[global] default_host_url = 'http://localhost' websocketrouting = 'http_origin' server.socket_host = '0.0.0.0' server.socket_port = 8000 server.geolocation_ipaddr = '127.0.0.1' jwt_token_user = { 'exp': 360, 'jwtuserprivatekeyfile': '/config.usersigning/abcdesktop_jwt_user_signing_private_key.pem', 'jwtuserpublickeyfile' : '/config.usersigning/abcdesktop_jwt_user_signing_public_key.pem' } jwt_token_desktop = { 'exp': 420, 'jwtdesktopprivatekeyfile': '/config.signing/abcdesktop_jwt_desktop_signing_private_key.pem', 'jwtdesktoppublickeyfile' : '/config.signing/abcdesktop_jwt_desktop_signing_public_key.pem', 'payloaddesktoppublickeyfile' : '/config.payload/abcdesktop_jwt_desktop_payload_public_key.pem' } controllers = { 'ManagerController': { 'permitip': [ '10.0.0.0/8', '172.16.0.0/12', '192.168.0.0/16', 'fd00::/8', '169.254.0.0/16', '127.0.0.0/8' ] }, 'StoreController': { 'wrapped_key': {} }, 'ComposerController' : { 'requestsallowed' : { 'getdesktopdescription': False } }, 'DesktopController' : { 'requestsallowed' : { 'dns': False }, 'permitip': [ '10.0.0.0/8', '172.16.0.0/12', '192.168.0.0/16', 'fd00::/8', '169.254.0.0/16', '127.0.0.0/8' ] } } OAUTHLIB_INSECURE_TRANSPORT = True OAUTHLIB_RELAX_TOKEN_SCOPE = True fail2ban = { 'enable' : False, 'banexpireafterseconds': 600, 'failsbeforeban' : 5, 'protectednetworks' : ['192.168.1.0/24'] } auth.logmein = { 'enable' : False, 'network_list' : ['0.0.0.0/0'], 'permit_querystring' : True, 'http_attribut' : 'ABCDESKTOPUSERCERT' } auth.prelogin = { 'enable' : False, 'url' : 'https://FQHN/index.session.mustache.html', 'network_list' : ['0.0.0.0/0'], 'http_attribut ' : 'abcuserid', 'http_attribut_to_force_auth_prelogin': 'MUST_USE_PRELOGIN' } language = [ 'de_AT', 'de_BE', 'de_CH', 'de_DE', 'de_LI', 'de_LU', 'en_AG', 'en_AU', 'en_BW', 'en_CA', 'en_DK', 'en_GB', 'en_HK', 'en_IE', 'en_IN', 'en_NG', 'en_NZ', 'en_PH', 'en_SG', 'en_US', 'en_ZA', 'en_ZM', 'en_ZW', 'fr_BE', 'fr_CA', 'fr_CH', 'fr_FR', 'fr_LU' ] webrtc.enable = False webrtc.rtc_constraints = { 'video': False, 'audio': True } K8S_BOUND_PVC_TIMEOUT_SECONDS = 60 K8S_BOUND_PVC_MAX_EVENT = 5 K8S_CREATE_POD_TIMEOUT_SECONDS = 300 K8S_CREATE_EPHEMERALCONTAINER_TIMEOUT_SECONDS = 120 executeclasses = { 'default':{ 'description': '1 CPU cores and 2Gi', 'nodeSelector':None, 'resources':{ 'requests':{'memory':"512Mi",'cpu':"100m"}, 'limits': {'memory':"2Gi",'cpu':"1000m"} } }, 'bronze':{ 'description': '1 core / 2 Gi / 0 GPU', 'nodeSelector':None, 'resources':{ 'requests':{'memory':"64Mi",'cpu':"100m"}, 'limits': {'memory':"2Gi",'cpu':"1000m"} } }, 'silver':{ 'description': '2 cores / 4 Gi / 1 GPU', 'nodeSelector':None, 'resources':{ 'requests':{'memory':"64Mi",'cpu':"100m"}, 'limits': {'memory':"4Gi",'cpu':"2000m", 'nvidia.com/gpu':'1' } } }, 'gold':{ 'description': '4 cores / 8 Gi / 1 GPU', 'nodeSelector':None, 'resources':{ 'requests':{'memory':"128Mi",'cpu':"100m"}, 'limits':{'memory':"8Gi",'cpu':"4000m", 'nvidia.com/gpu':'1' } } } } desktop.secretslocalaccount = '/etc/localaccount' desktop.appendpathtomounthomevolume = '' desktop.pod = { 'spec' : { 'shareProcessNamespace': False, 'shareProcessMemory': True, 'securityContext': { 'supplementalGroups': [ '{{ supplementalGroups }}' ], 'runAsUser': '{{ uidNumber }}', 'runAsGroup': '{{ gidNumber }}' }, 'tolerations': [] }, 'default_volumes': { 'shm': { 'name': 'shm', 'emptyDir': { 'medium': 'Memory', 'sizeLimit': '512Mi' } }, 'run': { 'name': 'run', 'emptyDir': { 'medium': 'Memory', 'sizeLimit': '1M' } }, 'tmp': { 'name': 'tmp', 'emptyDir': { 'medium': 'Memory', 'sizeLimit': '8Gi' } }, 'log': { 'name': 'log', 'emptyDir': { 'medium': 'Memory', 'sizeLimit': '8Gi' } }, 'rundbus': { 'name': 'rundbus', 'emptyDir': { 'medium': 'Memory', 'sizeLimit': '8M' } }, 'runuser': { 'name': 'runuser', 'emptyDir': { 'medium': 'Memory', 'sizeLimit': '8M' } }, 'x11socket': { 'name': 'x11socket', 'emptyDir': { 'medium': 'Memory' } }, 'pulseaudiosocket' : { 'name': 'pulseaudiosocket', 'emptyDir': { 'medium': 'Memory' } }, 'cupsdsocket': { 'name': 'cupsdsocket', 'emptyDir': { 'medium': 'Memory' } } }, 'default_volumes_mount': { 'shm': { 'name': 'shm', 'mountPath' : '/dev/shm' }, 'run': { 'name': 'run', 'mountPath': '/var/run/desktop' }, 'tmp': { 'name': 'tmp', 'mountPath': '/tmp' }, 'log': { 'name': 'log', 'mountPath': '/var/log/desktop' }, 'rundbus': { 'name': 'rundbus', 'mountPath': '/var/run/dbus' }, 'runuser': { 'name': 'runuser', 'mountPath': '/run/user/' }, 'x11socket': { 'name': 'x11socket', 'mountPath': '/tmp/.X11-unix' }, 'pulseaudiosocket': { 'name': 'pulseaudiosocket', 'mountPath': '/tmp/.pulseaudio' }, 'cupsdsocket': { 'name': 'cupsdsocket', 'mountPath': '/tmp/.cupsd' } }, 'graphical' : { 'image': { 'default': 'ghcr.io/abcdesktopio/oc.user.ubuntu.sudo.24.04:4.1' }, 'imagePullPolicy': 'Always', 'enable': True, 'acl': { 'permit': [ 'all' ] }, 'waitportbin' : '/composer/node/wait-port/node_modules/.bin/wait-port', 'resources': { 'requests': { 'memory': "256Mi", 'cpu': "100m" }, 'limits' : { 'memory': "4Gi", 'cpu': "2000m" } }, 'securityContext': { 'readOnlyRootFilesystem': False, 'allowPrivilegeEscalation': True }, 'tcpport': 6081, 'secrets_requirement' : [ 'abcdesktop/vnc', 'abcdesktop/kerberos'], 'waitfor_services' : [ 'xserver', 'novnc', 'spawner-service', 'plasmashell' ], 'waitfor_processes' : [ 'kwin_x11', 'plasmashell', 'kactivitymanagerd', 'kded5', 'kscreen_backend_launcher' ], 'waitfor_listeningservices': [ 'graphical', 'spawner' ] }, 'spawner' : { 'enable': True, 'tcpport': 29786, 'waitportbin' : '/composer/node/wait-port/node_modules/.bin/wait-port', 'acl': { 'permit': [ 'all' ] } }, 'broadcast' : { 'enable': True, 'tcpport': 29784, 'acl': { 'permit': [ 'all' ] } }, 'webshell' : { 'enable': True, 'tcpport': 29781, 'acl': { 'permit': [ 'all' ] } }, 'printer' : { 'image': 'ghcr.io/abcdesktopio/oc.cupsd:4.1', 'imagePullPolicy': 'IfNotPresent', 'enable': True, 'tcpport': 681, 'securityContext': { 'runAsUser': 0, 'runAsGroup': 0 }, 'resources': { 'requests': { 'memory': "64Mi", 'cpu': "5m" }, 'limits' : { 'memory': "512Mi", 'cpu': "200m" } }, 'acl': { 'permit': [ 'all' ] } }, 'printerfile' : { 'enable': True, 'tcpport': 29782, 'acl': { 'permit': [ 'all' ] } }, 'filer' : { 'image': 'ghcr.io/abcdesktopio/oc.filer:4.1', 'imagePullPolicy': 'IfNotPresent', 'enable': True, 'tcpport': 29783, 'resources': { 'requests': { 'memory': "32Mi", 'cpu': "5m" }, 'limits' : { 'memory': "256Mi",'cpu': "100m" } }, 'acl': { 'permit': [ 'all' ] } }, 'storage' : { 'image': 'k8s.gcr.io/pause:3.8', 'imagePullPolicy': 'IfNotPresent', 'enable': True, 'acl': { 'permit': [ 'all' ] }, 'resources': { 'requests': { 'memory': "8Mi", 'cpu': "5m" }, 'limits' : { 'memory': "32Mi", 'cpu': "5m" } } }, 'sound': { 'image': 'ghcr.io/abcdesktopio/oc.pulseaudio:4.1', 'imagePullPolicy': 'IfNotPresent', 'enable': True, 'tcpport': 29788, 'acl': { 'permit': [ 'all' ] }, 'resources': { 'requests': { 'memory': "64Mi", 'cpu': "50m" }, 'limits' : { 'memory': "256Mi", 'cpu': "500m" } } }, 'init': { 'image': 'busybox', 'enable': True, 'imagePullPolicy': 'IfNotPresent', 'securityContext': { 'runAsUser': 0 }, 'acl': { 'permit': [ 'all' ] }, 'resources': { 'requests': { 'memory': "8Mi", 'cpu': "5m" }, 'limits' : { 'memory': "32Mi", 'cpu': "10m" } }, 'command': [ 'sh', '-c', 'chmod 750 ~ && chown {{ uidNumber }}:{{ gidNumber }} ~' ] }, 'ephemeral_container': { 'enable': True, 'acl': { 'permit': [ 'all' ] }, 'securityContext': { 'supplementalGroups': [ '{{ supplementalGroups }}' ] , 'readOnlyRootFilesystem': False, 'allowPrivilegeEscalation': True, 'runAsUser':'{{ uidNumber }}', 'runAsGroup':'{{ gidNumber }}' } }, 'pod_application' : { 'enable': True, 'securityContext': { 'supplementalGroups': [ '{{ supplementalGroups }}' ] , 'readOnlyRootFilesystem': False, 'allowPrivilegeEscalation': True, 'runAsUser':'{{ uidNumber }}', 'runAsGroup':'{{ gidNumber }}' }, 'tolerations': [], 'acl': { 'permit': [ 'all' ] } } } desktop.policies = { 'rules': { } } desktop.homedirectorytype = 'persistentVolumeClaim' desktop.persistentvolumeclaim = { 'metadata': { 'name': '{{ provider }}-{{ userid }}', }, 'spec': { 'storageClassName': 'proxmox-csi', 'resources': { 'requests': { 'storage': '5Gi' } }, 'accessModes': [ 'ReadWriteMany' ] } } desktop.nodeselector = { 'abcdesktoprole': 'worker' } desktop.envlocal = { 'WEBSOCKIFY_HEARTBEAT':'30', 'LIBOVERLAY_SCROLLBAR':'0', 'UBUNTU_MENUPROXY':'0', 'X11LISTEN':'tcp', 'ABCDESKTOP_BG_COLOR': '#7fb3cf' } desktop.removehomedirectory = False desktop.removepersistentvolume = False desktop.removepersistentvolumeclaim = False desktop.username = 'balloon' desktop.userid = 4096 desktop.groupid = 4096 desktop.userhomedirectory = '/home/balloon' dock = { 'webshell': { 'name': u'WebShell', 'acl': { 'permit': [ 'all' ] }, 'keyword': u'terminal,shell,webshell,bash,cmd', 'showinview': u'dock', 'launch': u'frontendjs.webshell', 'displayname': u'Web Shell', 'execmode': u'frontendjs', 'cat': u'utilities,development', 'id': u'webshell.d', 'icon': u'webshell.svg' } } desktop.zoom = 1 front.menuconfig = { 'settings': True, 'appstore': True, 'screenshot':True, 'download': True, 'logout': True, 'disconnect': True } desktop.defaultbackgroundcolors = [ '#6EC6F0', '#333333', '#666666', '#CD3C14', '#4BB4E6', '#50BE87', '#A885D8', '#FFB4E6' ] tipsinfo = { 'networkmap': False } logging = { "version": 1, "disable_existing_loggers": False, 'formatters': { 'access': { 'format': '%%(message)s - user: %%(userid)s', 'datefmt': '%%Y-%%m-%%d %%H:%%M:%%S' }, 'standard': { 'format': '%%(asctime)s %%(nodename)s %%(thread)d %%(module)s [%%(levelname)-7s] %%(name)s.%%(funcName)s:%%(userid)s %%(message)s', 'datefmt': '%%Y-%%m-%%d %%H:%%M:%%S' }, 'syslog': { 'format': '%%(asctime)s %%(nodename)s %%(thread)s %%(levelname)s %%(module)s %%(process)d %%(name)s.%%(funcName)s:%%(userid)s %%(message)s', 'datefmt': '%%Y-%%m-%%d %%H:%%M:%%S' }, 'graylog': { 'format': '%%(levelname)s %%(nodename)s %%(thread)s %%(module)s %%(process)d %%(name)s.%%(funcName)s:%%(userid)s %%(message)s' } }, 'filters': { 'odcontext': { '()': 'oc.logging.OdContextFilter' } }, 'handlers': { 'stdout': { 'class': 'logging.StreamHandler', 'filters': [ 'odcontext' ], 'level': 'INFO', 'formatter': 'standard', 'stream': 'ext://sys.stdout' }, 'stderr': { 'class': 'logging.StreamHandler', 'filters': [ 'odcontext' ], 'level': 'ERROR', 'formatter': 'standard', 'stream': 'ext://sys.stderr' }, 'trace': { 'class': 'logging.handlers.RotatingFileHandler', 'level': 'INFO', 'filters': [ 'odcontext' ], 'formatter': 'standard', 'filename': 'logs/trace.log', 'maxBytes': 10485760, 'backupCount': 20, 'encoding': 'utf8', 'mode': 'w' }, 'cherrypy_access': { 'class': 'logging.handlers.RotatingFileHandler', 'filters': [ 'odcontext' ], 'formatter': 'access', 'filename': 'logs/access.log', 'maxBytes': 10485760, 'backupCount': 20, 'encoding': 'utf8' } }, 'loggers': { 'urllib3.connectionpool': { 'level': 'ERROR', }, 'kubernetes': { 'handlers': [ 'stderr', 'stdout', 'trace' ], 'level': 'ERROR', 'propagate': False }, 'cherrypy.access': { 'handlers': [ 'cherrypy_access' ], 'level': 'INFO', 'propagate': False }, 'requests_oauthlib' : { 'handlers': [ 'stderr', 'stdout', 'trace' ], 'level': 'ERROR', 'propagate': False }, 'cherrypy' : { 'handlers': [ 'stderr', 'stdout', 'trace' ], 'level': 'ERROR', } }, 'root': { 'level': 'INFO', 'handlers': [ 'stderr', 'stdout', 'trace' ] }} authmanagers = {'external': {'providers': {'authentik': {'displayname': 'Authentik', 'textcolor': '#000000', 'backgroundcolor': '#FFFFFF', 'icon': 'img/auth/google_icon.svg', 'enabled': True, 'client_id': 'kdbZ0vt2lHJ9F8sLinSPeGEl5zoyT8xweVaRLnu0', 'client_secret': 'z9t868XgnGhvVXHLN5nmXR9EGLnHC72Mz2tXBvSexNaj56c6Whn5PjeG3W2oAaiM0RV6ehwIXtwIjrgxPTLDofz90GJZ90SFkPDqh1crBCLM6rhstQF00xR9QxHZn8Re', 'userinfo_auth': True, 'scope': ['openid', 'email', 'profile'], 'username_claim': 'preferred_username', 'userinfo_url': 'https://authentik.giaco.net/application/o/userinfo/', 'redirect_uri_prefix': 'https://morrow.giaco.net/API/auth/oauth', 'redirect_uri_querystring': 'manager=external&provider=authentik', 'authorization_base_url': 'https://authentik.giaco.net/application/o/authorize/', 'token_url': 'https://authentik.giaco.net/application/o/token/', 'policies': {'acl': {'permit': ['all']}}}}}}