Desktop App
-
@murgero said in Desktop App:
cloudron locks down too much of the file system to allow it completely.
That's the part that isn't clear.. if the new system image you're making is done right, it doesn't matter if it's read only as all the parts that need to write have the / system portion and /app/data paths.
Next question is where exactly are you getting stuck?
@robi Cloudron blocks write access except for /app/data, /tmp, and I think a couple other dirs. but tghe big stuff like in /var, /etc, /lib - you cant write in post build.
I'd like to note that during the building of the app I can write to whatever directory I want. but once it's deployed though it's locked down.
Plus some stuff you can't do in docker unless the image(s) are ran in privileged mode, which cloudron does not allow either. Without privileged mode, a lot of stuff has to get worked around like x11, window manager, and even simple stuff like fuse works differently in docker than in regular linux.
--
https://urgero.org
~ Professional Nerd. Freelance Programmer. ~ -
@robi Cloudron blocks write access except for /app/data, /tmp, and I think a couple other dirs. but tghe big stuff like in /var, /etc, /lib - you cant write in post build.
I'd like to note that during the building of the app I can write to whatever directory I want. but once it's deployed though it's locked down.
Plus some stuff you can't do in docker unless the image(s) are ran in privileged mode, which cloudron does not allow either. Without privileged mode, a lot of stuff has to get worked around like x11, window manager, and even simple stuff like fuse works differently in docker than in regular linux.
@murgero sysbox allows for more things without using privileged mode.
It's likely a good time to map out the things that you need, vs the things cloudron allows and see what the delta is and how that maps to sysbox capabilities and any changes we might need to look into.
It's these kinds of things that prevent others from seeing an idea can work because of their own limits in knowledge or beliefs, so the immediate response is No, when it could be a YES.
-
@marcusquinn said in Desktop App:
ZorinOS Lite is based on that (XFCE 4.16) too if you wanna try?
Does it have a functional OS level dark mode?
@robi said in Desktop App:
@marcusquinn said in Desktop App:
ZorinOS Lite is based on that (XFCE 4.16) too if you wanna try?
Does it have a functional OS level dark mode?
Yes
-
@timconsidine I actually think that wth a bit more work and collective minds, everything that Kasm offers could be reproduced here for Cloudron. I'm very excited for this concept!
@marcusquinn : I tried out out Kasm.
Generally a good system and an easy install (if you put on its own box not with other stuff).
However, even after increasing the cores and RAM that can be allocated to an app/image, I found it a little slow. Maybe it's the VPS I put it on, despite the VPS having 32Gb RAM and 8 cores.
My expectation level has been set at a middle level remote desktop Workspace from AWS. Although I am trying to get off AWS, I have to say that workspace performs well. Better than Kasm.
So very interested to see what performance a Cloudron Desktop App will be. When it's ready. -
Cloudron App: FluxBox Desktop With FlatPak
An app that gives you a full desktop in the browser.
Screenshots:
How to Use
Other than pcmanfm, firefox, and xterm, most apps you will probably use will need to be installed via flatpak - this was done as flatpaks are isolated and easy to control where files install. Flatpaks allow me to keep the cloudron standard read-only file system and keep apps installed to the cloudron app in backups.
To install an app, you simply install it's flatpak:
flatpak --user install <path_to_pakref_file>orflatpak --user install flathub <packageID>Fluxbox is configured to open firefox normally or to flathub for easy download of flatpaks.
Fluxbox (and the user session) run under the username
desktopwhich has it's password disabled and su/sudo is not possible. This helps with security but also I've had trouble running stuff as root via the noVNC stuff (for now).VNC Also does not have a password on it - I don't think it's really needed (but can be applied if enough people ask) since this app is protected by the cloudron proxy (requires login to access the webapp)
Warnings
- I built the app, and although I am a trusted developer here, please note I DID NOT MAKE THE APP WITH SECURITY IN MIND.
- This app is considered alpha-stages. It may crash, it may burn, it may take your first born.
- Please PLEASE don't use this in production until it can be vetted by a few other people.
Installing
Once I get the package finalized I will push to cloudron's public git server for cloning
-
Love the use case...reminds me of KASM
: https://forum.cloudron.io/topic/3269/kasm-virtual-desktop-browser-isolation/2?_=1643939053102 -
@murgero polite enquiry : how's the project going ?
I appreciate there is probably a ton of work to do to get to a release.@timconsidine Howdy! It's probably ready for testing tbh. But i worry about security - since I am not an export (though I know a lot) on Linux security - It'd be a good idea to test it, and maybe even have a 3rd party audit of it.
--
https://urgero.org
~ Professional Nerd. Freelance Programmer. ~ -
@timconsidine Howdy! It's probably ready for testing tbh. But i worry about security - since I am not an export (though I know a lot) on Linux security - It'd be a good idea to test it, and maybe even have a 3rd party audit of it.
@murgero I'd be interested to test it if you need another set of eyes.
But I'm no expert, and certainly not on security. It's so broad these days. Lots of stuff on reddit/selfhosted on security. trying to absorb this : https://arvind.io/posts/using-fail2ban-to-protect-exposed-services/ -
@murgero I'd be interested to test it if you need another set of eyes.
But I'm no expert, and certainly not on security. It's so broad these days. Lots of stuff on reddit/selfhosted on security. trying to absorb this : https://arvind.io/posts/using-fail2ban-to-protect-exposed-services/@timconsidine maybe do this https://forum.cloudron.io/topic/6224/crowdsec-install-guide-for-cloudron-purposes instead of just fail2ban?
-
@timconsidine maybe do this https://forum.cloudron.io/topic/6224/crowdsec-install-guide-for-cloudron-purposes instead of just fail2ban?
@necrevistonnezr good point
-
@timconsidine maybe do this https://forum.cloudron.io/topic/6224/crowdsec-install-guide-for-cloudron-purposes instead of just fail2ban?
