', 'isync', 'weechat', 'rclone', 'fuse', 'rsync', 'sshpass']:} + + class {'remote_desktop':} }