feat: v1.0.2

global: - move instance limit to daemon Web: - fix auth error page css
and reset password form not loading admin: - add config file edit/save -
make ban and delete safe functions - cpu and mem for sessions - refresh
button - fix layout and other bug fixes Daemon: - fix responses - fix
cpu and mem stats - add workspace stats endpoint - remove unused config
options - move dns servers config to .session - add memory limit

Workspaces: - Fix debian wallpaper not always applying

Author: incognitotgt

apps/daemon/README.md

@@ -1,7 +1,7 @@
 {
 	"name": "daemon",
 	"type": "module",
-	"version": "1.0.1",
+	"version": "1.0.2",
 	"scripts": {
 		"start": "./stardustd",
 		"build:debug": "bun build src/server.ts --compile --sourcemap --outfile stardustd",

apps/daemon/package.json

@@ -5,13 +5,6 @@
     "Config": {
       "additionalProperties": false,
       "properties": {
-        "dnsServers": {
-          "description": "DNS servers for the session to use.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
         "docker": {
           "$ref": "#/definitions/DockerConfig"
         },
@@ -96,22 +89,28 @@
     "SessionConfig": {
       "additionalProperties": false,
       "properties": {
-        "bitDepth": {
-          "default": 24,
-          "description": "Bit depth for the display",
-          "type": "number"
-        },
         "blockedProcessNames": {
-          "description": "List of processes to block on containers. Useful if you want to stop the use of crypto miners or other resource hungry processes.",
+          "description": "List of processes to block on containers. Useful if you want to stop the use of crypto miners or other resource hungry processes. Will also kill processes on the host. Will be overhauled later",
           "items": {
             "type": "string"
           },
           "type": "array"
         },
-        "resolution": {
-          "default": "1920x1080",
-          "description": "Resolution for the display",
-          "type": "string"
+        "dnsServers": {
+          "description": "DNS servers for the session to use.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "limit": {
+          "description": "Max number of sessions allowed on this instance",
+          "type": "number"
+        },
+        "memoryLimit": {
+          "default": "undefined",
+          "description": "Maximum memory a container can use, in megabytes",
+          "type": "number"
         },
         "showVncPassword": {
           "description": "Doesn't unset $VNCPASSWORD in containers",

apps/daemon/schema.json

@@ -4,18 +4,19 @@ import scalarCss from "@stardust/theme/scalar-css";
 import { Elysia } from "elysia";
 import pkgJson from "~/../package.json";
 import { authCheck } from "~/auth-middleware";
+import generateToken from "~/lib/auth-token";
 import { getConfig } from "~/lib/config";
+import { getCpuUsage } from "~/lib/cpu";
 import { docker } from "~/lib/docker";
 import sessionHandler from "~/session";
 import workspaceHandler from "~/workspace";
-import generateToken from "./lib/auth-token";
 
 const config = getConfig();
 export const app = new Elysia()
 	.get("/", async (c) => {
 		return {
 			message:
-				"✨ Stardust daemon by aetherra. \nSource tree: https://github.com/aetherra/stardust/tree/rewrite/apps/daemon",
+				"✨ Stardust daemon by aetherra. Source tree: https://github.com/aetherra/stardust/tree/rewrite/apps/daemon",
 			success: true,
 			authenticated: (await authCheck(c))?.success !== false,
 		};
@@ -30,11 +31,12 @@ export const app = new Elysia()
 	})
 	.get("/healthcheck", async () => ({
 		success: true,
-		cpu: ((os.loadavg()[0] / os.cpus().length) * 100).toFixed(2),
+		cpu: getCpuUsage().toFixed(2),
 		mem: (((os.totalmem() - os.freemem()) / os.totalmem()) * 100).toFixed(2),
 		os: `${os.type()} ${os.release()}`,
 		version: pkgJson.version,
 		sessions: (await docker.listContainers()).filter((s) => s.HostConfig.NetworkMode === config.docker.network).length,
+		limit: config.session.limit,
 	}))
 	.use(sessionHandler)
 	.use(workspaceHandler)

apps/daemon/src/index.ts

@@ -19,10 +19,6 @@ export interface Config {
 	 * Do not change unless you know what you're doing.
 	 */
 	token?: string;
-	/**
-	 * DNS servers for the session to use.
-	 */
-	dnsServers?: string[];
 	docker: DockerConfig;
 	session: SessionConfig;
 }
@@ -70,6 +66,10 @@ export interface DockerConfig {
 }
 
 export interface SessionConfig {
+	/**
+	 * Max number of sessions allowed on this instance
+	 */
+	limit?: number;
 	/**
 	 * Default VNC password to use. Defaults to randomly generated.
 	 */
@@ -79,20 +79,19 @@ export interface SessionConfig {
 	 */
 	showVncPassword?: boolean;
 	/**
-	 * Resolution for the display
-	 * @default 1920x1080
+	 * Maximum memory a container can use, in megabytes
+	 * @default undefined
 	 */
-	resolution?: string;
-	/**
-	 * Bit depth for the display
-	 * @default 24
-	 */
-	bitDepth?: number;
+	memoryLimit?: number;
 	/**
 	 * Storage limit for containers in GB (in format nG, for example 25G)
 	 * Only works if /var/lib/docker is XFS formatted with pquota enabled
 	 */
 	storageLimit?: string;
+	/**
+	 * DNS servers for the session to use.
+	 */
+	dnsServers?: string[];
 	/**
 	 * List of processes to block on containers.
 	 * Useful if you want to stop the use of crypto miners or other resource hungry processes.

apps/daemon/src/lib/config/types.d.ts

@@ -0,0 +1,40 @@
+import os from "node:os";
+
+let latestCpuPercent = 0;
+
+function cpuAverage() {
+	const cpus = os.cpus();
+	let totalIdle = 0,
+		totalTick = 0;
+
+	for (const cpu of cpus) {
+		for (const type in cpu.times) {
+			totalTick += cpu.times[type as keyof typeof cpu.times];
+		}
+		totalIdle += cpu.times.idle;
+	}
+
+	return {
+		idle: totalIdle / cpus.length,
+		total: totalTick / cpus.length,
+	};
+}
+
+async function updateCpuUsage() {
+	const start = cpuAverage();
+	await Bun.sleep(100);
+	const end = cpuAverage();
+
+	const idleDiff = end.idle - start.idle;
+	const totalDiff = end.total - start.total;
+	latestCpuPercent = 100 - (100 * idleDiff) / totalDiff;
+}
+
+export function startCpuMonitoring(intervalMs = 1000) {
+	setInterval(updateCpuUsage, intervalMs);
+	updateCpuUsage();
+}
+
+export function getCpuUsage() {
+	return latestCpuPercent;
+}

apps/daemon/src/lib/cpu.ts

@@ -14,6 +14,7 @@ if (!validateConfig(getConfig())) {
 import { connect, type Socket } from "node:net";
 import generateToken from "~/lib/auth-token";
 import { scheduleKillBlockedProcesses } from "~/lib/block-process";
+import { startCpuMonitoring } from "~/lib/cpu";
 import { docker } from "~/lib/docker";
 import checkDockerNetwork from "~/lib/network-check";
 import checkSystemService from "~/lib/service-check";
@@ -25,6 +26,7 @@ if (typeof config.service !== "boolean" || config.service === true) {
 	checkSystemService();
 }
 scheduleKillBlockedProcesses();
+startCpuMonitoring();
 
 // biome-ignore lint: no
 const srv = Bun.serve<{ socket: Socket; path: string }, {}>({

apps/daemon/src/server.ts

@@ -1,12 +1,11 @@
 import { docker } from "~/lib/docker";
-import { vncBaseFlags } from "./create";
 // todo
 export default async function addScreen(id: string) {
 	const container = docker.getContainer(id);
 	console.log(`hi${id}`);
 	await container.restart(id);
 	const exec = await container.exec({
-		Cmd: ["export", "VNCFLAGS=", "'", vncBaseFlags, " -screen 1 1920x950x24", "'"],
+		Cmd: ["export", "VNCFLAGS=", "'", " -screen 1 1920x950x24", "'"],
 	});
 	await exec.start({});
 	return true;

apps/daemon/src/session/add-screen.ts

@@ -2,25 +2,19 @@ import { randomBytes } from "node:crypto";
 import { getConfig } from "~/lib/config";
 import { docker } from "~/lib/docker";
 
-const config = getConfig();
-export const vncBaseFlags = `-screen 0 ${config.session.resolution || "1920x950"}x${config.session.bitDepth?.toString() || "24"}`;
-
 export default async function createSession({
 	workspace,
 	user,
 	password,
 	environment = {},
 	exposePorts,
-	memory,
 	nodeId,
-	vncFlags,
 }: {
 	workspace: string;
 	user: string;
 	password?: string;
 	environment?: Record<string, string>;
 	exposePorts?: string[];
-	memory?: number;
 	nodeId: string;
 	vncFlags?: string;
 }) {
@@ -35,8 +29,8 @@ export default async function createSession({
 		HostConfig: {
 			ShmSize: 1024,
 			NetworkMode: config.docker.network,
-			Dns: config.dnsServers,
-			Memory: memory,
+			Dns: config.session.dnsServers,
+			Memory: config.session.memoryLimit ? config.session.memoryLimit * 1024 * 1024 : undefined,
 			StorageOpt: config.session.storageLimit
 				? {
 						size: config.session.storageLimit,
@@ -47,7 +41,6 @@ export default async function createSession({
 			`STARDUST_USER=${user}`,
 			`VNCPASSWORD=${pass}`,
 			`WIPEVNCENV=${config.session.showVncPassword ? "false" : "true"}`,
-			`VNCFLAGS=${vncBaseFlags + vncFlags}`,
 			...envArray,
 		],
 		ExposedPorts: exposePorts ? Object.fromEntries(exposePorts.map((e) => [e, {}])) : undefined, // world class types by docker

apps/daemon/src/session/create.ts

@@ -11,6 +11,13 @@ export default new Elysia({ prefix: "/sessions" })
 	.put(
 		"/create",
 		async ({ body }) => {
+			const config = getConfig();
+			const containers = (await docker.listContainers()).filter(
+				(s) => s.HostConfig.NetworkMode === config.docker.network,
+			);
+			if (config.session.limit && config.session.limit <= containers.length) {
+				throw new Error("Session limit reached");
+			}
 			const session = await createSession(body);
 			return {
 				success: true,
@@ -28,7 +35,6 @@ export default new Elysia({ prefix: "/sessions" })
 				exposePorts: t.Optional(t.Array(t.String())),
 				memory: t.Optional(t.Number()),
 				nodeId: t.String(),
-				vncFlags: t.Optional(t.String()),
 			}),
 		},
 	)
@@ -43,14 +49,31 @@ export default new Elysia({ prefix: "/sessions" })
 		};
 	})
 	.get("/:id", async ({ params: { id } }) => {
-		const container = await docker.getContainer(id).inspect();
-		if (!container) {
+		const info = docker.getContainer(id);
+		const container = await info.inspect();
+		const stats = await info.stats({ stream: false });
+		if (!stats || !container) {
 			throw new Error(`No such container with id ${id}`);
 		}
+		const memUsage = stats.memory_stats.usage;
+		const memLimit = stats.memory_stats.limit;
+		const memPercent = memUsage / memLimit;
+		const cpuDelta = stats.cpu_stats.cpu_usage.total_usage - stats.precpu_stats.cpu_usage.total_usage;
+
+		const systemDelta = stats.cpu_stats.system_cpu_usage - stats.precpu_stats.system_cpu_usage;
+		let cpuPercent = 0;
+		if (systemDelta > 0 && cpuDelta > 0) {
+			const numCpus = stats.cpu_stats.online_cpus || stats.cpu_stats.cpu_usage.percpu_usage.length;
+			cpuPercent = (cpuDelta / systemDelta) * numCpus * 100;
+		}
 		// world class code
 		const password = container.Config.Env.find((e) => e.startsWith("VNCPASSWORD="))?.split("=")[1];
 		return {
 			password,
+			cpuPercent,
+			memPercent,
+			memUsage,
+			memLimit,
 			success: true,
 			...container,
 		};