Initial import from coder-workspace-desktop

Author: successbyfailure

.github/workflows/build.yml

@@ -0,0 +1,243 @@
+name: Build and Publish
+
+on:
+  push:
+    branches:
+      - main
+      - master
+  schedule:
+    # Rebuild every 15 days even sin cambios para mantener imágenes frescas
+    - cron: "0 3 */15 * *"
+  workflow_dispatch:
+
+jobs:
+  build-desktop:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    outputs:
+      run_build: ${{ steps.changes.outputs.run_build }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Detect changes for desktop
+        id: changes
+        run: |
+          if [ "${GITHUB_EVENT_NAME:-}" = "schedule" ]; then
+            echo "run_build=true" >> "$GITHUB_OUTPUT"
+            echo "Scheduled run: forcing desktop build."
+            exit 0
+          fi
+          BASE_REF="${{ github.event.before }}"
+          if [ -z "$BASE_REF" ] || ! git cat-file -e "$BASE_REF^{commit}" 2>/dev/null; then
+            BASE_REF="HEAD^"
+          fi
+
+          if git diff --quiet "$BASE_REF" HEAD -- Docker-Images/Desktop; then
+            echo "run_build=false" >> "$GITHUB_OUTPUT"
+            echo "No changes in Docker-Images/Desktop, skipping build."
+          else
+            echo "run_build=true" >> "$GITHUB_OUTPUT"
+            echo "Changes detected in Docker-Images/Desktop, building image."
+          fi
+
+      - name: Log in to GHCR
+        if: steps.changes.outputs.run_build == 'true'
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata
+        if: steps.changes.outputs.run_build == 'true'
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository_owner }}/coder-mks-desktop
+          tags: |
+            type=raw,value=latest
+            type=sha
+
+      - name: Set up Docker Buildx
+        if: steps.changes.outputs.run_build == 'true'
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push
+        if: steps.changes.outputs.run_build == 'true'
+        uses: docker/build-push-action@v5
+        with:
+          context: Docker-Images/Desktop
+          push: true
+          platforms: linux/amd64
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha,scope=coder-mks-desktop
+          cache-to: type=gha,mode=max,scope=coder-mks-desktop
+          build-args: |
+            BUILDKIT_STEP_TIMEOUT=1800
+          sbom: false
+
+  build-desktop-kde:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    outputs:
+      run_build: ${{ steps.changes.outputs.run_build }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Detect changes for desktop-kde
+        id: changes
+        run: |
+          if [ "${GITHUB_EVENT_NAME:-}" = "schedule" ]; then
+            echo "run_build=true" >> "$GITHUB_OUTPUT"
+            echo "Scheduled run: forcing desktop-kde build."
+            exit 0
+          fi
+          BASE_REF="${{ github.event.before }}"
+          if [ -z "$BASE_REF" ] || ! git cat-file -e "$BASE_REF^{commit}" 2>/dev/null; then
+            BASE_REF="HEAD^"
+          fi
+
+          if git diff --quiet "$BASE_REF" HEAD -- Docker-Images/Desktop-KDE; then
+            echo "run_build=false" >> "$GITHUB_OUTPUT"
+            echo "No changes in Docker-Images/Desktop-KDE, skipping build."
+          else
+            echo "run_build=true" >> "$GITHUB_OUTPUT"
+            echo "Changes detected in Docker-Images/Desktop-KDE, building image."
+          fi
+
+      - name: Log in to GHCR
+        if: steps.changes.outputs.run_build == 'true'
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata
+        if: steps.changes.outputs.run_build == 'true'
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository_owner }}/coder-mks-desktop-kde
+          tags: |
+            type=raw,value=latest
+            type=sha
+
+      - name: Set up Docker Buildx
+        if: steps.changes.outputs.run_build == 'true'
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push
+        if: steps.changes.outputs.run_build == 'true'
+        uses: docker/build-push-action@v5
+        with:
+          context: Docker-Images/Desktop-KDE
+          push: true
+          platforms: linux/amd64
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha,scope=coder-mks-desktop-kde
+          cache-to: type=gha,mode=max,scope=coder-mks-desktop-kde
+          build-args: |
+            BUILDKIT_STEP_TIMEOUT=1800
+          sbom: false
+
+  build:
+    needs: [build-desktop, build-desktop-kde]
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - image_name: coder-mks-developer
+            context: Docker-Images/Developer
+            base_dep: desktop
+          - image_name: coder-mks-design
+            context: Docker-Images/Designer
+            base_dep: desktop-kde
+          - image_name: coder-mks-developer-android
+            context: Docker-Images/DeveloperAndroid
+            base_dep: desktop-kde
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Detect changes for image
+        id: changes
+        run: |
+          if [ "${GITHUB_EVENT_NAME:-}" = "schedule" ]; then
+            echo "run_build=true" >> "$GITHUB_OUTPUT"
+            echo "Scheduled run: forcing build for ${{ matrix.image_name }}."
+            exit 0
+          fi
+          # If a base image rebuilt, force dependent images to rebuild
+          if [ "${{ matrix.base_dep }}" = "desktop" ] && [ "${{ needs.build-desktop.outputs.run_build }}" = "true" ]; then
+            echo "run_build=true" >> "$GITHUB_OUTPUT"
+            echo "Desktop rebuilt; forcing build for ${{ matrix.image_name }}."
+            exit 0
+          fi
+          if [ "${{ matrix.base_dep }}" = "desktop-kde" ] && [ "${{ needs.build-desktop-kde.outputs.run_build }}" = "true" ]; then
+            echo "run_build=true" >> "$GITHUB_OUTPUT"
+            echo "Desktop-KDE rebuilt; forcing build for ${{ matrix.image_name }}."
+            exit 0
+          fi
+
+          BASE_REF="${{ github.event.before }}"
+          if [ -z "$BASE_REF" ] || ! git cat-file -e "$BASE_REF^{commit}" 2>/dev/null; then
+            BASE_REF="HEAD^"
+          fi
+
+          if git diff --quiet "$BASE_REF" HEAD -- "${{ matrix.context }}"; then
+            echo "run_build=false" >> "$GITHUB_OUTPUT"
+            echo "No changes in ${{ matrix.context }}, skipping build."
+          else
+            echo "run_build=true" >> "$GITHUB_OUTPUT"
+            echo "Changes detected in ${{ matrix.context }}, building image."
+          fi
+
+      - name: Log in to GHCR
+        uses: docker/login-action@v3
+        if: steps.changes.outputs.run_build == 'true'
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        if: steps.changes.outputs.run_build == 'true'
+        with:
+          images: ghcr.io/${{ github.repository_owner }}/${{ matrix.image_name }}
+          tags: |
+            type=raw,value=latest
+            type=sha
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        if: steps.changes.outputs.run_build == 'true'
+
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        if: steps.changes.outputs.run_build == 'true'
+        with:
+          context: ${{ matrix.context }}
+          push: true
+          platforms: linux/amd64
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha,scope=${{ matrix.image_name }}
+          cache-to: type=gha,mode=max,scope=${{ matrix.image_name }}
+          build-args: |
+            BUILDKIT_STEP_TIMEOUT=1800
+          sbom: false

.gitignore

@@ -0,0 +1,35 @@
+# Terraform state/lock files for templates
+.terraform/
+.terraform.lock.hcl
+terraform.tfstate
+terraform.tfstate.backup
+*.tfstate
+*.tfstate.backup
+terraform.tfvars
+
+# Editor/OS
+.DS_Store
+Thumbs.db
+.idea/
+.vscode/
+
+# Node/npm logs
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+# Python
+__pycache__/
+*.pyc
+*.pyo
+*.pyd
+.pytest_cache/
+
+# Logs / temp
+*.log
+*.tmp
+tmp/
+
+# Local agent notes
+AGENTS.private.md
+.claude/

.icons/designer.svg

@@ -0,0 +1,33 @@
+# Guía rápida para agentes
+
+Lee esto antes de tocar plantillas o imágenes. Para notas privadas, usa `AGENTS.private.md` (no versionado).
+
+## Docs clave
+- Visión general del repo: `README.md`
+- Resumen de templates y flujos de creación: `workspaces/README.md`
+- Detalle de cada template: `workspaces/*/README.md`
+- Notas específicas para Claude: `CLAUDE.md`
+- Ejemplo de Watchtower: `watchtower/README.md`
+
+## Imágenes base
+- `ghcr.io/makespacemadrid/coder-mks-developer:latest` (Docker-Images/Developer/Dockerfile): escritorio XFCE/KasmVNC, Docker Engine, Node.js 20, CLIs de IA (Codex, Claude, Gemini), VS Code, GitHub Desktop, Claude Desktop, AppImage Pool, audio (PulseAudio/ALSA), Geany y tooling dev (Docker, gh, etc.).
+- `ghcr.io/makespacemadrid/coder-mks-design:latest` (Docker-Images/Designer/Dockerfile): stack de diseño 2D/3D y electrónica (Inkscape, GIMP, Krita, Blender, FreeCAD, OpenSCAD, PrusaSlicer, OrcaSlicer, MeshLab, LibreCAD, KiCad, Fritzing, SimulIDE, LaserGRBL via Wine) + AppImage Pool y Geany.
+
+## Templates Coder
+- `Developer` (DinD): workspace general con Docker-in-Docker y GPUs opcionales; volúmenes persistentes `/home/coder` y `/var/lib/docker`; red bridge. Escritorio XFCE/KasmVNC.
+- `AdvancedHostDANGER`: **DANGER** acceso directo a Docker y red del host. Usa `Developer` si no necesitas tocar el host. Escritorio XFCE/KasmVNC.
+- `DeveloperAndroid`: escritorio KDE/KasmVNC con toolchain Android (SDK/CLI), Node 20 y VS Code base.
+- `Maker`: escritorio KDE/KasmVNC con herramientas de diseño/CAD/EDA; GPUs opcionales; home persistente; módulos Filebrowser/OpenCode. RDP aplica solo a workspaces Windows según [la guía de Coder](https://coder.com/docs/user-guides/workspace-access/remote-desktops).
+- `Minimal`: sin escritorio; code-server + Docker-in-Docker ligeros.
+
+## Publicar cambios
+1) Merge a `main`.
+2) GitHub Actions ( `.github/workflows/build.yml` ) construye y publica imágenes en GHCR con tags `latest` y `sha`.
+3) Ejecuta `coder templates push` tras el merge para actualizar los templates en Coder (afecta solo a nuevos workspaces).
+
+## Operativa y mantenimiento
+- Todos los contenedores llevan labels `com.centurylinklabs.watchtower.*` para actualizaciones automáticas si lanzas Watchtower con `--label-enable` y `--scope coder-workspaces`.
+- Hay un `docker-compose` de ejemplo en `watchtower/docker-compose.yml` (cron de 6h y servicio de muestra).
+
+## Instrucciones sensibles
+- No añadas endpoints ni credenciales aquí. Documenta accesos locales o pasos específicos del host en `AGENTS.private.md` (está en `.gitignore`) y mantenlo actualizado.