Desktop App
-
@marcusquinn Sadly Kasm wont work on cloudron as-is. Cloudron restricts access to the containers file-system to read-only mode. Kasm will require that to be removed + will also need docker running in privileged mode to get stuff like sound, app installs, etc working.
-
@murgero I'm thinking Cloudron Dockerised Desktop Apps as an alternative to Kasm.
Although, it does look very well thought out, so might actually be worth supporting and subscribing to for our needs, but really keen to see what we can do here with Cloudron Apps and Desktoping.
-
I'm also thinking we'd them make use of Guacamole.
I have seen companies spend $150/user/MONTH on Citrix & Windows Desktops, with nothing more than Microsoft Office and maybe an Accounting app.
Of all the Cloudon Apps, this could very well become the most valuable to enterprises that need to provide Desktops within a walled-garden for data access & storage with thin-clients like iGel.
-
@marcusquinn Well the docker image has been updated, you can update / reinstall with the same CloudronManifest.json file as before, it will pull the latest image
-
@marcusquinn said in Desktop App:
ZorinOS Lite is based on that (XFCE 4.16) too if you wanna try?
Does it have a functional OS level dark mode?
-
@murgero said in Desktop App:
Sadly Kasm wont work on cloudron as-is. Cloudron restricts access to the containers file-system to read-only mode. Kasm will require that to be removed + will also need docker running in privileged mode to get stuff like sound, app installs, etc working.
It would if you used sysbox from nestybox. Much better container isolation where you can even run full system image containers, which would be good for virtual desktop applications.
Find the "sysbox" thread here on the forum.
-
@murgero said in Desktop App:
cloudron locks down too much of the file system to allow it completely.
That's the part that isn't clear.. if the new system image you're making is done right, it doesn't matter if it's read only as all the parts that need to write have the / system portion and /app/data paths.
Next question is where exactly are you getting stuck?
-
@robi Cloudron blocks write access except for /app/data, /tmp, and I think a couple other dirs. but tghe big stuff like in /var, /etc, /lib - you cant write in post build.
I'd like to note that during the building of the app I can write to whatever directory I want. but once it's deployed though it's locked down.
Plus some stuff you can't do in docker unless the image(s) are ran in privileged mode, which cloudron does not allow either. Without privileged mode, a lot of stuff has to get worked around like x11, window manager, and even simple stuff like fuse works differently in docker than in regular linux.
-
@murgero sysbox allows for more things without using privileged mode.
It's likely a good time to map out the things that you need, vs the things cloudron allows and see what the delta is and how that maps to sysbox capabilities and any changes we might need to look into.
It's these kinds of things that prevent others from seeing an idea can work because of their own limits in knowledge or beliefs, so the immediate response is No, when it could be a YES.
-
@robi said in Desktop App:
@marcusquinn said in Desktop App:
ZorinOS Lite is based on that (XFCE 4.16) too if you wanna try?
Does it have a functional OS level dark mode?
Yes
-
@marcusquinn : I tried out out Kasm.
Generally a good system and an easy install (if you put on its own box not with other stuff).
However, even after increasing the cores and RAM that can be allocated to an app/image, I found it a little slow. Maybe it's the VPS I put it on, despite the VPS having 32Gb RAM and 8 cores.
My expectation level has been set at a middle level remote desktop Workspace from AWS. Although I am trying to get off AWS, I have to say that workspace performs well. Better than Kasm.
So very interested to see what performance a Cloudron Desktop App will be. When it's ready. -
Love the use case...reminds me of KASM : https://forum.cloudron.io/topic/3269/kasm-virtual-desktop-browser-isolation/2?_=1643939053102
-
@timconsidine Howdy! It's probably ready for testing tbh. But i worry about security - since I am not an export (though I know a lot) on Linux security - It'd be a good idea to test it, and maybe even have a 3rd party audit of it.
-
@murgero I'd be interested to test it if you need another set of eyes.
But I'm no expert, and certainly not on security. It's so broad these days. Lots of stuff on reddit/selfhosted on security. trying to absorb this : https://arvind.io/posts/using-fail2ban-to-protect-exposed-services/ -
@timconsidine maybe do this https://forum.cloudron.io/topic/6224/crowdsec-install-guide-for-cloudron-purposes instead of just fail2ban?
-
@necrevistonnezr good point
-
@necrevistonnezr That seems more for the host than installed in apps? Or am I misreading some of it?