You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
| PASSWORD | HTTP Basic auth password, abc is default. If unset there will be no auth |
39
39
| SUBFOLDER | Subfolder for the application if running a subfolder reverse proxy, need both slashes IE `/subfolder/`|
40
-
| TITLE | The page title displayed on the web browser, default "Selkies - webrtc". |
40
+
| TITLE | The page title displayed on the web browser, default "Selkies". |
41
+
| DASHBOARD | Allows the user to set their dashboard. Options: `selkies-dashboard`, `selkies-dashboard-zinc`, `selkies-dashboard-wish`. |
42
+
| FILE_MANAGER_PATH | Modifies the default upload/download file path, path must have proper permissions for abc user. |
41
43
| START_DOCKER | If set to false a container with privilege will not automatically start the DinD Docker setup. |
42
44
| DISABLE_IPV6 | If set to true or any value this will disable IPv6 |
43
45
| LC_ALL | Set the Language for the container to run as IE `fr_FR.UTF-8``ar_AE.UTF-8`|
44
46
| NO_DECOR | If set the application will run without window borders for use as a PWA. (Decor can be enabled and disabled with Ctrl+Shift+d) |
45
47
| NO_FULL | Do not autmatically fullscreen applications when using openbox. |
46
48
| DISABLE_ZINK | Do not set the Zink environment variables if a video card is detected (userspace applications will use CPU rendering) |
49
+
| MAX_RES | Pass a larger maximum resolution for the container default is 16k `15360x8640`|
47
50
| WATERMARK_PNG | Full path inside the container to a watermark png IE `/usr/share/selkies/www/icon.png`|
48
51
| WATERMARK_LOCATION | Where to paint the image over the stream integer options below |
49
-
| MAX_RES | Pass a larger maximum resolution for the container default is 16k `15360x8640`|
50
52
51
-
* 1 - Top Left
52
-
* 2 - Top Right
53
-
* 3 - Bottom Left
54
-
* 4 - Bottom Right
55
-
* 5 - Centered
56
-
* 6 - Animated
53
+
**`WATERMARK_LOCATION` Options:**
54
+
-**1**: Top Left
55
+
-**2**: Top Right
56
+
-**3**: Bottom Left
57
+
-**4**: Bottom Right
58
+
-**5**: Centered
59
+
-**6**: Animated
60
+
61
+
## Hardening
62
+
63
+
These variables can be used to lock down the desktop environment for single-application use cases or to restrict user capabilities.
64
+
65
+
### Meta Variables
66
+
67
+
These variables act as presets, enabling multiple hardening options at once. Individual options can still be set to override the preset.
68
+
69
+
| Variable | Description |
70
+
| :----: | --- |
71
+
|**`HARDEN_DESKTOP`**| Enables `DISABLE_OPEN_TOOLS`, `DISABLE_SUDO`, and `DISABLE_TERMINALS`. Also sets related Selkies UI settings (`SELKIES_FILE_TRANSFERS`, `SELKIES_COMMAND_ENABLED`, `SELKIES_UI_SIDEBAR_SHOW_FILES`, `SELKIES_UI_SIDEBAR_SHOW_APPS`) if they are not explicitly set by the user. |
72
+
|**`HARDEN_OPENBOX`**| Enables `DISABLE_CLOSE_BUTTON`, `DISABLE_MOUSE_BUTTONS`, and `HARDEN_KEYBINDS`. It also flags `RESTART_APP` if not set by the user, ensuring the primary application is automatically restarted if closed. |
73
+
74
+
### Individual Hardening Variables
75
+
76
+
| Variable | Description |
77
+
| :--- | --- |
78
+
|**`DISABLE_OPEN_TOOLS`**| If true, disables `xdg-open` and `exo-open` binaries by removing their execute permissions. |
79
+
|**`DISABLE_SUDO`**| If true, disables the `sudo` command by removing its execute permissions and invalidating the passwordless sudo configuration. |
80
+
|**`DISABLE_TERMINALS`**| If true, disables common terminal emulators by removing their execute permissions and hiding them from the Openbox right-click menu. |
81
+
|**`DISABLE_CLOSE_BUTTON`**| If true, removes the close button from window title bars in the Openbox window manager. |
82
+
|**`DISABLE_MOUSE_BUTTONS`**| If true, disables the right-click and middle-click context menus and actions within the Openbox window manager. |
83
+
|**`HARDEN_KEYBINDS`**| If true, disables default Openbox keybinds that can bypass other hardening options (e.g., `Alt+F4` to close windows, `Alt+Escape` to show the root menu). |
84
+
|**`RESTART_APP`**| If true, enables a watchdog service that automatically restarts the main application if it is closed. The user's autostart script is made read-only and root owned to prevent tampering. |
0 commit comments