TODO #2? about openaudible_docker HOT 3 OPEN

Better late than never.. but that's great.

A few things.. There is still a terminal program available (with root access via sudo su) And there is no file browser.. so there is no way to "reveal" a directory or file.. But the auto start seems to work pretty well.

This isn't a project we are actively updating.. but hopefully other people will find this useful.

I will try to incorporate some of this.

from openaudible_docker.

As with everything one is hosting/running on a home server, unless it's meant for the public, it should be hidden behind some sort of authentication, else not be exposed to the internet at all.

terminal (with or without su) should therefore not matter, though people do time and time again expose this sort of stuff publicly, so I see your point.

linuxserver deprecated docker-baseimage-rdesktop-web just a few months ago though, replacing it with docker-baseimage-kasmvnc (it's what webtop uses now).

While being a larger base image, it offers several benefits over rdesktop-web; gpu-acceleration, audio, shared clipboard (when using chromium browsers), and HTTP basic auth using env variables. It also feels more smooth.

If you're interested, I can throw together a Dockerfile using docker-baseimage-kasmvnc.

from openaudible_docker.

Edit: Updated all files as I figured why I wasn't able to install to /usr/local/OpenAudible, short story permissions. I've now updated everything to a build & forget approach, where every recreate of the container will download and install latest version (even though best practice is one image per version).

Went ahead and made something that should tick all your boxes under the todo, only caveat is final image being 1.55GB.
Could probably be stripped down a bit, as it includes quite some stuff to make it compatible with kasm workspaces.

Add a user/password for accessing the VM

Defaults to OpenAudible:openaudible. Can be changed by user adding env variables CUSTOM_USER and PASSWORD, while setting PASSWORD to blank will disable it.

Perhaps experiment with Ubuntu Kiosk Mode, to disable terminal, su, etc? OpenAudible and system file browser.

xterm is still included, but the user is removed from sudoers

lock down "su" root ability (change root password?)

root password changed to a random 20 character hex string every time the container is started/restarted/created.

I've included thunar as file manager

Dockerfile

FROM ghcr.io/linuxserver/baseimage-kasmvnc:debianbullseye

ENV TITLE=OpenAudible
ENV CUSTOM_USER=OpenAudible
ENV PASSWORD=openaudible

RUN \
  echo "**** update packages ****" && \
    apt-get update && \
    apt-get install -y --no-install-recommends \
      wget \
      gnome-icon-theme* \
      thunar && \
  echo '**** tweaks ****' && \
  sed -i 's|</applications>|  <application title="OpenAudible" type="normal">\n    <maximized>no</maximized>\n  </application>\n</applications>|' /etc/xdg/openbox/rc.xml && \
  deluser abc sudo && \
  wget https://avatars.githubusercontent.com/u/30847528 -O /app/logo.png && \
  echo "**** cleanup ****" && \
    rm -rf \
      /tmp/* \
      /var/lib/apt/lists/* \
      /var/tmp/*

COPY /root /

EXPOSE 3000 3001

VOLUME /config

docker-compose.yml

services:
  openaudible:
    container_name: openaudible
    image: openaudible:latest
    ports:
      - "3000:3000"
      - "3001:3001"
    environment:
      - PUID=1000
      - PGID=1000
      - CUSTOM_USER=JohnDoe
      - PASSWORD=
    volumes:
      - ./openaudible:/config

Login name set to JohnDoe, but authentication disabled by setting PASSWORD to blank.
Configuration and file storage (config on container) mounted to ./openaudible
Additional env variables can be seen here: docker-baseimage-kasmvnc
To use the seemless clipboard, the container needs to be accessed through HTTPS, either behind a reverse proxy (to either ports), or by accessing port 3001.

root/defaults/autostart

#!/bin/bash
if [ ! -f /app/OpenAudible/OpenAudible ]
then
    echo "Downloading OpenAudible installer.."
    wget -q https://openaudible.org/latest/OpenAudible_x86_64.sh -O openaudible_installer.sh
    sh ./openaudible_installer.sh -q -overwrite -dir /app/OpenAudible
    rm openaudible_installer.sh
fi
/app/OpenAudible/OpenAudible

Install OpenAudible if it doesn't exist.
Start OpenAudible.

root/defaults/menu.xml

<?xml version="1.0" encoding="utf-8"?>
<openbox_menu xmlns="http://openbox.org/3.4/menu">
<menu id="root-menu" label="MENU">
<item label="xterm" icon="/usr/share/icons/hicolor/scalable/apps/xterm-color.svg"><action name="Execute"><command>/usr/bin/xterm</command></action></item>
<item label="OpenAudible" icon="/app/logo.png"><action name="Execute"><command>/app/OpenAudible/OpenAudible</command></action></item>
<item label="Thunar" icon="/usr/share/icons/hicolor/scalable/apps/org.xfce.thunar.svg"><action name="Execute"><command>thunar</command></action></item>
</menu>
</openbox_menu>

Right-click menu on background to open apps.

root/etc/cont-idit.d/58-rootscrambler

#!/bin/bash
echo "root:$(openssl rand -hex 20)" | chpasswd

Scramblin root password on container start

I've included all the files in a .zip, if you want to try it out (without needing to copy/paste everything).

cd openaudible
docker build -t openaudible .
docker compose up

openaudible.zip

from openaudible_docker.