Add host networking option and uidmap support

successbyfailure · successbyfailure · commit e15567f4b0bf · 2026-01-07T03:27:44.000+01:00
diff --git a/Docker-Images/Designer/Dockerfile b/Docker-Images/Designer/Dockerfile
@@ -55,6 +55,7 @@ RUN dpkg --add-architecture i386 && \
         cifs-utils \
         nfs-common \
         sshfs \
+        uidmap \
         # dependencias runtime (Perl/VNC) que queremos preinstalar
         libdatetime-perl \
         liblist-moreutils-perl \
diff --git a/workspaces/DeveloperAndroid/README.md b/workspaces/DeveloperAndroid/README.md
@@ -20,6 +20,7 @@ Workspace gráfico KDE/KasmVNC con toolchain Android preinstalado. Usa la imagen
 
 ## Creación rápida en Coder
 - `GPU`: viene activada por defecto; desactívala si no la necesitas.
+- `Usar red del host`: conecta el workspace a la red del host (network_mode=host) y no publica puertos.
 - `Persistir home en el host`: monta `/home/coder` en `TF_VAR_users_storage/<usuario>/<workspace>`.
 - `Persistir solo ~/Projects`: monta `/home/coder/Projects` en `TF_VAR_users_storage/<usuario>/<workspace>/Projects`.
 - `Montar ruta host en ~/host`: monta una ruta del host en `/home/coder/host`.
diff --git a/workspaces/DeveloperAndroid/main.tf b/workspaces/DeveloperAndroid/main.tf
@@ -60,6 +60,15 @@ data "coder_parameter" "enable_dri" {
   mutable      = true
 }
 
+data "coder_parameter" "enable_host_network" {
+  name         = "02_00_enable_host_network"
+  display_name = "[Network] Usar red del host (network_mode=host)"
+  description  = "Conecta el contenedor directamente a la red del host (sin mapeo de puertos)."
+  type         = "bool"
+  default      = false
+  mutable      = true
+}
+
 data "coder_parameter" "git_repo_url" {
   name         = "03_git_repo_url"
   display_name = "[Code] Repositorio Git (opcional)"
@@ -155,6 +164,7 @@ locals {
   workspace_image      = "ghcr.io/makespacemadrid/coder-mks-developer-android:latest"
   enable_gpu           = data.coder_parameter.enable_gpu.value
   enable_dri           = data.coder_parameter.enable_dri.value
+  enable_host_network  = data.coder_parameter.enable_host_network.value
   persist_home_storage           = data.coder_parameter.persist_home_storage.value
   persist_projects_storage       = data.coder_parameter.persist_projects_storage.value
   host_mount_path                = trimspace(data.coder_parameter.host_mount_path.value)
@@ -878,6 +888,9 @@ resource "docker_container" "workspace" {
 
   privileged = true # Requerido para KVM
 
+  # Acceso directo a la red del host (sin mapeo de puertos)
+  network_mode = local.enable_host_network ? "host" : null
+
   entrypoint = [
     "sh",
     "-c",
diff --git a/workspaces/Maker/main.tf b/workspaces/Maker/main.tf
@@ -191,9 +191,23 @@ resource "coder_agent" "main" {
   startup_script = <<-EOT
     set -e
 
+    # Asegurar soporte de user namespaces para Steam/Flatpak
+    if ! command -v newuidmap >/dev/null 2>&1; then
+      echo "WARN: uidmap no disponible; Steam/Flatpak pueden fallar" >&2
+    fi
+    if [ -w /etc/subuid ] && ! grep -q "^$USER:" /etc/subuid 2>/dev/null; then
+      echo "$USER:100000:65536" | sudo tee -a /etc/subuid >/dev/null
+    fi
+    if [ -w /etc/subgid ] && ! grep -q "^$USER:" /etc/subgid 2>/dev/null; then
+      echo "$USER:100000:65536" | sudo tee -a /etc/subgid >/dev/null
+    fi
+
     # Asegurar permisos de FUSE
+    if ! getent group fuse >/dev/null 2>&1; then
+      sudo groupadd -r fuse || true
+    fi
     sudo usermod -aG fuse "$USER" || true
-    if [ -e /dev/fuse ]; then
+    if [ -e /dev/fuse ] && getent group fuse >/dev/null 2>&1; then
       sudo chown root:fuse /dev/fuse || true
       sudo chmod 666 /dev/fuse || true
     fi
