commit 09dc3f174bdf8d966030668f7a01ec6cc06f3586
Author: Coder Module Mirror <mirror-bot@fritz.box>
Date:   Fri Mar 13 15:48:50 2026 +0100

    mirror: registry.coder.com/coder/kasmvnc/coder v1.3.0

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..2f9fff7
--- /dev/null
+++ b/README.md
@@ -0,0 +1,25 @@
+---
+display_name: KasmVNC
+description: A modern open source VNC server
+icon: ../../../../.icons/kasmvnc.svg
+verified: true
+tags: [vnc, desktop, kasmvnc]
+---
+
+# KasmVNC
+
+Automatically install [KasmVNC](https://kasmweb.com/kasmvnc) in a workspace, and create an app to access it via the dashboard.
+
+```tf
+module "kasmvnc" {
+  count               = data.coder_workspace.me.start_count
+  source              = "registry.coder.com/coder/kasmvnc/coder"
+  version             = "1.3.0"
+  agent_id            = coder_agent.example.id
+  desktop_environment = "xfce"
+  subdomain           = true
+}
+```
+
+> [!IMPORTANT]
+> This module only works on workspaces with a pre-installed desktop environment. As an example base image you can use [`codercom/example-desktop`](https://hub.docker.com/r/codercom/example-desktop) image.
diff --git a/main.test.ts b/main.test.ts
new file mode 100644
index 0000000..8ec5721
--- /dev/null
+++ b/main.test.ts
@@ -0,0 +1,37 @@
+import { describe, expect, it } from "bun:test";
+import {
+  runTerraformApply,
+  runTerraformInit,
+  testRequiredVariables,
+} from "~test";
+
+const allowedDesktopEnvs = ["xfce", "kde", "gnome", "lxde", "lxqt"] as const;
+type AllowedDesktopEnv = (typeof allowedDesktopEnvs)[number];
+
+type TestVariables = Readonly<{
+  agent_id: string;
+  desktop_environment: AllowedDesktopEnv;
+  port?: string;
+  kasm_version?: string;
+}>;
+
+describe("Kasm VNC", async () => {
+  await runTerraformInit(import.meta.dir);
+  testRequiredVariables<TestVariables>(import.meta.dir, {
+    agent_id: "foo",
+    desktop_environment: "gnome",
+  });
+
+  it("Successfully installs for all expected Kasm desktop versions", async () => {
+    for (const v of allowedDesktopEnvs) {
+      const applyWithEnv = () => {
+        runTerraformApply<TestVariables>(import.meta.dir, {
+          agent_id: "foo",
+          desktop_environment: v,
+        });
+      };
+
+      expect(applyWithEnv).not.toThrow();
+    }
+  });
+});
diff --git a/main.tf b/main.tf
new file mode 100644
index 0000000..66324b3
--- /dev/null
+++ b/main.tf
@@ -0,0 +1,96 @@
+terraform {
+  required_version = ">= 1.0"
+
+  required_providers {
+    coder = {
+      source  = "coder/coder"
+      version = ">= 2.5"
+    }
+  }
+}
+
+variable "agent_id" {
+  type        = string
+  description = "The ID of a Coder agent."
+}
+
+variable "port" {
+  type        = number
+  description = "The port to run KasmVNC on."
+  default     = 6800
+}
+
+variable "kasm_version" {
+  type        = string
+  description = "Version of KasmVNC to install."
+  default     = "1.4.0"
+}
+
+variable "desktop_environment" {
+  type        = string
+  description = "Specifies the desktop environment of the workspace. This should be pre-installed on the workspace."
+
+  validation {
+    condition     = contains(["cinnamon", "mate", "lxde", "lxqt", "kde", "gnome", "xfce", "manual"], var.desktop_environment)
+    error_message = "Invalid desktop environment. Please specify a valid desktop environment."
+  }
+}
+
+variable "order" {
+  type        = number
+  description = "The order determines the position of app in the UI presentation. The lowest order is shown first and apps with equal order are sorted by name (ascending order)."
+  default     = null
+}
+
+variable "group" {
+  type        = string
+  description = "The name of a group that this app belongs to."
+  default     = null
+}
+
+variable "subdomain" {
+  type        = bool
+  default     = true
+  description = "Is subdomain sharing enabled in your cluster?"
+}
+
+variable "share" {
+  type    = string
+  default = "owner"
+  validation {
+    condition     = var.share == "owner" || var.share == "authenticated" || var.share == "public"
+    error_message = "Incorrect value. Please set either 'owner', 'authenticated', or 'public'."
+  }
+}
+
+resource "coder_script" "kasm_vnc" {
+  agent_id     = var.agent_id
+  display_name = "KasmVNC"
+  icon         = "/icon/kasmvnc.svg"
+  run_on_start = true
+  script = templatefile("${path.module}/run.sh", {
+    PORT                = var.port,
+    DESKTOP_ENVIRONMENT = var.desktop_environment,
+    KASM_VERSION        = var.kasm_version
+    SUBDOMAIN           = tostring(var.subdomain)
+    PATH_VNC_HTML       = var.subdomain ? "" : file("${path.module}/path_vnc.html")
+  })
+}
+
+resource "coder_app" "kasm_vnc" {
+  agent_id     = var.agent_id
+  slug         = "kasm-vnc"
+  display_name = "KasmVNC"
+  url          = "http://localhost:${var.port}"
+  icon         = "/icon/kasmvnc.svg"
+  subdomain    = var.subdomain
+  share        = var.share
+  order        = var.order
+  group        = var.group
+
+  healthcheck {
+    url       = "http://localhost:${var.port}/app"
+    interval  = 5
+    threshold = 5
+  }
+}
diff --git a/path_vnc.html b/path_vnc.html
new file mode 100644
index 0000000..29edf8d
--- /dev/null
+++ b/path_vnc.html
@@ -0,0 +1,111 @@
+<!doctype html>
+<html>
+  <head>
+    <title>Path-Sharing Bounce Page</title>
+    <style type="text/css">
+      :root {
+        color-scheme: light dark;
+        --dark: #121212;
+        --header-bg: rgba(127, 127, 127, 0.2);
+        --light: white;
+        --rule-color: light-dark(rgba(0, 0, 0, 0.8), rgba(255, 255, 255, 0.8));
+        background-color: light-dark(var(--light), var(--dark));
+        color: light-dark(var(--dark), var(--light));
+      }
+      body,
+      h1,
+      p {
+        box-sizing: border-box;
+        margin: 0;
+        padding: 0;
+      }
+      body {
+        font-family:
+          Inter,
+          system-ui,
+          -apple-system,
+          BlinkMacSystemFont,
+          "Segoe UI",
+          Roboto,
+          Oxygen,
+          Ubuntu,
+          Cantarell,
+          "Open Sans",
+          "Helvetica Neue",
+          sans-serif;
+      }
+      h1 {
+        width: 100%;
+        padding: 1rem;
+        letter-spacing: -1.5pt;
+        padding-bottom: 10px;
+        border-bottom: 1px solid var(--rule-color);
+        background-color: var(--header-bg);
+      }
+      p {
+        padding: 1rem;
+        letter-spacing: -0.5pt;
+      }
+      a.indent {
+        display: inline-block;
+        padding-top: 0.5rem;
+        padding-left: 2rem;
+        font-size: 0.8rem;
+      }
+    </style>
+    <meta charset="UTF-8" />
+  </head>
+  <body>
+    <h1>Path-Sharing Bounce Page</h1>
+    <p>
+      This application is being served via path sharing. If you are not
+      redirected,
+      <span id="help"
+        >check the Javascript console in your browser's developer tools for more
+        information.</span
+      >
+    </p>
+  </body>
+  <script language="javascript">
+    // This page exists to satisfy the querystring driven client API
+    // specified here - https://raw.githubusercontent.com/kasmtech/noVNC/bce2d6a7048025c6e6c05df9d98b206c23f6dbab/docs/EMBEDDING.md
+    // tl;dr:
+    // * `host` - The WebSocket host to connect to.
+    //      This is just the hostname component of the original URL
+    // * `port` - The WebSocket port to connect to.
+    //      It doesn't look like we need to set this unless it's different
+    //      than the incoming http request.
+    // * `encrypt` - If TLS should be used for the WebSocket connection.
+    //      we base this on whether or not the protocol is `https`, seems
+    //      reasonable for now.
+    // * `path` - The WebSocket path to use.
+    //      This apparently doesn't tolerate a leading `/` so we use a
+    //      function to tidy that up.
+    function trimFirstCharIf(str, char) {
+      return str.charAt(0) === char ? str.slice(1) : str;
+    }
+    function trimLastCharIf(str, char) {
+      return str.endsWith("/") ? str.slice(0, str.length - 1) : str;
+    }
+    const newloc = new URL(window.location);
+    const h = document.getElementById("help");
+
+    // Building the websockify path must happen before we append the filename to newloc.pathname
+    newloc.searchParams.append(
+      "path",
+      trimLastCharIf(trimFirstCharIf(newloc.pathname, "/"), "/") +
+        "/websockify",
+    );
+    newloc.searchParams.append(
+      "encrypted",
+      newloc.protocol === "https:" ? true : false,
+    );
+
+    newloc.pathname += "vnc.html";
+    console.log(newloc);
+
+    h.innerHTML = `click <a id="link" href="${newloc.toString()}">here</a> to go to the application.
+    <br/><br/>The rewritten URL is:<br/><a id="link" class="indent" href="${newloc.toString()}">${newloc.toString()}</a>`;
+    window.location = newloc.href;
+  </script>
+</html>
diff --git a/run.sh b/run.sh
new file mode 100644
index 0000000..6238bdb
--- /dev/null
+++ b/run.sh
@@ -0,0 +1,310 @@
+#!/usr/bin/env bash
+
+set -eo pipefail
+
+error() {
+  printf "💀 ERROR: %s\n" "$@"
+  exit 1
+}
+
+# Function to check if KasmVNC is already installed
+check_installed() {
+  if command -v kasmvncserver &> /dev/null; then
+    echo "KasmVNC is already installed."
+    return 0 # Don't exit, just indicate it's installed
+  else
+    return 1 # Indicates not installed
+  fi
+}
+
+# Function to download a file using wget, curl, or busybox as a fallback
+download_file() {
+  local url="$1"
+  local output="$2"
+  local download_tool
+
+  if command -v curl &> /dev/null; then
+    # shellcheck disable=SC2034
+    download_tool=(curl -fsSL)
+  elif command -v wget &> /dev/null; then
+    # shellcheck disable=SC2034
+    download_tool=(wget -q -O-)
+  elif command -v busybox &> /dev/null; then
+    # shellcheck disable=SC2034
+    download_tool=(busybox wget -O-)
+  else
+    echo "ERROR: No download tool available (curl, wget, or busybox required)"
+    exit 1
+  fi
+
+  # shellcheck disable=SC2288
+  "$${download_tool[@]}" "$url" > "$output" || {
+    echo "ERROR: Failed to download $url"
+    exit 1
+  }
+}
+
+# Function to install kasmvncserver for debian-based distros
+install_deb() {
+  local url=$1
+  local kasmdeb="/tmp/kasmvncserver.deb"
+
+  download_file "$url" "$kasmdeb"
+
+  CACHE_DIR="/var/lib/apt/lists/partial"
+  # Check if the directory exists and was modified in the last 60 minutes
+  if [[ ! -d "$CACHE_DIR" ]] || ! find "$CACHE_DIR" -mmin -60 -print -quit &> /dev/null; then
+    echo "Stale package cache, updating..."
+    # Update package cache with a 300-second timeout for dpkg lock
+    sudo apt-get -o DPkg::Lock::Timeout=300 -qq update
+  fi
+
+  echo "Installing required Perl DateTime module..."
+  DEBIAN_FRONTEND=noninteractive sudo apt-get -o DPkg::Lock::Timeout=300 install --yes -qq --no-install-recommends --no-install-suggests libdatetime-perl
+
+  DEBIAN_FRONTEND=noninteractive sudo apt-get -o DPkg::Lock::Timeout=300 install --yes -qq --no-install-recommends --no-install-suggests "$kasmdeb"
+  rm "$kasmdeb"
+}
+
+# Function to install kasmvncserver for rpm-based distros
+install_rpm() {
+  local url=$1
+  local kasmrpm="/tmp/kasmvncserver.rpm"
+  local package_manager
+
+  if command -v dnf &> /dev/null; then
+    # shellcheck disable=SC2034
+    package_manager=(dnf localinstall -y)
+  elif command -v zypper &> /dev/null; then
+    # shellcheck disable=SC2034
+    package_manager=(zypper install -y)
+  elif command -v yum &> /dev/null; then
+    # shellcheck disable=SC2034
+    package_manager=(yum localinstall -y)
+  elif command -v rpm &> /dev/null; then
+    # Do we need to manually handle missing dependencies?
+    # shellcheck disable=SC2034
+    package_manager=(rpm -i)
+  else
+    echo "ERROR: No supported package manager available (dnf, zypper, yum, or rpm required)"
+    exit 1
+  fi
+
+  download_file "$url" "$kasmrpm"
+
+  # shellcheck disable=SC2288
+  sudo "$${package_manager[@]}" "$kasmrpm" || {
+    echo "ERROR: Failed to install $kasmrpm"
+    exit 1
+  }
+
+  rm "$kasmrpm"
+}
+
+# Function to install kasmvncserver for Alpine Linux
+install_alpine() {
+  local url=$1
+  local kasmtgz="/tmp/kasmvncserver.tgz"
+
+  download_file "$url" "$kasmtgz"
+
+  tar -xzf "$kasmtgz" -C /usr/local/bin/
+  rm "$kasmtgz"
+}
+
+# Detect system information
+if [[ ! -f /etc/os-release ]]; then
+  echo "ERROR: Cannot detect OS: /etc/os-release not found"
+  exit 1
+fi
+
+# shellcheck disable=SC1091
+source /etc/os-release
+
+set -u
+
+distro="$ID"
+distro_version="$VERSION_ID"
+codename="$VERSION_CODENAME"
+arch="$(uname -m)"
+if [[ "$ID" == "ol" ]]; then
+  distro="oracle"
+  distro_version="$${distro_version%%.*}"
+elif [[ "$ID" == "fedora" ]]; then
+  distro_version="$(grep -oP '\(\K[\w ]+' /etc/fedora-release | tr '[:upper:]' '[:lower:]' | tr -d ' ')"
+fi
+
+echo "Detected Distribution: $distro"
+echo "Detected Version: $distro_version"
+echo "Detected Codename: $codename"
+echo "Detected Architecture: $arch"
+
+# Map arch to package arch
+case "$arch" in
+  x86_64)
+    if [[ "$distro" =~ ^(ubuntu|debian|kali)$ ]]; then
+      arch="amd64"
+    fi
+    ;;
+  aarch64)
+    if [[ "$distro" =~ ^(ubuntu|debian|kali)$ ]]; then
+      arch="arm64"
+    fi
+    ;;
+  arm64)
+    : # This is effectively a noop
+    ;;
+  *)
+    echo "ERROR: Unsupported architecture: $arch"
+    exit 1
+    ;;
+esac
+
+# Check if KasmVNC is installed, and install if not
+if ! check_installed; then
+  # Check for NOPASSWD sudo (required)
+  if ! command -v sudo &> /dev/null || ! sudo -n true 2> /dev/null; then
+    echo "ERROR: sudo NOPASSWD access required!"
+    exit 1
+  fi
+
+  base_url="https://github.com/kasmtech/KasmVNC/releases/download/v${KASM_VERSION}"
+
+  echo "Installing KASM version: ${KASM_VERSION}"
+  case $distro in
+    ubuntu | debian | kali)
+      bin_name="kasmvncserver_$${codename}_${KASM_VERSION}_$${arch}.deb"
+      install_deb "$base_url/$bin_name"
+      ;;
+    oracle | fedora | opensuse)
+      bin_name="kasmvncserver_$${distro}_$${distro_version}_${KASM_VERSION}_$${arch}.rpm"
+      install_rpm "$base_url/$bin_name"
+      ;;
+    alpine)
+      bin_name="kasmvnc.alpine_$${distro_version//./}_$${arch}.tgz"
+      install_alpine "$base_url/$bin_name"
+      ;;
+    *)
+      echo "Unsupported distribution: $distro"
+      exit 1
+      ;;
+  esac
+else
+  echo "KasmVNC already installed. Skipping installation."
+fi
+
+if command -v sudo &> /dev/null && sudo -n true 2> /dev/null; then
+  kasm_config_file="/etc/kasmvnc/kasmvnc.yaml"
+  SUDO=sudo
+else
+  kasm_config_file="$HOME/.vnc/kasmvnc.yaml"
+  SUDO=""
+
+  echo "WARNING: Sudo access not available, using user config dir!"
+
+  if [[ -f "$kasm_config_file" ]]; then
+    echo "WARNING: Custom user KasmVNC config exists, not overwriting!"
+    echo "WARNING: Ensure that you manually configure the appropriate settings."
+    kasm_config_file="/dev/stderr"
+  else
+    echo "WARNING: This may prevent custom user KasmVNC settings from applying!"
+    mkdir -p "$HOME/.vnc"
+  fi
+fi
+
+echo "Writing KasmVNC config to $kasm_config_file"
+$SUDO tee "$kasm_config_file" > /dev/null << EOF
+network:
+  protocol: http
+  interface: 127.0.0.1
+  websocket_port: ${PORT}
+  ssl:
+    require_ssl: false
+    pem_certificate:
+    pem_key:
+  udp:
+    public_ip: 127.0.0.1
+EOF
+
+# This password is not used since we start the server without auth.
+# The server is protected via the Coder session token / tunnel
+# and does not listen publicly
+echo -e "password\npassword\n" | kasmvncpasswd -wo -u "$USER"
+
+get_http_dir() {
+  # determine the served file path
+  # Start with the default
+  httpd_directory="/usr/share/kasmvnc/www"
+
+  # Check the system configuration path
+  if [[ -e /etc/kasmvnc/kasmvnc.yaml ]]; then
+    d=$(grep -E '^\s*httpd_directory:.*$' "/etc/kasmvnc/kasmvnc.yaml" | awk '{print $$2}')
+    if [[ -n "$d" && -d "$d" ]]; then
+      httpd_directory=$d
+    fi
+  fi
+
+  # Check the home directory for overriding values
+  if [[ -e "$HOME/.vnc/kasmvnc.yaml" ]]; then
+    d=$(grep -E '^\s*httpd_directory:.*$' "$HOME/.vnc/kasmvnc.yaml" | awk '{print $$2}')
+    if [[ -n "$d" && -d "$d" ]]; then
+      httpd_directory=$d
+    fi
+  fi
+  echo $httpd_directory
+}
+
+fix_server_index_file() {
+  local fname=$${FUNCNAME[0]} # gets current function name
+  if [[ $# -ne 1 ]]; then
+    error "$fname requires exactly 1 parameter:\n\tpath to KasmVNC httpd_directory"
+  fi
+  local httpdir="$1"
+  if [[ ! -d "$httpdir" ]]; then
+    error "$fname: $httpdir is not a directory"
+  fi
+  pushd "$httpdir" > /dev/null
+
+  cat << 'EOH' > /tmp/path_vnc.html
+${PATH_VNC_HTML}
+EOH
+  $SUDO mv /tmp/path_vnc.html .
+  # check for the switcheroo
+  if [[ -f "index.html" && -L "vnc.html" ]]; then
+    $SUDO mv $httpdir/index.html $httpdir/vnc.html
+  fi
+  $SUDO ln -s -f path_vnc.html index.html
+  popd > /dev/null
+}
+
+patch_kasm_http_files() {
+  homedir=$(get_http_dir)
+  fix_server_index_file "$homedir"
+}
+
+if [[ "${SUBDOMAIN}" == "false" ]]; then
+  echo "🩹 Patching up webserver files to support path-sharing..."
+  patch_kasm_http_files
+fi
+
+VNC_LOG="/tmp/kasmvncserver.log"
+# Start the server
+printf "🚀 Starting KasmVNC server...\n"
+
+set +e
+kasmvncserver -select-de "${DESKTOP_ENVIRONMENT}" -disableBasicAuth > "$VNC_LOG" 2>&1
+RETVAL=$?
+set -e
+
+if [[ $RETVAL -ne 0 ]]; then
+  echo "ERROR: Failed to start KasmVNC server. Return code: $RETVAL"
+  if [[ -f "$VNC_LOG" ]]; then
+    echo "Full logs:"
+    cat "$VNC_LOG"
+  else
+    echo "ERROR: Log file not found: $VNC_LOG"
+  fi
+  exit 1
+fi
+
+printf "🚀 KasmVNC server started successfully!\n"