jesus/prvng_extensions
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
prvng_extensions/taskservs/development/desktop/README.md
Jesús Pérez d325dfad3a
chore init repo and codebase
2025-10-07 11:05:08 +01:00

393 lines
9.9 KiB
Markdown
Raw Blame History

# Desktop Task Service
## Overview
The Desktop task service provides a complete minimal desktop environment installation for running GUI applications on cloud instances. It includes support for multiple desktop environments, VNC remote access, and a curated set of essential applications including the Zed editor.
## Features
### Desktop Environments
- **XFCE** (default) - Lightweight and customizable
- **GNOME** - Modern and user-friendly
- **KDE** - Feature-rich and powerful
- **LXDE** - Ultra-lightweight
- **MATE** - Traditional desktop experience
### Display Managers
- **LightDM** (default) - Lightweight display manager
- **GDM** - GNOME display manager
- **SDDM** - Simple desktop display manager
### Remote Access
- **VNC Server** - Remote desktop access via VNC protocol
- Configurable resolution and color depth
- Password protection support
- Service management through systemd
- **RustDesk** - Modern cross-platform remote desktop with excellent performance
- Direct P2P connection or custom server support
- Built-in security and encryption
- Multi-platform client support
- Auto-start service management
- **SSH Server** - Secure command line and tunnel access
- Hardened configuration with fail2ban protection
- Key-based and password authentication options
- User access controls and restrictions
- Automatic firewall configuration
### Applications
#### Editors
- **Zed** - High-performance, multiplayer code editor (default)
- **Nano** - Simple terminal text editor
- **Vim** - Advanced terminal text editor
#### Development Tools
- **Git** - Version control system
- **Build Essential** - Compilation tools and libraries
#### Browsers
- **Firefox** - Web browser
#### Terminals
- **XFCE4 Terminal** (default) - Terminal emulator
#### Media & Graphics
- **VLC** - Media player
- **GIMP** - Image editing
#### Office
- **LibreOffice** - Office suite
#### Utilities
- **htop** - System monitor
- **curl/wget** - Download tools
- **tree** - Directory tree viewer
## Configuration
### Basic Configuration
```kcl
desktop: DesktopServer = {
name: "my-desktop"
run_user: {
name: "myuser"
home: "/home/myuser"
}
desktop_env: {
type: "xfce"
display_manager: "lightdm"
resolution: "1920x1080"
}
vnc: {
enabled: true
port: 5901
geometry: "1920x1080"
depth: 24
}
rustdesk: {
enabled: true
port: 21116
hbbr_port: 21117
}
ssh: {
enabled: true
port: 22
password_auth: true
key_auth: true
}
}
```
### Advanced Configuration
```kcl
desktop: DesktopServer = {
name: "development-desktop"
run_user: {
name: "developer"
home: "/home/developer"
shell: "/bin/bash"
}
desktop_env: {
type: "gnome"
display_manager: "gdm"
resolution: "2560x1440"
theme: "Adwaita-dark"
}
applications: {
editors: ["zed", "vim", "nano"]
browsers: ["firefox"]
development: ["git", "build-essential", "docker"]
terminals: ["gnome-terminal"]
}
graphics: {
driver: "nvidia"
acceleration: true
compositing: true
}
vnc: {
enabled: true
port: 5902
password: "secure_vnc_password"
geometry: "2560x1440"
depth: 32
}
rustdesk: {
enabled: true
port: 21116
hbbr_port: 21117
custom_server: "rustdesk.mycompany.com"
permanent_password: "permanent_access_pass"
allow_guest: false
}
ssh: {
enabled: true
port: 2222
password_auth: true
key_auth: true
root_login: "no"
max_auth_tries: 3
allowed_users: ["developer", "admin"]
}
auto_login: true
}
```
## Usage
### Deploy Desktop Environment
```bash
./core/nulib/provisioning taskserv create desktop --infra <infrastructure-name>
```
### List Available Desktop Options
```bash
./core/nulib/provisioning taskserv list
```
### SSH to Desktop Server
```bash
./core/nulib/provisioning server ssh <desktop-server>
```
### Connect via VNC
1. Connect to server via VNC client (port 5901 by default)
2. Use configured VNC password if set
3. Desktop environment will start automatically
### Start/Stop VNC Service
```bash
# Start VNC service
systemctl start vncserver@1.service
# Stop VNC service
systemctl stop vncserver@1.service
# Check VNC service status
systemctl status vncserver@1.service
```
### Connect via RustDesk
1. **Get RustDesk ID**: Run `sudo -u <desktop-user> rustdesk --get-id` on server
2. **Get temporary password**: Run `sudo -u <desktop-user> rustdesk --password` on server
3. **Download RustDesk client** from [rustdesk.com](https://rustdesk.com)
4. **Connect using ID and password** from steps 1-2
#### RustDesk Service Management
```bash
# Start RustDesk service for user
sudo -u <desktop-user> systemctl --user start rustdesk.service
# Stop RustDesk service
sudo -u <desktop-user> systemctl --user stop rustdesk.service
# Check RustDesk service status
sudo -u <desktop-user> systemctl --user status rustdesk.service
```
### Connect via SSH
```bash
# Basic SSH connection
ssh <desktop-user>@<server-ip> -p <ssh-port>
# SSH with X11 forwarding (for running GUI apps over SSH)
ssh -X <desktop-user>@<server-ip> -p <ssh-port>
# SSH with compression and forwarding
ssh -XC <desktop-user>@<server-ip> -p <ssh-port>
# Create SSH tunnel for VNC (more secure)
ssh -L 5901:localhost:5901 <desktop-user>@<server-ip> -p <ssh-port>
```
#### SSH Key-based Authentication
```bash
# Generate SSH key pair (on client)
ssh-keygen -t ed25519 -C "user@client-machine"
# Copy public key to server
ssh-copy-id -i ~/.ssh/id_ed25519.pub <desktop-user>@<server-ip> -p <ssh-port>
# Connect using key
ssh -i ~/.ssh/id_ed25519 <desktop-user>@<server-ip> -p <ssh-port>
```
## Supported Operating Systems
- Ubuntu 20.04+ / Debian 11+
- CentOS 8+ / RHEL 8+ / Fedora 35+
## Requirements
### Minimum System Requirements
- **RAM**: 2GB (4GB recommended)
- **Storage**: 20GB (40GB recommended for development)
- **CPU**: 2 cores (4 cores recommended)
- **Network**: Internet access for package installation
### For Graphics Acceleration
- Compatible GPU with proper drivers
- Additional VRAM for high-resolution displays
## Zed Editor Integration
The desktop environment includes Zed editor with:
- Pre-configured settings for development
- Language server protocol (LSP) support
- Git integration
- Terminal integration
- Desktop shortcut creation
- Multi-user support
### Zed Configuration Location
- System: `/usr/local/bin/zed`
- User config: `~/.config/zed/settings.json`
- Desktop shortcut: `~/Desktop/zed.desktop`
## Troubleshooting
### VNC Connection Issues
```bash
# Check VNC service status
systemctl status vncserver@1.service
# Restart VNC service
systemctl restart vncserver@1.service
# Check VNC logs
journalctl -u vncserver@1.service
```
### Desktop Environment Issues
```bash
# Check display manager status
systemctl status lightdm # or gdm/sddm
# Restart display manager
systemctl restart lightdm
# Check X server logs
cat /var/log/Xorg.0.log
```
### Application Installation Issues
```bash
# Update package lists
apt update # Ubuntu/Debian
dnf update # Fedora/RHEL
# Check for broken packages
apt --fix-broken install # Ubuntu/Debian
# Clear package cache
apt clean # Ubuntu/Debian
dnf clean all # Fedora/RHEL
```
### RustDesk Connection Issues
```bash
# Check RustDesk service status
sudo -u <desktop-user> systemctl --user status rustdesk.service
# Check RustDesk logs
journalctl --user -u rustdesk.service
# Restart RustDesk service
sudo -u <desktop-user> systemctl --user restart rustdesk.service
# Check firewall ports
sudo ufw status # Ubuntu/Debian
sudo firewall-cmd --list-ports # CentOS/RHEL/Fedora
# Get current RustDesk ID and password
sudo -u <desktop-user> rustdesk --get-id
sudo -u <desktop-user> rustdesk --password
```
### SSH Connection Issues
```bash
# Check SSH service status
systemctl status ssh # Ubuntu/Debian
systemctl status sshd # CentOS/RHEL/Fedora
# Check SSH configuration
sshd -t
# View SSH logs
journalctl -u ssh # Ubuntu/Debian
journalctl -u sshd # CentOS/RHEL/Fedora
# Check fail2ban status (if installed)
fail2ban-client status sshd
# Test SSH connection with verbose output
ssh -v <desktop-user>@<server-ip> -p <ssh-port>
```
## Security Considerations
### VNC Security
- VNC connections are not encrypted by default
- Consider using SSH tunneling for secure VNC access:
```bash
ssh -L 5901:localhost:5901 <desktop-user>@<server-ip>
```
- Use strong VNC passwords
- Consider firewall rules to restrict VNC access
### RustDesk Security
- RustDesk uses end-to-end encryption by default
- Connections are secure without additional tunneling
- Consider using custom RustDesk server for better control
- Permanent passwords should be strong and rotated regularly
- Disable guest access in production environments
### SSH Security
- Automatic fail2ban protection against brute force attacks
- Key-based authentication is more secure than password-only
- Regular security updates are automatically configured
- SSH hardening applied with secure defaults:
- Root login restricted to key-only or disabled
- Maximum authentication attempts limited
- Connection timeouts configured
- Consider changing default SSH port (22) for additional security
### General Security
- Regular security updates are recommended
- Use strong passwords for all accounts
- Consider network-level restrictions (VPN, firewall rules)
- Monitor system logs regularly for suspicious activity
- Keep desktop applications updated
## Performance Optimization
### For Low-Resource Systems
- Use LXDE or XFCE desktop environments
- Disable compositing effects
- Reduce VNC color depth to 16-bit
- Limit background applications
### For High-Performance Systems
- Use GNOME or KDE for full features
- Enable graphics acceleration
- Use higher VNC color depth (24/32-bit)
- Enable compositing effects
Reference in New Issue View Git Blame Copy Permalink