feat: add interactive desktop VNC support#11
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: af4fc52247
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| var parts []string | ||
| if cfg.Desktop { | ||
| parts = append(parts, ` retry apt-get install -y --no-install-recommends xvfb xfce4 xfce4-terminal x11vnc xauth dbus-x11 x11-xserver-utils xterm fonts-dejavu-core fonts-liberation iproute2 openssl | ||
| install -d -m 0750 -o crabbox -g crabbox /var/lib/crabbox |
There was a problem hiding this comment.
The new cloud-init fragments hardcode crabbox (for example install -o crabbox -g crabbox ..., service User=crabbox, and chown crabbox:crabbox ...) instead of using cfg.SSHUser. If a repo or environment sets a non-default SSH user, warmup/run --desktop or --browser can fail during bootstrap because that account may not exist, and even partial success leaves /var/lib/crabbox/* unreadable to the actual login user. This regresses previously supported custom sshUser setups.
Useful? React with 👍 / 👎.
| const parts: string[] = []; | ||
| if (config.desktop) { | ||
| parts.push(` retry apt-get install -y --no-install-recommends xvfb xfce4 xfce4-terminal x11vnc xauth dbus-x11 x11-xserver-utils xterm fonts-dejavu-core fonts-liberation iproute2 openssl | ||
| install -d -m 0750 -o crabbox -g crabbox /var/lib/crabbox |
There was a problem hiding this comment.
The worker-side cloud-init generator has the same hardcoded crabbox ownership/user assumptions in desktop/browser setup. Coordinator-provisioned leases with a non-default sshUser will hit the same failure mode (missing user during install/chown or inaccessible capability files), so capability-enabled leases can’t bootstrap reliably outside the default username.
Useful? React with 👍 / 👎.
1 participant
Summary
--desktop,--browser, andcrabbox vncfor managed Linux desktop/browser leasesVerification
go build -trimpath -o bin/crabbox ./cmd/crabboxgo test -race ./...go vet ./...npm run format:check --prefix workernpm run lint --prefix workernpm run check --prefix workernpm test --prefix workernpm run build --prefix workernpm run docs:checkgit diff --check--openrefuses without--host-managed; non-open path printsmanaged: false/ host-managed credentials