From 917d87943583fc0f4de7691af2296e9a952c9ca2 Mon Sep 17 00:00:00 2001 From: Roxedus Date: Tue, 24 Feb 2026 23:38:24 +0100 Subject: [PATCH 01/13] Fix condition for misc block in docs Variables are always defined at ansible/vars/default.yml, only look for values. --- ansible/roles/documentation/templates/documentation.md.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles/documentation/templates/documentation.md.j2 b/ansible/roles/documentation/templates/documentation.md.j2 index 0bb4a179..1e732fdc 100644 --- a/ansible/roles/documentation/templates/documentation.md.j2 +++ b/ansible/roles/documentation/templates/documentation.md.j2 @@ -66,7 +66,7 @@ description: "{{ noter(project_blurb) | trim }}" {% endif %} {% if selkies_blurb is defined %} -{% include "README_SNIPPETS/SELKIES.j2" | trim %} +{% include "README_SNIPPETS/SELKIES.j2" | trim %} {% endif %} {% if readonly_supported is defined and readonly_supported %} @@ -157,7 +157,7 @@ Containers are configured using parameters passed at runtime (such as those abov {% endfor %} {% endif %} {% endif %} -{% if custom_params is defined or opt_custom_params is defined or param_usage_include_hostname or param_usage_include_mac_address or security_opt_param is defined or opt_security_opt_param is defined or (readonly_supported is defined and readonly_supported) or cap_add_param is defined or opt_cap_add_param is defined or (nonroot_supported is defined and nonroot_supported) %} +{% if custom_params is defined or opt_custom_params is defined or param_usage_include_hostname or param_usage_include_mac_address or security_opt_param or opt_security_opt_param or (readonly_supported is defined and readonly_supported) or cap_add_param or opt_cap_add_param or (nonroot_supported is defined and nonroot_supported) %} #### Miscellaneous Options From b243a10705557bf67684a7b761477f8ff6192683 Mon Sep 17 00:00:00 2001 From: aptalca <541623+aptalca@users.noreply.github.com> Date: Thu, 5 Mar 2026 08:57:07 -0500 Subject: [PATCH 02/13] send CI link to PR comment even when the test fails --- ansible/roles/repository/templates/Jenkinsfile.j2 | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ansible/roles/repository/templates/Jenkinsfile.j2 b/ansible/roles/repository/templates/Jenkinsfile.j2 index fce5d584..38543d9a 100644 --- a/ansible/roles/repository/templates/Jenkinsfile.j2 +++ b/ansible/roles/repository/templates/Jenkinsfile.j2 @@ -61,6 +61,7 @@ pipeline { ''' script{ env.EXIT_STATUS = '' + env.CI_TEST_COMPLETED = '' env.LS_RELEASE = sh( script: '''docker run --rm quay.io/skopeo/stable:v1 inspect docker://ghcr.io/${LS_USER}/${CONTAINER_NAME}:{{ release_tag }} 2>/dev/null | jq -r '.Labels.build_version' | awk '{print $3}' | grep '\\-ls' || : ''', returnStdout: true).trim() @@ -1233,6 +1234,9 @@ pipeline { -e BUILD_NUMBER=\"${BUILD_NUMBER}\" \ -t ghcr.io/linuxserver/ci:${CITEST_IMAGETAG} \ python3 test_build.py''' + script{ + env.CI_TEST_COMPLETED = 'true' + } } } } @@ -1441,7 +1445,7 @@ EOF stage('Pull Request Comment') { when { not {environment name: 'CHANGE_ID', value: ''} - environment name: 'EXIT_STATUS', value: '' + environment name: 'CI_TEST_COMPLETED', value: 'true' } steps { sh '''#! /bin/bash From f98e63e48a7d56abe94560b345b89b8dbfc1ced8 Mon Sep 17 00:00:00 2001 From: thelamer Date: Thu, 19 Mar 2026 13:55:53 -0400 Subject: [PATCH 03/13] update nvidia section of the blurb to reflect fully tested state while adding unraid specifics --- .../templates/README_SNIPPETS/SELKIES.j2 | 20 ++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/ansible/roles/documentation/templates/README_SNIPPETS/SELKIES.j2 b/ansible/roles/documentation/templates/README_SNIPPETS/SELKIES.j2 index fd96e976..4f15266e 100644 --- a/ansible/roles/documentation/templates/README_SNIPPETS/SELKIES.j2 +++ b/ansible/roles/documentation/templates/README_SNIPPETS/SELKIES.j2 @@ -54,13 +54,24 @@ For Intel and AMD GPUs. {% if show_nvidia is defined %}##### Nvidia (Proprietary Drivers) + **Note: Nvidia support is not available for Alpine-based images.** **Prerequisites:** -1. **Driver:** Proprietary drivers **580 or higher** are required. -2. **Kernel Parameter:** Set `nvidia-drm.modeset=1` in your host bootloader (GRUB/systemd-boot). -3. **Initialization:** On headless systems, run `nvidia-modprobe --modeset` on the host (once per boot) to initialize the card. +1. **Driver:** Proprietary drivers **580 or higher** are required. **Crucially, you should install the driver using the `.run` file downloaded directly from the Nvidia website.** + * **Unraid:** Use the production branch from the Nvidia Driver Plugin. +2. **Kernel Parameter:** You must set `nvidia-drm.modeset=1` in your host bootloader. + * **Standard Linux (GRUB):** Edit `/etc/default/grub` and add the parameter to your existing `GRUB_CMDLINE_LINUX_DEFAULT` line: + ```text + GRUB_CMDLINE_LINUX_DEFAULT=" nvidia-drm.modeset=1" + ``` + Then apply the changes by running: + ```bash + sudo update-grub + ``` + * **Unraid (Syslinux):** Edit the file `/boot/syslinux/syslinux.cfg` and add `nvidia-drm.modeset=1` to the end of the `append` line for the Unraid OS boot entry. +3. **Hardware Initialization:** **On headless systems, the Nvidia video card requires a physical dummy plug inserted into the GPU so that DRM initializes properly.** 4. **Docker Runtime:** Configure the host docker daemon to use the Nvidia runtime: ```bash @@ -88,6 +99,9 @@ services: count: 1 capabilities: [compute,video,graphics,utility] ``` + +* **Unraid:** Ensure you're properly setting the DRINODE/DRI_NODE and adding `--gpus all --runtime nvidia` to your extra parameters. + {% endif %} ### SealSkin Compatibility From 186af30a4e941984a9e6aa45c496887a6b4c7858 Mon Sep 17 00:00:00 2001 From: aptalca <541623+aptalca@users.noreply.github.com> Date: Thu, 19 Mar 2026 14:35:57 -0400 Subject: [PATCH 04/13] move PR comment to post so it runs even when the tests and the build fail --- Jenkinsfile | 172 +++++++++-------- .../roles/repository/templates/Jenkinsfile.j2 | 176 +++++++++--------- 2 files changed, 170 insertions(+), 178 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 88669b25..acaee0b2 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -75,6 +75,7 @@ pipeline { ''' script{ env.EXIT_STATUS = '' + env.CI_TEST_ATTEMPTED = '' env.LS_RELEASE = sh( script: '''docker run --rm quay.io/skopeo/stable:v1 inspect docker://ghcr.io/${LS_USER}/${CONTAINER_NAME}:latest 2>/dev/null | jq -r '.Labels.build_version' | awk '{print $3}' | grep '\\-ls' || : ''', returnStdout: true).trim() @@ -825,6 +826,7 @@ pipeline { script{ env.CI_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/index.html' env.CI_JSON_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/report.json' + env.CI_TEST_ATTEMPTED = 'true' } sh '''#! /bin/bash set -e @@ -1027,98 +1029,13 @@ EOF ) ''' } } - // If this is a Pull request send the CI link as a comment on it - stage('Pull Request Comment') { - when { - not {environment name: 'CHANGE_ID', value: ''} - environment name: 'EXIT_STATUS', value: '' - } - steps { - sh '''#! /bin/bash - # Function to retrieve JSON data from URL - get_json() { - local url="$1" - local response=$(curl -s "$url") - if [ $? -ne 0 ]; then - echo "Failed to retrieve JSON data from $url" - return 1 - fi - local json=$(echo "$response" | jq .) - if [ $? -ne 0 ]; then - echo "Failed to parse JSON data from $url" - return 1 - fi - echo "$json" - } - - build_table() { - local data="$1" - - # Get the keys in the JSON data - local keys=$(echo "$data" | jq -r 'to_entries | map(.key) | .[]') - - # Check if keys are empty - if [ -z "$keys" ]; then - echo "JSON report data does not contain any keys or the report does not exist." - return 1 - fi - - # Build table header - local header="| Tag | Passed |\\n| --- | --- |\\n" - - # Loop through the JSON data to build the table rows - local rows="" - for build in $keys; do - local status=$(echo "$data" | jq -r ".[\\"$build\\"].test_success") - if [ "$status" = "true" ]; then - status="✅" - else - status="❌" - fi - local row="| "$build" | "$status" |\\n" - rows="${rows}${row}" - done - - local table="${header}${rows}" - local escaped_table=$(echo "$table" | sed 's/\"/\\\\"/g') - echo "$escaped_table" - } - - if [[ "${CI}" = "true" ]]; then - # Retrieve JSON data from URL - data=$(get_json "$CI_JSON_URL") - # Create table from JSON data - table=$(build_table "$data") - echo -e "$table" - - curl -X POST -H "Authorization: token $GITHUB_TOKEN" \ - -H "Accept: application/vnd.github.v3+json" \ - "https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \ - -d "{\\"body\\": \\"I am a bot, here are the test results for this PR: \\n${CI_URL}\\n${SHELLCHECK_URL}\\n${table}\\"}" - else - curl -X POST -H "Authorization: token $GITHUB_TOKEN" \ - -H "Accept: application/vnd.github.v3+json" \ - "https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \ - -d "{\\"body\\": \\"I am a bot, here is the pushed image/manifest for this PR: \\n\\n\\`${GITHUBIMAGE}:${META_TAG}\\`\\"}" - fi - ''' - - } - } } /* ###################### - Send status to Discord + Comment on PR and Send status to Discord ###################### */ post { always { - sh '''#!/bin/bash - rm -rf /config/.ssh/id_sign - rm -rf /config/.ssh/id_sign.pub - git config --global --unset gpg.format - git config --global --unset user.signingkey - git config --global --unset commit.gpgsign - ''' - script{ + script { env.JOB_DATE = sh( script: '''date '+%Y-%m-%dT%H:%M:%S%:z' ''', returnStdout: true).trim() @@ -1161,6 +1078,87 @@ EOF "username": "Jenkins"}' ${BUILDS_DISCORD} ''' } } + script { + if (env.GITHUBIMAGE =~ /lspipepr/){ + if (env.CI_TEST_ATTEMPTED == "true"){ + sh '''#! /bin/bash + # Function to retrieve JSON data from URL + get_json() { + local url="$1" + local response=$(curl -s "$url") + if [ $? -ne 0 ]; then + echo "Failed to retrieve JSON data from $url" + return 1 + fi + local json=$(echo "$response" | jq .) + if [ $? -ne 0 ]; then + echo "Failed to parse JSON data from $url" + return 1 + fi + echo "$json" + } + + build_table() { + local data="$1" + + # Get the keys in the JSON data + local keys=$(echo "$data" | jq -r 'to_entries | map(.key) | .[]') + + # Check if keys are empty + if [ -z "$keys" ]; then + echo "JSON report data does not contain any keys or the report does not exist." + return 1 + fi + + # Build table header + local header="| Tag | Passed |\\n| --- | --- |\\n" + + # Loop through the JSON data to build the table rows + local rows="" + for build in $keys; do + local status=$(echo "$data" | jq -r ".[\\"$build\\"].test_success") + if [ "$status" = "true" ]; then + status="✅" + else + status="❌" + fi + local row="| "$build" | "$status" |\\n" + rows="${rows}${row}" + done + + local table="${header}${rows}" + local escaped_table=$(echo "$table" | sed 's/\"/\\\\"/g') + echo "$escaped_table" + } + + if [[ "${CI}" = "true" ]]; then + # Retrieve JSON data from URL + data=$(get_json "$CI_JSON_URL") + # Create table from JSON data + table=$(build_table "$data") + echo -e "$table" + + curl -X POST -H "Authorization: token $GITHUB_TOKEN" \ + -H "Accept: application/vnd.github.v3+json" \ + "https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \ + -d "{\\"body\\": \\"I am a bot, here are the test results for this PR: \\n${CI_URL}\\n${SHELLCHECK_URL}\\n${table}\\"}" + else + curl -X POST -H "Authorization: token $GITHUB_TOKEN" \ + -H "Accept: application/vnd.github.v3+json" \ + "https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \ + -d "{\\"body\\": \\"I am a bot, here is the pushed image/manifest for this PR: \\n\\n\\`${GITHUBIMAGE}:${META_TAG}\\`\\"}" + fi + ''' + } + } + } + sh '''#!/bin/bash + rm -rf /config/.ssh/id_sign + rm -rf /config/.ssh/id_sign.pub + git config --global --unset gpg.format + git config --global --unset user.signingkey + git config --global --unset commit.gpgsign + ''' } cleanup { sh '''#! /bin/bash diff --git a/ansible/roles/repository/templates/Jenkinsfile.j2 b/ansible/roles/repository/templates/Jenkinsfile.j2 index 38543d9a..74e3187b 100644 --- a/ansible/roles/repository/templates/Jenkinsfile.j2 +++ b/ansible/roles/repository/templates/Jenkinsfile.j2 @@ -61,7 +61,7 @@ pipeline { ''' script{ env.EXIT_STATUS = '' - env.CI_TEST_COMPLETED = '' + env.CI_TEST_ATTEMPTED = '' env.LS_RELEASE = sh( script: '''docker run --rm quay.io/skopeo/stable:v1 inspect docker://ghcr.io/${LS_USER}/${CONTAINER_NAME}:{{ release_tag }} 2>/dev/null | jq -r '.Labels.build_version' | awk '{print $3}' | grep '\\-ls' || : ''', returnStdout: true).trim() @@ -1178,6 +1178,7 @@ pipeline { script{ env.CI_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/index.html' env.CI_JSON_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/report.json' + env.CI_TEST_ATTEMPTED = 'true' } sh '''#! /bin/bash set -e @@ -1234,9 +1235,6 @@ pipeline { -e BUILD_NUMBER=\"${BUILD_NUMBER}\" \ -t ghcr.io/linuxserver/ci:${CITEST_IMAGETAG} \ python3 test_build.py''' - script{ - env.CI_TEST_COMPLETED = 'true' - } } } } @@ -1441,84 +1439,6 @@ EOF ) ''' } } - // If this is a Pull request send the CI link as a comment on it - stage('Pull Request Comment') { - when { - not {environment name: 'CHANGE_ID', value: ''} - environment name: 'CI_TEST_COMPLETED', value: 'true' - } - steps { - sh '''#! /bin/bash - # Function to retrieve JSON data from URL - get_json() { - local url="$1" - local response=$(curl -s "$url") - if [ $? -ne 0 ]; then - echo "Failed to retrieve JSON data from $url" - return 1 - fi - local json=$(echo "$response" | jq .) - if [ $? -ne 0 ]; then - echo "Failed to parse JSON data from $url" - return 1 - fi - echo "$json" - } - - build_table() { - local data="$1" - - # Get the keys in the JSON data - local keys=$(echo "$data" | jq -r 'to_entries | map(.key) | .[]') - - # Check if keys are empty - if [ -z "$keys" ]; then - echo "JSON report data does not contain any keys or the report does not exist." - return 1 - fi - - # Build table header - local header="| Tag | Passed |\\n| --- | --- |\\n" - - # Loop through the JSON data to build the table rows - local rows="" - for build in $keys; do - local status=$(echo "$data" | jq -r ".[\\"$build\\"].test_success") - if [ "$status" = "true" ]; then - status="✅" - else - status="❌" - fi - local row="| "$build" | "$status" |\\n" - rows="${rows}${row}" - done - - local table="${header}${rows}" - local escaped_table=$(echo "$table" | sed 's/\"/\\\\"/g') - echo "$escaped_table" - } - - if [[ "${CI}" = "true" ]]; then - # Retrieve JSON data from URL - data=$(get_json "$CI_JSON_URL") - # Create table from JSON data - table=$(build_table "$data") - echo -e "$table" - - curl -X POST -H "Authorization: token $GITHUB_TOKEN" \ - -H "Accept: application/vnd.github.v3+json" \ - "https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \ - -d "{\\"body\\": \\"I am a bot, here are the test results for this PR: \\n${CI_URL}\\n${SHELLCHECK_URL}\\n${table}\\"}" - else - curl -X POST -H "Authorization: token $GITHUB_TOKEN" \ - -H "Accept: application/vnd.github.v3+json" \ - "https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \ - -d "{\\"body\\": \\"I am a bot, here is the pushed image/manifest for this PR: \\n\\n\\`${GITHUBIMAGE}:${META_TAG}\\`\\"}" - fi - ''' - - } - } {% if project_deprecation_status %} stage('Deprecate/Disable Future Builds') { when { @@ -1543,18 +1463,11 @@ EOF {% endif %} } /* ###################### - Send status to Discord + Comment on PR and Send status to Discord ###################### */ post { always { - sh '''#!/bin/bash - rm -rf /config/.ssh/id_sign - rm -rf /config/.ssh/id_sign.pub - git config --global --unset gpg.format - git config --global --unset user.signingkey - git config --global --unset commit.gpgsign - ''' - script{ + script { env.JOB_DATE = sh( script: '''date '+%Y-%m-%dT%H:%M:%S%:z' ''', returnStdout: true).trim() @@ -1597,6 +1510,87 @@ EOF "username": "Jenkins"}' ${BUILDS_DISCORD} ''' } } + script { + if (env.GITHUBIMAGE =~ /lspipepr/){ + if (env.CI_TEST_ATTEMPTED == "true"){ + sh '''#! /bin/bash + # Function to retrieve JSON data from URL + get_json() { + local url="$1" + local response=$(curl -s "$url") + if [ $? -ne 0 ]; then + echo "Failed to retrieve JSON data from $url" + return 1 + fi + local json=$(echo "$response" | jq .) + if [ $? -ne 0 ]; then + echo "Failed to parse JSON data from $url" + return 1 + fi + echo "$json" + } + + build_table() { + local data="$1" + + # Get the keys in the JSON data + local keys=$(echo "$data" | jq -r 'to_entries | map(.key) | .[]') + + # Check if keys are empty + if [ -z "$keys" ]; then + echo "JSON report data does not contain any keys or the report does not exist." + return 1 + fi + + # Build table header + local header="| Tag | Passed |\\n| --- | --- |\\n" + + # Loop through the JSON data to build the table rows + local rows="" + for build in $keys; do + local status=$(echo "$data" | jq -r ".[\\"$build\\"].test_success") + if [ "$status" = "true" ]; then + status="✅" + else + status="❌" + fi + local row="| "$build" | "$status" |\\n" + rows="${rows}${row}" + done + + local table="${header}${rows}" + local escaped_table=$(echo "$table" | sed 's/\"/\\\\"/g') + echo "$escaped_table" + } + + if [[ "${CI}" = "true" ]]; then + # Retrieve JSON data from URL + data=$(get_json "$CI_JSON_URL") + # Create table from JSON data + table=$(build_table "$data") + echo -e "$table" + + curl -X POST -H "Authorization: token $GITHUB_TOKEN" \ + -H "Accept: application/vnd.github.v3+json" \ + "https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \ + -d "{\\"body\\": \\"I am a bot, here are the test results for this PR: \\n${CI_URL}\\n${SHELLCHECK_URL}\\n${table}\\"}" + else + curl -X POST -H "Authorization: token $GITHUB_TOKEN" \ + -H "Accept: application/vnd.github.v3+json" \ + "https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \ + -d "{\\"body\\": \\"I am a bot, here is the pushed image/manifest for this PR: \\n\\n\\`${GITHUBIMAGE}:${META_TAG}\\`\\"}" + fi + ''' + } + } + } + sh '''#!/bin/bash + rm -rf /config/.ssh/id_sign + rm -rf /config/.ssh/id_sign.pub + git config --global --unset gpg.format + git config --global --unset user.signingkey + git config --global --unset commit.gpgsign + ''' } cleanup { sh '''#! /bin/bash From 5c77ca7c27d8f424bddf7220e0daf72fa16e0d70 Mon Sep 17 00:00:00 2001 From: Roxedus Date: Fri, 27 Mar 2026 19:09:56 +0100 Subject: [PATCH 05/13] Make unraid text happy in mkdocs --- .../templates/README_SNIPPETS/SELKIES.j2 | 32 ++++++++++++------- 1 file changed, 20 insertions(+), 12 deletions(-) diff --git a/ansible/roles/documentation/templates/README_SNIPPETS/SELKIES.j2 b/ansible/roles/documentation/templates/README_SNIPPETS/SELKIES.j2 index 4f15266e..220e5225 100644 --- a/ansible/roles/documentation/templates/README_SNIPPETS/SELKIES.j2 +++ b/ansible/roles/documentation/templates/README_SNIPPETS/SELKIES.j2 @@ -52,26 +52,34 @@ For Intel and AMD GPUs. - DRI_NODE=/dev/dri/renderD128 ``` -{% if show_nvidia is defined %}##### Nvidia (Proprietary Drivers) +{% if show_nvidia is defined %} +##### Nvidia (Proprietary Drivers) **Note: Nvidia support is not available for Alpine-based images.** **Prerequisites:** 1. **Driver:** Proprietary drivers **580 or higher** are required. **Crucially, you should install the driver using the `.run` file downloaded directly from the Nvidia website.** - * **Unraid:** Use the production branch from the Nvidia Driver Plugin. -2. **Kernel Parameter:** You must set `nvidia-drm.modeset=1` in your host bootloader. - * **Standard Linux (GRUB):** Edit `/etc/default/grub` and add the parameter to your existing `GRUB_CMDLINE_LINUX_DEFAULT` line: - ```text - GRUB_CMDLINE_LINUX_DEFAULT=" nvidia-drm.modeset=1" - ``` - Then apply the changes by running: - ```bash - sudo update-grub - ``` - * **Unraid (Syslinux):** Edit the file `/boot/syslinux/syslinux.cfg` and add `nvidia-drm.modeset=1` to the end of the `append` line for the Unraid OS boot entry. + * **Unraid:** Use the production branch from the Nvidia Driver Plugin. + +2. **Kernel Parameter:** You must set `nvidia-drm.modeset=1` in your host bootloader. + * **Standard Linux (GRUB):** Edit `/etc/default/grub` and add the parameter to your existing `GRUB_CMDLINE_LINUX_DEFAULT` line: + + ```text + GRUB_CMDLINE_LINUX_DEFAULT=" nvidia-drm.modeset=1" + ``` + + Then apply the changes by running: + + ```bash + sudo update-grub + ``` + + * **Unraid (Syslinux):** Edit the file `/boot/syslinux/syslinux.cfg` and add `nvidia-drm.modeset=1` to the end of the `append` line for the Unraid OS boot entry. + 3. **Hardware Initialization:** **On headless systems, the Nvidia video card requires a physical dummy plug inserted into the GPU so that DRM initializes properly.** + 4. **Docker Runtime:** Configure the host docker daemon to use the Nvidia runtime: ```bash From 533366d65f200b2b25439a86cd25c5489e243004 Mon Sep 17 00:00:00 2001 From: Roxedus Date: Fri, 27 Mar 2026 19:10:37 +0100 Subject: [PATCH 06/13] Move variable definitions for easier blankspace handling --- .../templates/README_SNIPPETS/SELKIES.j2 | 329 +++++++++--------- 1 file changed, 164 insertions(+), 165 deletions(-) diff --git a/ansible/roles/documentation/templates/README_SNIPPETS/SELKIES.j2 b/ansible/roles/documentation/templates/README_SNIPPETS/SELKIES.j2 index 220e5225..d7a18038 100644 --- a/ansible/roles/documentation/templates/README_SNIPPETS/SELKIES.j2 +++ b/ansible/roles/documentation/templates/README_SNIPPETS/SELKIES.j2 @@ -1,3 +1,162 @@ +{%- set selkies_variables -%} +| Variable | Description | +| :----: | --- | +| PIXELFLUX_WAYLAND | **Experimental** If set to true the container will initialize in Wayland mode running [Smithay](https://github.com/Smithay/smithay) and Labwc while enabling zero copy encoding with a GPU | +| CUSTOM_PORT | Internal port the container listens on for http if it needs to be swapped from the default `{% if external_http_port is defined %}{{ external_http_port }}{% else %}3000{% endif %}` | +| CUSTOM_HTTPS_PORT | Internal port the container listens on for https if it needs to be swapped from the default `{% if external_https_port is defined %}{{ external_https_port }}{% else %}3001{% endif %}` | +| CUSTOM_WS_PORT | Internal port the container listens on for websockets if it needs to be swapped from the default 8082 | +| CUSTOM_USER | HTTP Basic auth username, abc is default. | +| DRI_NODE | **Encoding GPU**: Enable VAAPI/NVENC stream encoding and use the specified device IE `/dev/dri/renderD128` | +| DRINODE | **Rendering GPU**: Specify which GPU to use for EGL/3D acceleration IE `/dev/dri/renderD129` | +| PASSWORD | HTTP Basic auth password, abc is default. If unset there will be no auth | +| SUBFOLDER | Subfolder for the application if running a subfolder reverse proxy, need both slashes IE `/subfolder/` | +| TITLE | The page title displayed on the web browser, default "Selkies" | +| DASHBOARD | Allows the user to set their dashboard. Options: `selkies-dashboard`, `selkies-dashboard-zinc`, `selkies-dashboard-wish` | +| FILE_MANAGER_PATH | Modifies the default upload/download file path, path must have proper permissions for abc user | +| START_DOCKER | If set to false a container with privilege will not automatically start the DinD Docker setup | +| DISABLE_IPV6 | If set to true or any value this will disable IPv6 | +| LC_ALL | Set the Language for the container to run as IE `fr_FR.UTF-8` `ar_AE.UTF-8` | +| NO_DECOR | If set the application will run without window borders for use as a PWA. (Decor can be enabled and disabled with Ctrl+Shift+d) | +| NO_FULL | Do not autmatically fullscreen applications when using openbox. | +| NO_GAMEPAD | Disable userspace gamepad interposer injection. | +| DISABLE_ZINK | Do not set the Zink environment variables if a video card is detected (userspace applications will use CPU rendering) | +| DISABLE_DRI3 | Do not use DRI3 acceleration if a video card is detected (userspace applications will use CPU rendering) | +| MAX_RES | Pass a larger maximum resolution for the container default is 16k `15360x8640` | +| WATERMARK_PNG | Full path inside the container to a watermark png IE `/usr/share/selkies/www/icon.png` | +| WATERMARK_LOCATION | Where to paint the image over the stream integer options below | + +**`WATERMARK_LOCATION` Options:** + +* **1**: Top Left +* **2**: Top Right +* **3**: Bottom Left +* **4**: Bottom Right +* **5**: Centered +* **6**: Animated +{% endset -%} +{%- set optional_variables -%} +| Argument | Description | +| :----: | --- | +| `--privileged` | Starts a Docker-in-Docker (DinD) environment. For better performance, mount the Docker data directory from the host, e.g., `-v /path/to/docker-data:/var/lib/docker`. | +| `-v /var/run/docker.sock:/var/run/docker.sock` | Mounts the host's Docker socket to manage host containers from within this container. | +| `--device /dev/dri:/dev/dri` | Mount a GPU into the container, this can be used in conjunction with the `DRINODE` environment variable to leverage a host video card for GPU accelerated applications. | +{% endset -%} +{%- set legacy_variables -%} +**Note:** This section applies only if you are **NOT** using `PIXELFLUX_WAYLAND=true`. + +When using 3d acceleration via Nvidia DRM or DRI3 in X11 mode, it is important to clamp the virtual display to a reasonable max resolution to avoid memory exhaustion or poor performance. + +* `-e MAX_RESOLUTION=3840x2160` + +This will set the total virtual framebuffer to 4K. By default, the virtual monitor is 16K. If you have performance issues in an accelerated X11 session, try clamping the resolution to 1080p and work up from there: + +```bash +-e SELKIES_MANUAL_WIDTH=1920 +-e SELKIES_MANUAL_HEIGHT=1080 +-e MAX_RESOLUTION=1920x1080 +``` +{% endset -%} +{%- set selkies_sec_vars -%} +These variables can be used to lock down the desktop environment for single-application use cases or to restrict user capabilities. + +| Variable | Description | +| :----: | --- | +| **`HARDEN_DESKTOP`** | Enables `DISABLE_OPEN_TOOLS`, `DISABLE_SUDO`, and `DISABLE_TERMINALS`. Also sets related Selkies UI settings (`SELKIES_FILE_TRANSFERS`, `SELKIES_COMMAND_ENABLED`, `SELKIES_UI_SIDEBAR_SHOW_FILES`, `SELKIES_UI_SIDEBAR_SHOW_APPS`) if they are not explicitly set by the user. | +| **`HARDEN_OPENBOX`** | Enables `DISABLE_CLOSE_BUTTON`, `DISABLE_MOUSE_BUTTONS`, and `HARDEN_KEYBINDS`. It also flags `RESTART_APP` if not set by the user, ensuring the primary application is automatically restarted if closed. | + +**Individual Hardening Variables:** + +| Variable | Description | +| :--- | --- | +| **`DISABLE_OPEN_TOOLS`** | If true, disables `xdg-open` and `exo-open` binaries by removing their execute permissions. | +| **`DISABLE_SUDO`** | If true, disables the `sudo` command by removing its execute permissions and invalidating the passwordless sudo configuration. | +| **`DISABLE_TERMINALS`** | If true, disables common terminal emulators by removing their execute permissions and hiding them from the Openbox right-click menu. | +| **`DISABLE_CLOSE_BUTTON`** | If true, removes the close button from window title bars in the Openbox window manager. | +| **`DISABLE_MOUSE_BUTTONS`** | If true, disables the right-click and middle-click context menus and actions within the Openbox window manager. | +| **`HARDEN_KEYBINDS`** | If true, disables default Openbox keybinds that can bypass other hardening options (e.g., `Alt+F4` to close windows, `Alt+Escape` to show the root menu). | +| **`RESTART_APP`** | If true, enables a watchdog service that automatically restarts the main application if it is closed. The user's autostart script is made read-only and root owned to prevent tampering. | +{% endset -%} +{%- set selkies_vars -%} +Using environment variables every facet of the application can be configured. + +**Booleans and Locking:** +Boolean settings accept `true` or `false`. You can also prevent the user from changing a boolean setting in the UI by appending `|locked`. + +* Example: `-e SELKIES_USE_CPU="true|locked"` + +**Enums and Lists:** +These settings accept a comma-separated list of values. The first item becomes default. If only one item is provided, the UI dropdown is hidden. + +* Example: `-e SELKIES_ENCODER="jpeg"` + +**Ranges:** +Use a hyphen-separated `min-max` format for a slider, or a single number to lock the value. + +* Example: `-e SELKIES_FRAMERATE="60"` + +**Manual Resolution Mode:** +If `SELKIES_MANUAL_WIDTH` or `SELKIES_MANUAL_HEIGHT` are set, the resolution is locked to those values. + +| Environment Variable | Default Value | Description | +| --- | --- | --- | +| `SELKIES_UI_TITLE` | `'Selkies'` | Title in top left corner of sidebar. | +| `SELKIES_UI_SHOW_LOGO` | `True` | Show the Selkies logo in the sidebar. | +| `SELKIES_UI_SHOW_SIDEBAR` | `True` | Show the main sidebar UI. | +| `SELKIES_UI_SHOW_CORE_BUTTONS` | `True` | Show the core components buttons display, audio, microphone, and gamepad. | +| `SELKIES_UI_SIDEBAR_SHOW_VIDEO_SETTINGS` | `True` | Show the video settings section in the sidebar. | +| `SELKIES_UI_SIDEBAR_SHOW_SCREEN_SETTINGS` | `True` | Show the screen settings section in the sidebar. | +| `SELKIES_UI_SIDEBAR_SHOW_AUDIO_SETTINGS` | `True` | Show the audio settings section in the sidebar. | +| `SELKIES_UI_SIDEBAR_SHOW_STATS` | `True` | Show the stats section in the sidebar. | +| `SELKIES_UI_SIDEBAR_SHOW_CLIPBOARD` | `True` | Show the clipboard section in the sidebar. | +| `SELKIES_UI_SIDEBAR_SHOW_FILES` | `True` | Show the file transfer section in the sidebar. | +| `SELKIES_UI_SIDEBAR_SHOW_APPS` | `True` | Show the applications section in the sidebar. | +| `SELKIES_UI_SIDEBAR_SHOW_SHARING` | `True` | Show the sharing section in the sidebar. | +| `SELKIES_UI_SIDEBAR_SHOW_GAMEPADS` | `True` | Show the gamepads section in the sidebar. | +| `SELKIES_UI_SIDEBAR_SHOW_FULLSCREEN` | `True` | Show the fullscreen button in the sidebar. | +| `SELKIES_UI_SIDEBAR_SHOW_GAMING_MODE` | `True` | Show the gaming mode button in the sidebar. | +| `SELKIES_UI_SIDEBAR_SHOW_TRACKPAD` | `True` | Show the virtual trackpad button in the sidebar. | +| `SELKIES_UI_SIDEBAR_SHOW_KEYBOARD_BUTTON` | `True` | Show the on-screen keyboard button in the display area. | +| `SELKIES_UI_SIDEBAR_SHOW_SOFT_BUTTONS` | `True` | Show the soft buttons section in the sidebar. | +| `SELKIES_AUDIO_ENABLED` | `True` | Enable server-to-client audio streaming. | +| `SELKIES_MICROPHONE_ENABLED` | `True` | Enable client-to-server microphone forwarding. | +| `SELKIES_GAMEPAD_ENABLED` | `True` | Enable gamepad support. | +| `SELKIES_CLIPBOARD_ENABLED` | `True` | Enable clipboard synchronization. | +| `SELKIES_COMMAND_ENABLED` | `True` | Enable parsing of command websocket messages. | +| `SELKIES_FILE_TRANSFERS` | `'upload,download'` | Allowed file transfer directions (comma-separated: "upload,download"). Set to "" or "none" to disable. | +| `SELKIES_ENCODER` | `'x264enc,x264enc-striped,jpeg'` | The default video encoders. | +| `SELKIES_FRAMERATE` | `'8-120'` | Allowed framerate range or a fixed value. | +| `SELKIES_H264_CRF` | `'5-50'` | Allowed H.264 CRF range or a fixed value. | +| `SELKIES_JPEG_QUALITY` | `'1-100'` | Allowed JPEG quality range or a fixed value. | +| `SELKIES_H264_FULLCOLOR` | `False` | Enable H.264 full color range for pixelflux encoders. | +| `SELKIES_H264_STREAMING_MODE` | `False` | Enable H.264 streaming mode for pixelflux encoders. | +| `SELKIES_USE_CPU` | `False` | Force CPU-based encoding for pixelflux. | +| `SELKIES_USE_PAINT_OVER_QUALITY` | `True` | Enable high-quality paint-over for static scenes. | +| `SELKIES_PAINT_OVER_JPEG_QUALITY` | `'1-100'` | Allowed JPEG paint-over quality range or a fixed value. | +| `SELKIES_H264_PAINTOVER_CRF` | `'5-50'` | Allowed H.264 paint-over CRF range or a fixed value. | +| `SELKIES_H264_PAINTOVER_BURST_FRAMES` | `'1-30'` | Allowed H.264 paint-over burst frames range or a fixed value. | +| `SELKIES_SECOND_SCREEN` | `True` | Enable support for a second monitor/display. | +| `SELKIES_AUDIO_BITRATE` | `'320000'` | The default audio bitrate. | +| `SELKIES_IS_MANUAL_RESOLUTION_MODE` | `False` | Lock the resolution to the manual width/height values. | +| `SELKIES_MANUAL_WIDTH` | `0` | Lock width to a fixed value. Setting this forces manual resolution mode. | +| `SELKIES_MANUAL_HEIGHT` | `0` | Lock height to a fixed value. Setting this forces manual resolution mode. | +| `SELKIES_SCALING_DPI` | `'96'` | The default DPI for UI scaling. | +| `SELKIES_ENABLE_BINARY_CLIPBOARD` | `False` | Allow binary data on the clipboard. | +| `SELKIES_USE_BROWSER_CURSORS` | `False` | Use browser CSS cursors instead of rendering to canvas. | +| `SELKIES_USE_CSS_SCALING` | `False` | HiDPI when false, if true a lower resolution is sent from the client and the canvas is stretched. | +| `SELKIES_PORT` (or `CUSTOM_WS_PORT`) | `8082` | Port for the data websocket server. | +| `SELKIES_DRI_NODE` (or `DRI_NODE`) | `''` | Path to the DRI render node for VA-API. | +| `SELKIES_AUDIO_DEVICE_NAME` | `'output.monitor'` | Audio device name for pcmflux capture. | +| `SELKIES_WATERMARK_PATH` (or `WATERMARK_PNG`) | `''` | Absolute path to the watermark PNG file. | +| `SELKIES_WATERMARK_LOCATION` (or `WATERMARK_LOCATION`) | `-1` | Watermark location enum (0-6). | +| `SELKIES_DEBUG` | `False` | Enable debug logging. | +| `SELKIES_ENABLE_SHARING` | `True` | Master toggle for all sharing features. | +| `SELKIES_ENABLE_COLLAB` | `True` | Enable collaborative (read-write) sharing link. | +| `SELKIES_ENABLE_SHARED` | `True` | Enable view-only sharing links. | +| `SELKIES_ENABLE_PLAYER2` | `True` | Enable sharing link for gamepad player 2. | +| `SELKIES_ENABLE_PLAYER3` | `True` | Enable sharing link for gamepad player 3. | +| `SELKIES_ENABLE_PLAYER4` | `True` | Enable sharing link for gamepad player 4. | +{% endset -%} + **Modern GUI desktop apps may have compatibility issues with the latest Docker syscall restrictions. You can use Docker with the `--security-opt seccomp=unconfined` setting to allow these syscalls on hosts with older Kernels or libseccomp versions.** ### Security @@ -51,7 +210,6 @@ For Intel and AMD GPUs. - DRINODE=/dev/dri/renderD128 - DRI_NODE=/dev/dri/renderD128 ``` - {% if show_nvidia is defined %} ##### Nvidia (Proprietary Drivers) @@ -111,7 +269,6 @@ services: * **Unraid:** Ensure you're properly setting the DRINODE/DRI_NODE and adding `--gpus all --runtime nvidia` to your extra parameters. {% endif %} - ### SealSkin Compatibility This container is compatible with [SealSkin](https://sealskin.app). @@ -126,69 +283,11 @@ SealSkin is a self-hosted, client-server platform that provides secure authentic This container is based on [Docker Baseimage Selkies](https://github.com/linuxserver/docker-baseimage-selkies). -{% set blurb1 %} -| Variable | Description | -| :----: | --- | -| PIXELFLUX_WAYLAND | **Experimental** If set to true the container will initialize in Wayland mode running [Smithay](https://github.com/Smithay/smithay) and Labwc while enabling zero copy encoding with a GPU | -| CUSTOM_PORT | Internal port the container listens on for http if it needs to be swapped from the default `{% if external_http_port is defined %}{{ external_http_port }}{% else %}3000{% endif %}` | -| CUSTOM_HTTPS_PORT | Internal port the container listens on for https if it needs to be swapped from the default `{% if external_https_port is defined %}{{ external_https_port }}{% else %}3001{% endif %}` | -| CUSTOM_WS_PORT | Internal port the container listens on for websockets if it needs to be swapped from the default 8082 | -| CUSTOM_USER | HTTP Basic auth username, abc is default. | -| DRI_NODE | **Encoding GPU**: Enable VAAPI/NVENC stream encoding and use the specified device IE `/dev/dri/renderD128` | -| DRINODE | **Rendering GPU**: Specify which GPU to use for EGL/3D acceleration IE `/dev/dri/renderD129` | -| PASSWORD | HTTP Basic auth password, abc is default. If unset there will be no auth | -| SUBFOLDER | Subfolder for the application if running a subfolder reverse proxy, need both slashes IE `/subfolder/` | -| TITLE | The page title displayed on the web browser, default "Selkies" | -| DASHBOARD | Allows the user to set their dashboard. Options: `selkies-dashboard`, `selkies-dashboard-zinc`, `selkies-dashboard-wish` | -| FILE_MANAGER_PATH | Modifies the default upload/download file path, path must have proper permissions for abc user | -| START_DOCKER | If set to false a container with privilege will not automatically start the DinD Docker setup | -| DISABLE_IPV6 | If set to true or any value this will disable IPv6 | -| LC_ALL | Set the Language for the container to run as IE `fr_FR.UTF-8` `ar_AE.UTF-8` | -| NO_DECOR | If set the application will run without window borders for use as a PWA. (Decor can be enabled and disabled with Ctrl+Shift+d) | -| NO_FULL | Do not autmatically fullscreen applications when using openbox. | -| NO_GAMEPAD | Disable userspace gamepad interposer injection. | -| DISABLE_ZINK | Do not set the Zink environment variables if a video card is detected (userspace applications will use CPU rendering) | -| DISABLE_DRI3 | Do not use DRI3 acceleration if a video card is detected (userspace applications will use CPU rendering) | -| MAX_RES | Pass a larger maximum resolution for the container default is 16k `15360x8640` | -| WATERMARK_PNG | Full path inside the container to a watermark png IE `/usr/share/selkies/www/icon.png` | -| WATERMARK_LOCATION | Where to paint the image over the stream integer options below | +{{ selkies_variables | admonition(flavour=markdown, title="Click to expand: Optional Environment Variables", collapse=True) }} -**`WATERMARK_LOCATION` Options:** +{{ optional_variables | admonition(flavour=markdown, title="Click to expand: Optional Run Configurations (DinD & GPU Mounts)", collapse=True) }} -* **1**: Top Left -* **2**: Top Right -* **3**: Bottom Left -* **4**: Bottom Right -* **5**: Centered -* **6**: Animated -{% endset %} -{{ blurb1 | admonition(flavour=markdown, title="Click to expand: Optional Environment Variables", collapse=True) }} - -{% set blurb2 %} -| Argument | Description | -| :----: | --- | -| `--privileged` | Starts a Docker-in-Docker (DinD) environment. For better performance, mount the Docker data directory from the host, e.g., `-v /path/to/docker-data:/var/lib/docker`. | -| `-v /var/run/docker.sock:/var/run/docker.sock` | Mounts the host's Docker socket to manage host containers from within this container. | -| `--device /dev/dri:/dev/dri` | Mount a GPU into the container, this can be used in conjunction with the `DRINODE` environment variable to leverage a host video card for GPU accelerated applications. | -{% endset %} -{{ blurb2 | admonition(flavour=markdown, title="Click to expand: Optional Run Configurations (DinD & GPU Mounts)", collapse=True) }} - -{% set blurb3 %} -**Note:** This section applies only if you are **NOT** using `PIXELFLUX_WAYLAND=true`. - -When using 3d acceleration via Nvidia DRM or DRI3 in X11 mode, it is important to clamp the virtual display to a reasonable max resolution to avoid memory exhaustion or poor performance. - -* `-e MAX_RESOLUTION=3840x2160` - -This will set the total virtual framebuffer to 4K. By default, the virtual monitor is 16K. If you have performance issues in an accelerated X11 session, try clamping the resolution to 1080p and work up from there: - -```bash --e SELKIES_MANUAL_WIDTH=1920 --e SELKIES_MANUAL_HEIGHT=1080 --e MAX_RESOLUTION=1920x1080 -``` -{% endset %} -{{ blurb3 | admonition(flavour=markdown, title="Click to expand: Legacy X11 Resolution & Acceleration", collapse=True) }} +{{ legacy_variables | admonition(flavour=markdown, title="Click to expand: Legacy X11 Resolution & Acceleration", collapse=True) }} ### Language Support - Internationalization @@ -233,106 +332,6 @@ You can install packages from the system's native repository using the [universa ### Advanced Configuration -{% set blurb4 %} -These variables can be used to lock down the desktop environment for single-application use cases or to restrict user capabilities. +{{ selkies_sec_vars | admonition(flavour=markdown, title="Click to expand: Hardening Options", collapse=True) }} -| Variable | Description | -| :----: | --- | -| **`HARDEN_DESKTOP`** | Enables `DISABLE_OPEN_TOOLS`, `DISABLE_SUDO`, and `DISABLE_TERMINALS`. Also sets related Selkies UI settings (`SELKIES_FILE_TRANSFERS`, `SELKIES_COMMAND_ENABLED`, `SELKIES_UI_SIDEBAR_SHOW_FILES`, `SELKIES_UI_SIDEBAR_SHOW_APPS`) if they are not explicitly set by the user. | -| **`HARDEN_OPENBOX`** | Enables `DISABLE_CLOSE_BUTTON`, `DISABLE_MOUSE_BUTTONS`, and `HARDEN_KEYBINDS`. It also flags `RESTART_APP` if not set by the user, ensuring the primary application is automatically restarted if closed. | - -**Individual Hardening Variables:** - -| Variable | Description | -| :--- | --- | -| **`DISABLE_OPEN_TOOLS`** | If true, disables `xdg-open` and `exo-open` binaries by removing their execute permissions. | -| **`DISABLE_SUDO`** | If true, disables the `sudo` command by removing its execute permissions and invalidating the passwordless sudo configuration. | -| **`DISABLE_TERMINALS`** | If true, disables common terminal emulators by removing their execute permissions and hiding them from the Openbox right-click menu. | -| **`DISABLE_CLOSE_BUTTON`** | If true, removes the close button from window title bars in the Openbox window manager. | -| **`DISABLE_MOUSE_BUTTONS`** | If true, disables the right-click and middle-click context menus and actions within the Openbox window manager. | -| **`HARDEN_KEYBINDS`** | If true, disables default Openbox keybinds that can bypass other hardening options (e.g., `Alt+F4` to close windows, `Alt+Escape` to show the root menu). | -| **`RESTART_APP`** | If true, enables a watchdog service that automatically restarts the main application if it is closed. The user's autostart script is made read-only and root owned to prevent tampering. | -{% endset %} -{{ blurb4 | admonition(flavour=markdown, title="Click to expand: Hardening Options", collapse=True) }} - -{% set blurb5 %} -Using environment variables every facet of the application can be configured. - -**Booleans and Locking:** -Boolean settings accept `true` or `false`. You can also prevent the user from changing a boolean setting in the UI by appending `|locked`. - -* Example: `-e SELKIES_USE_CPU="true|locked"` - -**Enums and Lists:** -These settings accept a comma-separated list of values. The first item becomes default. If only one item is provided, the UI dropdown is hidden. - -* Example: `-e SELKIES_ENCODER="jpeg"` - -**Ranges:** -Use a hyphen-separated `min-max` format for a slider, or a single number to lock the value. - -* Example: `-e SELKIES_FRAMERATE="60"` - -**Manual Resolution Mode:** -If `SELKIES_MANUAL_WIDTH` or `SELKIES_MANUAL_HEIGHT` are set, the resolution is locked to those values. - -| Environment Variable | Default Value | Description | -| --- | --- | --- | -| `SELKIES_UI_TITLE` | `'Selkies'` | Title in top left corner of sidebar. | -| `SELKIES_UI_SHOW_LOGO` | `True` | Show the Selkies logo in the sidebar. | -| `SELKIES_UI_SHOW_SIDEBAR` | `True` | Show the main sidebar UI. | -| `SELKIES_UI_SHOW_CORE_BUTTONS` | `True` | Show the core components buttons display, audio, microphone, and gamepad. | -| `SELKIES_UI_SIDEBAR_SHOW_VIDEO_SETTINGS` | `True` | Show the video settings section in the sidebar. | -| `SELKIES_UI_SIDEBAR_SHOW_SCREEN_SETTINGS` | `True` | Show the screen settings section in the sidebar. | -| `SELKIES_UI_SIDEBAR_SHOW_AUDIO_SETTINGS` | `True` | Show the audio settings section in the sidebar. | -| `SELKIES_UI_SIDEBAR_SHOW_STATS` | `True` | Show the stats section in the sidebar. | -| `SELKIES_UI_SIDEBAR_SHOW_CLIPBOARD` | `True` | Show the clipboard section in the sidebar. | -| `SELKIES_UI_SIDEBAR_SHOW_FILES` | `True` | Show the file transfer section in the sidebar. | -| `SELKIES_UI_SIDEBAR_SHOW_APPS` | `True` | Show the applications section in the sidebar. | -| `SELKIES_UI_SIDEBAR_SHOW_SHARING` | `True` | Show the sharing section in the sidebar. | -| `SELKIES_UI_SIDEBAR_SHOW_GAMEPADS` | `True` | Show the gamepads section in the sidebar. | -| `SELKIES_UI_SIDEBAR_SHOW_FULLSCREEN` | `True` | Show the fullscreen button in the sidebar. | -| `SELKIES_UI_SIDEBAR_SHOW_GAMING_MODE` | `True` | Show the gaming mode button in the sidebar. | -| `SELKIES_UI_SIDEBAR_SHOW_TRACKPAD` | `True` | Show the virtual trackpad button in the sidebar. | -| `SELKIES_UI_SIDEBAR_SHOW_KEYBOARD_BUTTON` | `True` | Show the on-screen keyboard button in the display area. | -| `SELKIES_UI_SIDEBAR_SHOW_SOFT_BUTTONS` | `True` | Show the soft buttons section in the sidebar. | -| `SELKIES_AUDIO_ENABLED` | `True` | Enable server-to-client audio streaming. | -| `SELKIES_MICROPHONE_ENABLED` | `True` | Enable client-to-server microphone forwarding. | -| `SELKIES_GAMEPAD_ENABLED` | `True` | Enable gamepad support. | -| `SELKIES_CLIPBOARD_ENABLED` | `True` | Enable clipboard synchronization. | -| `SELKIES_COMMAND_ENABLED` | `True` | Enable parsing of command websocket messages. | -| `SELKIES_FILE_TRANSFERS` | `'upload,download'` | Allowed file transfer directions (comma-separated: "upload,download"). Set to "" or "none" to disable. | -| `SELKIES_ENCODER` | `'x264enc,x264enc-striped,jpeg'` | The default video encoders. | -| `SELKIES_FRAMERATE` | `'8-120'` | Allowed framerate range or a fixed value. | -| `SELKIES_H264_CRF` | `'5-50'` | Allowed H.264 CRF range or a fixed value. | -| `SELKIES_JPEG_QUALITY` | `'1-100'` | Allowed JPEG quality range or a fixed value. | -| `SELKIES_H264_FULLCOLOR` | `False` | Enable H.264 full color range for pixelflux encoders. | -| `SELKIES_H264_STREAMING_MODE` | `False` | Enable H.264 streaming mode for pixelflux encoders. | -| `SELKIES_USE_CPU` | `False` | Force CPU-based encoding for pixelflux. | -| `SELKIES_USE_PAINT_OVER_QUALITY` | `True` | Enable high-quality paint-over for static scenes. | -| `SELKIES_PAINT_OVER_JPEG_QUALITY` | `'1-100'` | Allowed JPEG paint-over quality range or a fixed value. | -| `SELKIES_H264_PAINTOVER_CRF` | `'5-50'` | Allowed H.264 paint-over CRF range or a fixed value. | -| `SELKIES_H264_PAINTOVER_BURST_FRAMES` | `'1-30'` | Allowed H.264 paint-over burst frames range or a fixed value. | -| `SELKIES_SECOND_SCREEN` | `True` | Enable support for a second monitor/display. | -| `SELKIES_AUDIO_BITRATE` | `'320000'` | The default audio bitrate. | -| `SELKIES_IS_MANUAL_RESOLUTION_MODE` | `False` | Lock the resolution to the manual width/height values. | -| `SELKIES_MANUAL_WIDTH` | `0` | Lock width to a fixed value. Setting this forces manual resolution mode. | -| `SELKIES_MANUAL_HEIGHT` | `0` | Lock height to a fixed value. Setting this forces manual resolution mode. | -| `SELKIES_SCALING_DPI` | `'96'` | The default DPI for UI scaling. | -| `SELKIES_ENABLE_BINARY_CLIPBOARD` | `False` | Allow binary data on the clipboard. | -| `SELKIES_USE_BROWSER_CURSORS` | `False` | Use browser CSS cursors instead of rendering to canvas. | -| `SELKIES_USE_CSS_SCALING` | `False` | HiDPI when false, if true a lower resolution is sent from the client and the canvas is stretched. | -| `SELKIES_PORT` (or `CUSTOM_WS_PORT`) | `8082` | Port for the data websocket server. | -| `SELKIES_DRI_NODE` (or `DRI_NODE`) | `''` | Path to the DRI render node for VA-API. | -| `SELKIES_AUDIO_DEVICE_NAME` | `'output.monitor'` | Audio device name for pcmflux capture. | -| `SELKIES_WATERMARK_PATH` (or `WATERMARK_PNG`) | `''` | Absolute path to the watermark PNG file. | -| `SELKIES_WATERMARK_LOCATION` (or `WATERMARK_LOCATION`) | `-1` | Watermark location enum (0-6). | -| `SELKIES_DEBUG` | `False` | Enable debug logging. | -| `SELKIES_ENABLE_SHARING` | `True` | Master toggle for all sharing features. | -| `SELKIES_ENABLE_COLLAB` | `True` | Enable collaborative (read-write) sharing link. | -| `SELKIES_ENABLE_SHARED` | `True` | Enable view-only sharing links. | -| `SELKIES_ENABLE_PLAYER2` | `True` | Enable sharing link for gamepad player 2. | -| `SELKIES_ENABLE_PLAYER3` | `True` | Enable sharing link for gamepad player 3. | -| `SELKIES_ENABLE_PLAYER4` | `True` | Enable sharing link for gamepad player 4. | -{% endset %} -{{ blurb5 | admonition(flavour=markdown, title="Click to expand: Selkies Application Settings", collapse=True) }} +{{ selkies_vars | admonition(flavour=markdown, title="Click to expand: Selkies Application Settings", collapse=True) }} From 39308e9f2118d0637c4016459269933697b39c17 Mon Sep 17 00:00:00 2001 From: Roxedus Date: Fri, 27 Mar 2026 19:36:33 +0100 Subject: [PATCH 07/13] Bump --- Dockerfile | 4 ++-- Dockerfile.aarch64 | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 860b1ea4..35176964 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -FROM ghcr.io/linuxserver/baseimage-alpine:3.22 +FROM ghcr.io/linuxserver/baseimage-alpine:3.23 # set version label ARG BUILD_DATE @@ -10,7 +10,7 @@ LABEL maintainer="roxedus, thelamer" RUN \ echo "**** install build packages ****" && \ - YQ_VERSION=v4.45.1 &&\ + YQ_VERSION=v4.52.5 &&\ wget https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64 -O /usr/bin/yq &&\ chmod +x /usr/bin/yq && \ apk add --no-cache --upgrade \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index bb4ab5cd..2b4e1366 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.22 +FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.23 # set version label ARG BUILD_DATE @@ -10,7 +10,7 @@ LABEL maintainer="roxedus, thelamer" RUN \ echo "**** install build packages ****" && \ - YQ_VERSION=v4.45.1 &&\ + YQ_VERSION=v4.52.5 &&\ wget https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_arm64 -O /usr/bin/yq &&\ chmod +x /usr/bin/yq && \ apk add --no-cache --upgrade \ From fc68f85729d8ffed0cacfa7c1e76c232e95e2269 Mon Sep 17 00:00:00 2001 From: Roxedus Date: Fri, 27 Mar 2026 19:37:03 +0100 Subject: [PATCH 08/13] Make logic compliant --- ansible/generate.yml | 4 ++-- ansible/roles/github/tasks/main.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/generate.yml b/ansible/generate.yml index 4a06e39c..0cc809f6 100644 --- a/ansible/generate.yml +++ b/ansible/generate.yml @@ -19,7 +19,7 @@ - name: Set UID tags: [ "always" ] changed_when: false - when: lookup('env', 'PUID') + when: lookup('env', 'PUID') | ternary(True, False) user: name: abc non_unique: yes @@ -28,7 +28,7 @@ - name: Set GID tags: [ "always" ] changed_when: false - when: lookup('env', 'PGID') + when: lookup('env', 'PGID') | ternary(True, False) group: name: abc non_unique: yes diff --git a/ansible/roles/github/tasks/main.yml b/ansible/roles/github/tasks/main.yml index e56820c1..cffda2ea 100644 --- a/ansible/roles/github/tasks/main.yml +++ b/ansible/roles/github/tasks/main.yml @@ -29,7 +29,7 @@ - permissions.yml - name: Populate conditional Github workflows - when: item.when + when: item.when | ternary(True, False) template: src: "{{ item.file }}.j2" dest: "/tmp/.github/workflows/{{ item.file }}" From bdc386e1f896dc2edf17c1323b60971bc3342e8e Mon Sep 17 00:00:00 2001 From: thelamer Date: Sun, 29 Mar 2026 16:37:12 -0400 Subject: [PATCH 09/13] mark nvidia experiemntal until we have a stable solid method for all users --- .../roles/documentation/templates/README_SNIPPETS/SELKIES.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ansible/roles/documentation/templates/README_SNIPPETS/SELKIES.j2 b/ansible/roles/documentation/templates/README_SNIPPETS/SELKIES.j2 index d7a18038..a5e4521c 100644 --- a/ansible/roles/documentation/templates/README_SNIPPETS/SELKIES.j2 +++ b/ansible/roles/documentation/templates/README_SNIPPETS/SELKIES.j2 @@ -214,6 +214,8 @@ For Intel and AMD GPUs. ##### Nvidia (Proprietary Drivers) +**Note: Nvidia support is currently considered experimental, driver changes can break it at any time.** + **Note: Nvidia support is not available for Alpine-based images.** **Prerequisites:** From e3e19f7290564c291cb254373ebb95bafc3f3510 Mon Sep 17 00:00:00 2001 From: thelamer Date: Sun, 29 Mar 2026 16:42:37 -0400 Subject: [PATCH 10/13] also mention selkies desktop flag --- ansible/roles/documentation/templates/README_SNIPPETS/SELKIES.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/roles/documentation/templates/README_SNIPPETS/SELKIES.j2 b/ansible/roles/documentation/templates/README_SNIPPETS/SELKIES.j2 index a5e4521c..d82abd75 100644 --- a/ansible/roles/documentation/templates/README_SNIPPETS/SELKIES.j2 +++ b/ansible/roles/documentation/templates/README_SNIPPETS/SELKIES.j2 @@ -2,6 +2,7 @@ | Variable | Description | | :----: | --- | | PIXELFLUX_WAYLAND | **Experimental** If set to true the container will initialize in Wayland mode running [Smithay](https://github.com/Smithay/smithay) and Labwc while enabling zero copy encoding with a GPU | +| SELKIES_DESKTOP | If set to true and in Wayland mode, a simple panel will be initialized with labwc | | CUSTOM_PORT | Internal port the container listens on for http if it needs to be swapped from the default `{% if external_http_port is defined %}{{ external_http_port }}{% else %}3000{% endif %}` | | CUSTOM_HTTPS_PORT | Internal port the container listens on for https if it needs to be swapped from the default `{% if external_https_port is defined %}{{ external_https_port }}{% else %}3001{% endif %}` | | CUSTOM_WS_PORT | Internal port the container listens on for websockets if it needs to be swapped from the default 8082 | From 32004acea1f17195bcc0e3c6721be87bb27e0cf7 Mon Sep 17 00:00:00 2001 From: thelamer Date: Tue, 31 Mar 2026 16:52:18 -0400 Subject: [PATCH 11/13] mention chromium client changes needed for nvidia frames on clients with gpu acceleration, add AUTO_GPU docs --- .../documentation/templates/README_SNIPPETS/SELKIES.j2 | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/ansible/roles/documentation/templates/README_SNIPPETS/SELKIES.j2 b/ansible/roles/documentation/templates/README_SNIPPETS/SELKIES.j2 index d82abd75..23b03a67 100644 --- a/ansible/roles/documentation/templates/README_SNIPPETS/SELKIES.j2 +++ b/ansible/roles/documentation/templates/README_SNIPPETS/SELKIES.j2 @@ -9,6 +9,7 @@ | CUSTOM_USER | HTTP Basic auth username, abc is default. | | DRI_NODE | **Encoding GPU**: Enable VAAPI/NVENC stream encoding and use the specified device IE `/dev/dri/renderD128` | | DRINODE | **Rendering GPU**: Specify which GPU to use for EGL/3D acceleration IE `/dev/dri/renderD129` | +| AUTO_GPU | If multiple GPUs are mounted in we will automatically use the first one available for encoding and rendering IE `/dev/dri/renderD128` | | PASSWORD | HTTP Basic auth password, abc is default. If unset there will be no auth | | SUBFOLDER | Subfolder for the application if running a subfolder reverse proxy, need both slashes IE `/subfolder/` | | TITLE | The page title displayed on the web browser, default "Selkies" | @@ -196,7 +197,9 @@ To use hardware acceleration in Wayland mode, we distinguish between the card us * `DRINODE`: The path to the GPU used for **Rendering** (EGL). * `DRI_NODE`: The path to the GPU used for **Encoding** (VAAPI/NVENC). -If both variables point to the same device, the container will automatically enable **Zero Copy** encoding, significantly reducing CPU usage and latency. +If both variables point to the same device, the container will automatically enable **Zero Copy** encoding, significantly reducing CPU usage and latency. If they are set to different devices one will be used for **Rendering** and one for **Encoding** with a cpu readback. + +You can also use the environment variable `AUTO_GPU=true`, with this set the first card detected in the container (IE `/dev/dri/renderD128`) will be used and configured for **Zero Copy**. ##### Intel & AMD (Open Source Drivers) @@ -219,6 +222,8 @@ For Intel and AMD GPUs. **Note: Nvidia support is not available for Alpine-based images.** +**Note: Nvidia frames have issues with hardware decoders in Chromium browsers you need to navigate to `chrome://flags/#disable-accelerated-video-decode` and toggle it to `Disabled` for smooth playback** + **Prerequisites:** 1. **Driver:** Proprietary drivers **580 or higher** are required. **Crucially, you should install the driver using the `.run` file downloaded directly from the Nvidia website.** From 23e022e8552baa45d806c4a60d721f74bb1a0ef2 Mon Sep 17 00:00:00 2001 From: thelamer Date: Tue, 31 Mar 2026 16:56:54 -0400 Subject: [PATCH 12/13] wording --- .../roles/documentation/templates/README_SNIPPETS/SELKIES.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/documentation/templates/README_SNIPPETS/SELKIES.j2 b/ansible/roles/documentation/templates/README_SNIPPETS/SELKIES.j2 index 23b03a67..e7aa2da6 100644 --- a/ansible/roles/documentation/templates/README_SNIPPETS/SELKIES.j2 +++ b/ansible/roles/documentation/templates/README_SNIPPETS/SELKIES.j2 @@ -9,7 +9,7 @@ | CUSTOM_USER | HTTP Basic auth username, abc is default. | | DRI_NODE | **Encoding GPU**: Enable VAAPI/NVENC stream encoding and use the specified device IE `/dev/dri/renderD128` | | DRINODE | **Rendering GPU**: Specify which GPU to use for EGL/3D acceleration IE `/dev/dri/renderD129` | -| AUTO_GPU | If multiple GPUs are mounted in we will automatically use the first one available for encoding and rendering IE `/dev/dri/renderD128` | +| AUTO_GPU | If set to true and in Wayland mode, we will automatically use the first GPU available for encoding and rendering IE `/dev/dri/renderD128` | | PASSWORD | HTTP Basic auth password, abc is default. If unset there will be no auth | | SUBFOLDER | Subfolder for the application if running a subfolder reverse proxy, need both slashes IE `/subfolder/` | | TITLE | The page title displayed on the web browser, default "Selkies" | From 4dca461462632fbc7e1f09d96c1612e4d4dd8fe0 Mon Sep 17 00:00:00 2001 From: thelamer Date: Wed, 1 Apr 2026 11:40:42 -0400 Subject: [PATCH 13/13] also recommend fbdev kernel param --- .../documentation/templates/README_SNIPPETS/SELKIES.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/roles/documentation/templates/README_SNIPPETS/SELKIES.j2 b/ansible/roles/documentation/templates/README_SNIPPETS/SELKIES.j2 index e7aa2da6..5990eb85 100644 --- a/ansible/roles/documentation/templates/README_SNIPPETS/SELKIES.j2 +++ b/ansible/roles/documentation/templates/README_SNIPPETS/SELKIES.j2 @@ -229,11 +229,11 @@ For Intel and AMD GPUs. 1. **Driver:** Proprietary drivers **580 or higher** are required. **Crucially, you should install the driver using the `.run` file downloaded directly from the Nvidia website.** * **Unraid:** Use the production branch from the Nvidia Driver Plugin. -2. **Kernel Parameter:** You must set `nvidia-drm.modeset=1` in your host bootloader. +2. **Kernel Parameter:** You must set `nvidia-drm.modeset=1 nvidia_drm.fbdev=1` in your host bootloader. * **Standard Linux (GRUB):** Edit `/etc/default/grub` and add the parameter to your existing `GRUB_CMDLINE_LINUX_DEFAULT` line: ```text - GRUB_CMDLINE_LINUX_DEFAULT=" nvidia-drm.modeset=1" + GRUB_CMDLINE_LINUX_DEFAULT=" nvidia-drm.modeset=1 nvidia_drm.fbdev=1" ``` Then apply the changes by running: @@ -242,7 +242,7 @@ For Intel and AMD GPUs. sudo update-grub ``` - * **Unraid (Syslinux):** Edit the file `/boot/syslinux/syslinux.cfg` and add `nvidia-drm.modeset=1` to the end of the `append` line for the Unraid OS boot entry. + * **Unraid (Syslinux):** Edit the file `/boot/syslinux/syslinux.cfg` and add `nvidia-drm.modeset=1 nvidia_drm.fbdev=1` to the end of the `append` line for the Unraid OS boot entry. 3. **Hardware Initialization:** **On headless systems, the Nvidia video card requires a physical dummy plug inserted into the GPU so that DRM initializes properly.**