From 18d447f7794454ac50a71f5396959b2f271378bb Mon Sep 17 00:00:00 2001
From: Ben Potter <ben@coder.com>
Date: Fri, 13 Jun 2025 15:10:07 +0000
Subject: [PATCH] add support for kasm config

---
 registry/coder/modules/kasmvnc/main.tf |  6 ++++++
 registry/coder/modules/kasmvnc/run.sh  | 28 ++++++++++++++++++++++++++
 2 files changed, 34 insertions(+)

diff --git a/registry/coder/modules/kasmvnc/main.tf b/registry/coder/modules/kasmvnc/main.tf
index ca7315ec..e39c02b7 100644
--- a/registry/coder/modules/kasmvnc/main.tf
+++ b/registry/coder/modules/kasmvnc/main.tf
@@ -54,6 +54,12 @@ variable "subdomain" {
   description = "Is subdomain sharing enabled in your cluster?"
 }
 
+variable "kasm_config" {
+  type        = map(any)
+  default     = {}
+  description = "Additional KasmVNC configuration options. Can be used to set DLP policies and other advanced settings. See https://kasmweb.com/docs/develop/how_to/kasmvnc_dlp_policies.html for details."
+}
+
 resource "coder_script" "kasm_vnc" {
   agent_id     = var.agent_id
   display_name = "KasmVNC"
diff --git a/registry/coder/modules/kasmvnc/run.sh b/registry/coder/modules/kasmvnc/run.sh
index 67a8a310..c497ecac 100644
--- a/registry/coder/modules/kasmvnc/run.sh
+++ b/registry/coder/modules/kasmvnc/run.sh
@@ -205,6 +205,8 @@ else
 fi
 
 echo "Writing KasmVNC config to $kasm_config_file"
+
+# Create base config
 $SUDO tee "$kasm_config_file" > /dev/null << EOF
 network:
   protocol: http
@@ -218,6 +220,32 @@ network:
     public_ip: 127.0.0.1
 EOF
 
+# Add additional KasmVNC configuration if provided
+if [[ -n "${KASM_CONFIG}" && "${KASM_CONFIG}" != "{}" ]]; then
+  # Check if jq is available
+  if ! command -v jq &> /dev/null; then
+    echo "WARNING: jq is not installed. Cannot parse additional KasmVNC configuration."
+    echo "WARNING: Install jq or provide configuration in the correct format."
+  else
+    # Create a temporary file for the additional config
+    TEMP_CONFIG_FILE=$(mktemp)
+    
+    # Parse the JSON and convert to YAML format
+    echo '${KASM_CONFIG}' | jq -r 'to_entries | .[] |
+      if .value | type == "object" then
+        .key + ":\n" + (.value | to_entries | map("  " + .key + ": " + (.value | tostring)) | join("\n"))
+      else
+        .key + ": " + (.value | tostring)
+      end' > "$TEMP_CONFIG_FILE"
+    
+    # Append the additional config to the main config file
+    $SUDO tee -a "$kasm_config_file" > /dev/null < "$TEMP_CONFIG_FILE"
+    
+    # Clean up
+    rm "$TEMP_CONFIG_FILE"
+  fi
+fi
+
 # This password is not used since we start the server without auth.
 # The server is protected via the Coder session token / tunnel
 # and does not listen publicly