ok

umm?
fix bug
2026-06-05 14:08:15 +00:00 · 2025-06-13 15:46:24 +00:00 · 2025-06-13 15:45:50 +00:00 · 2025-06-13 15:42:52 +00:00 · 2025-06-13 15:28:19 +00:00 · 2025-06-13 15:24:00 +00:00
4 changed files with 96 additions and 12 deletions
@@ -54,6 +54,29 @@ variable "subdomain" {
  description = "Is subdomain sharing enabled in your cluster?"
 }

+variable "kasm_config" {
+  type        = string
+  default     = ""
+  description = <<-EOT
+    Additional KasmVNC configuration in YAML format. Can be used to set DLP policies and other advanced settings.
+    
+    Example for DLP policies (according to KasmVNC documentation):
+    ```yaml
+    data_loss_prevention:
+      clipboard:
+        server_to_client:
+          enabled: false
+        client_to_server:
+          enabled: false
+      printing: false
+      download: false
+    ```
+    
+    For more advanced configuration options, see the KasmVNC documentation:
+    https://kasmweb.com/docs/latest/how_to/kasmvnc_dlp_policies.html
+  EOT
+}
+
 resource "coder_script" "kasm_vnc" {
  agent_id     = var.agent_id
  display_name = "KasmVNC"
@@ -65,6 +88,7 @@ resource "coder_script" "kasm_vnc" {
    KASM_VERSION        = var.kasm_version
    SUBDOMAIN           = tostring(var.subdomain)
    PATH_VNC_HTML       = var.subdomain ? "" : file("${path.module}/path_vnc.html")
+    KASM_CONFIG         = var.kasm_config
  })
 }

@@ -193,19 +193,35 @@ else
  SUDO=""

  echo "WARNING: Sudo access not available, using user config dir!"
-
+  
+  # Always ensure the directory exists
+  mkdir -p "$HOME/.vnc"
+  
+  # We'll handle existing configs differently - we'll merge instead of skipping
  if [[ -f "$kasm_config_file" ]]; then
-    echo "WARNING: Custom user KasmVNC config exists, not overwriting!"
-    echo "WARNING: Ensure that you manually configure the appropriate settings."
-    kasm_config_file="/dev/stderr"
-  else
-    echo "WARNING: This may prevent custom user KasmVNC settings from applying!"
-    mkdir -p "$HOME/.vnc"
+    echo "INFO: Custom user KasmVNC config exists, will merge with new settings."
+    # Create a backup of the existing config
+    cp "$kasm_config_file" "$${kasm_config_file}.bak"
  fi
 fi

 echo "Writing KasmVNC config to $kasm_config_file"
-$SUDO tee "$kasm_config_file" > /dev/null << EOF
+
+# Create a temporary file for our config
+TEMP_CONFIG_FILE=$(mktemp)
+
+# Check if existing config file exists and preserve its content
+if [[ -f "$kasm_config_file" ]]; then
+  echo "Preserving existing KasmVNC configuration settings."
+  cp "$kasm_config_file" "$TEMP_CONFIG_FILE"
+  
+  # Update only the network section
+  if grep -q "^network:" "$TEMP_CONFIG_FILE"; then
+    # Network section exists, update only the websocket_port
+    sed -i "s/\([ \t]*websocket_port:\).*/\1 ${PORT}/" "$TEMP_CONFIG_FILE"
+  else
+    # Network section doesn't exist, add it
+    cat >> "$TEMP_CONFIG_FILE" << EOF
 network:
  protocol: http
  interface: 127.0.0.1
@@ -217,6 +233,45 @@ network:
  udp:
    public_ip: 127.0.0.1
 EOF
+  fi
+else
+  # Start with base network configuration for new config
+  cat > "$TEMP_CONFIG_FILE" << EOF
+network:
+  protocol: http
+  interface: 127.0.0.1
+  websocket_port: ${PORT}
+  ssl:
+    require_ssl: false
+    pem_certificate:
+    pem_key:
+  udp:
+    public_ip: 127.0.0.1
+EOF
+fi
+
+# Add additional KasmVNC configuration if provided
+if [[ -n "${KASM_CONFIG}" ]]; then
+  echo "Adding custom KasmVNC configuration."
+  
+  # Add a comment to mark the start of custom config
+  echo "" >> "$TEMP_CONFIG_FILE"
+  echo "# ---- START CUSTOM KASMVNC CONFIG ----" >> "$TEMP_CONFIG_FILE"
+  echo "" >> "$TEMP_CONFIG_FILE"
+  
+  # Directly append the YAML configuration
+  echo "${KASM_CONFIG}" >> "$TEMP_CONFIG_FILE"
+  
+  # Add a comment to mark the end of custom config
+  echo "" >> "$TEMP_CONFIG_FILE"
+  echo "# ---- END CUSTOM KASMVNC CONFIG ----" >> "$TEMP_CONFIG_FILE"
+fi
+
+# Apply the configuration
+$SUDO cp "$TEMP_CONFIG_FILE" "$kasm_config_file"
+
+# Clean up
+rm "$TEMP_CONFIG_FILE"

 # This password is not used since we start the server without auth.
 # The server is protected via the Coder session token / tunnel
@@ -16,7 +16,7 @@ Enable Remote Desktop + a web based client on Windows workspaces, powered by [de
 module "windows_rdp" {
  count       = data.coder_workspace.me.start_count
  source      = "registry.coder.com/coder/windows-rdp/coder"
-  version     = "1.2.0"
+  version     = "1.2.1"
  agent_id    = resource.coder_agent.main.id
  resource_id = resource.aws_instance.dev.id
 }
@@ -34,7 +34,7 @@ module "windows_rdp" {
 module "windows_rdp" {
  count       = data.coder_workspace.me.start_count
  source      = "registry.coder.com/coder/windows-rdp/coder"
-  version     = "1.2.0"
+  version     = "1.2.1"
  agent_id    = resource.coder_agent.main.id
  resource_id = resource.aws_instance.dev.id
 }
@@ -46,7 +46,7 @@ module "windows_rdp" {
 module "windows_rdp" {
  count       = data.coder_workspace.me.start_count
  source      = "registry.coder.com/coder/windows-rdp/coder"
-  version     = "1.2.0"
+  version     = "1.2.1"
  agent_id    = resource.coder_agent.main.id
  resource_id = resource.google_compute_instance.dev[0].id
 }
@@ -58,7 +58,7 @@ module "windows_rdp" {
 module "windows_rdp" {
  count                       = data.coder_workspace.me.start_count
  source                      = "registry.coder.com/coder/windows-rdp/coder"
-  version                     = "1.2.0"
+  version                     = "1.2.1"
  agent_id                    = resource.coder_agent.main.id
  resource_id                 = resource.aws_instance.dev.id
  devolutions_gateway_version = "2025.1.6" # Specify a specific version
@@ -16,6 +16,11 @@ function Configure-RDP {
    New-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -Name "SecurityLayer" -Value 1 -PropertyType DWORD -Force
    # Enable RDP through Windows Firewall
    Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
+
+    # Disable UDP. It doesn't work via `coder port-forward` and is broken due to MTU issues in Coder Connect.
+    # Requires a restart to take effect. c.f. https://github.com/coder/internal/issues/608#issuecomment-2965923672
+    New-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' -Name "SelectTransport" -Value 1 -PropertyType DWORD -Force
+    Restart-Service -Name "TermService" -Force
 }

 function Install-DevolutionsGateway {
Author	SHA1	Message	Date
Ben Potter	f05f3f23a4	ok	2025-06-13 15:46:24 +00:00
Ben Potter	bfbcb3eea9	umm?	2025-06-13 15:45:50 +00:00
Ben Potter	99c9a32f49	fix bug	2025-06-13 15:42:52 +00:00
Ben Potter	7571b91780	simplofy	2025-06-13 15:28:19 +00:00
Ben Potter	e0708ce041	fixes	2025-06-13 15:24:00 +00:00
Ben Potter	7da54c210f	fix variables	2025-06-13 15:20:01 +00:00
Ben Potter	e753134bff	refactor: change KasmVNC config from JSON map to YAML string with improved config merging	2025-06-13 15:18:12 +00:00
Ben Potter	bb634a2b5b	fix: add KASM_CONFIG environment variable to VNC template	2025-06-13 15:11:09 +00:00
Ben Potter	18d447f779	add support for kasm config	2025-06-13 15:10:07 +00:00
Spike Curtis	b58bfebcf3	fix: disable UDP connections on windows-rdp module (#149 ) ## Description Relates to Fixes an issue where RDP doesn't function properly over Coder Connect, by disabling UDP and relying only on TCP. c.f. https://github.com/coder/internal/issues/608#issuecomment-2965923672 for a detailed description of the problem. --- ## Type of Change - [ ] New module - [X] Bug fix - [ ] Feature/enhancement - [ ] Documentation - [ ] Other --- ## Module Information <!-- Delete this section if not applicable --> Path: `registry/coder/modules/windows-rdp` New version: `v1.0.19` Breaking change: [ ] Yes [x] No --- ## Testing & Validation - [x] Tests pass (`bun test`) - [x] Code formatted (`bun run fmt`) - [x] Changes tested locally --- ## Related Issues https://github.com/coder/internal/issues/608 Closes # --------- Signed-off-by: Spike Curtis <spike@coder.com>	2025-06-13 06:18:11 +00:00