rebase to selkies

2025-06-24 14:19:09 -04:00
parent bd2a9560cc
commit 9895976bba
4 changed files with 53 additions and 161 deletions
--- a/readme-vars.yml
+++ b/readme-vars.yml
@@ -25,7 +25,7 @@ param_volumes:
  - {vol_path: "/config", vol_host_path: "/path/to/config", desc: "Users home directory in the container, stores local files and settings"}
 param_usage_include_ports: true
 param_ports:
-  - {external_port: "3000", internal_port: "3000", port_desc: "Chromium desktop gui."}
+  - {external_port: "3000", internal_port: "3000", port_desc: "HTTP Chromium desktop gui, must be proxied."}
  - {external_port: "3001", internal_port: "3001", port_desc: "HTTPS Chromium desktop gui."}
 custom_params:
  - {name: "shm-size", name_compose: "shm_size", value: "1gb", desc: "This is needed for any modern website to function like youtube."}
@@ -36,81 +36,57 @@ opt_param_env_vars:
 opt_security_opt_param: true
 opt_security_opt_param_vars:
  - {run_var: "seccomp=unconfined", compose_var: "seccomp:unconfined", desc: "For Docker Engine only, many modern gui apps need this to function on older hosts as syscalls are unknown to Docker. Chromium runs in no-sandbox test mode without it."}
-# Kasm blurb settings
-kasm_blurb: true
-show_nvidia: true
-external_http_port: "3000"
-external_https_port: "3001"
-noto_fonts: "fonts-noto-cjk"
 # application setup block
 app_setup_block_enabled: true
 app_setup_block: |
  The application can be accessed at:

-  * http://yourhost:3000/
  * https://yourhost:3001/
-# init diagram
-init_diagram: |
-  "chromium:latest": {
-    docker-mods
-    base {
-      fix-attr +\nlegacy cont-init
-    }
-    docker-mods -> base
-    legacy-services
-    custom services
-    init-services -> legacy-services
-    init-services -> custom services
-    custom services -> legacy-services
-    legacy-services -> ci-service-check
-    init-migrations -> init-adduser
-    init-kasmvnc-end -> init-config
-    init-os-end -> init-config
-    init-config -> init-config-end
-    init-crontab-config -> init-config-end
-    init-config -> init-crontab-config
-    init-mods-end -> init-custom-files
-    init-adduser -> init-device-perms
-    base -> init-envfile
-    init-os-end -> init-kasmvnc
-    init-nginx -> init-kasmvnc-config
-    init-video -> init-kasmvnc-end
-    base -> init-migrations
-    init-config-end -> init-mods
-    init-mods-package-install -> init-mods-end
-    init-mods -> init-mods-package-install
-    init-kasmvnc -> init-nginx
-    init-adduser -> init-os-end
-    init-device-perms -> init-os-end
-    init-envfile -> init-os-end
-    init-custom-files -> init-services
-    init-kasmvnc-config -> init-video
-    init-services -> svc-cron
-    svc-cron -> legacy-services
-    init-services -> svc-de
-    svc-nginx -> svc-de
-    svc-de -> legacy-services
-    init-services -> svc-docker
-    svc-de -> svc-docker
-    svc-docker -> legacy-services
-    init-services -> svc-kasmvnc
-    svc-pulseaudio -> svc-kasmvnc
-    svc-kasmvnc -> legacy-services
-    init-services -> svc-kclient
-    svc-kasmvnc -> svc-kclient
-    svc-kclient -> legacy-services
-    init-services -> svc-nginx
-    svc-kclient -> svc-nginx
-    svc-nginx -> legacy-services
-    init-services -> svc-pulseaudio
-    svc-pulseaudio -> legacy-services
-  }
-  Base Images: {
-    "baseimage-kasmvnc:debianbookworm" <- "baseimage-debian:bookworm"
-  }
-  "chromium:latest" <- Base Images
+
+
+  ### Security
+
+  >[!WARNING]
+  >Do not put this on the Internet if you do not know what you are doing.
+
+  By default this container has no authentication and the optional environment variables `CUSTOM_USER` and `PASSWORD` to enable basic http auth via the embedded NGINX server should only be used to locally secure the container from unwanted access on a local network. If exposing this to the Internet we recommend putting it behind a reverse proxy, such as [SWAG](https://github.com/linuxserver/docker-swag), and ensuring a secure authentication solution is in place. From the web interface a terminal can be launched and it is configured for passwordless sudo, so anyone with access to it can install and run whatever they want along with probing your local network.
+
+  ### Nvidia GPU Support
+
+  **Nvidia support is not compatible with Alpine based images as Alpine lacks Nvidia drivers**
+
+  Nvidia support is available by leveraging Zink for OpenGL support. This can be enabled with the following run flags:
+
+  | Variable | Description |
+  | :----: | --- |
+  | --gpus all | This can be filtered down but for most setups this will pass the one Nvidia GPU on the system |
+  | --runtime nvidia | Specify the Nvidia runtime which mounts drivers and tools in from the host |
+
+  The compose syntax is slightly different for this as you will need to set nvidia as the default runtime:
+
+  ```
+  sudo nvidia-ctk runtime configure --runtime=docker --set-as-default
+  sudo service docker restart
+  ```
+
+  And to assign the GPU in compose:
+
+  ```
+  services:
+    webtop:
+      image: lscr.io/linuxserver/suyu:latest
+      deploy:
+        resources:
+          reservations:
+            devices:
+              - driver: nvidia
+                count: 1
+                capabilities: [compute,video,graphics,utility]
+  ```
+
 # changelog
 changelogs:
+  - {date: "24.06.25:", desc: "Rebase to Selkies."}
  - {date: "03.04.25:", desc: "Update chromium launch options to improve performance."}
  - {date: "10.02.24:", desc: "Update Readme with new env vars and ingest proper PWA icon."}
  - {date: "08.01.24:", desc: "Fix re-launch issue for chromium by purging temp files on launch."}