#!/bin/bash set -e mkdir -p /root/.vnc /root/.ssh chmod 700 /root/.ssh # Clean up stale X lock files from previous container runs rm -f /tmp/.X1-lock /tmp/.X11-unix/X1 # Set VNC password from environment echo "${VNC_PASSWORD:?VNC_PASSWORD must be set}" | vncpasswd -f > /root/.vnc/passwd chmod 600 /root/.vnc/passwd # Start Xvnc (headless X server + VNC server in one) Xvnc :1 \ -rfbport 5901 \ -SecurityTypes VncAuth \ -PasswordFile /root/.vnc/passwd \ -geometry 1280x800 \ -depth 24 \ -AlwaysShared \ & export DISPLAY=:1 sleep 2 # Start KDE Plasma session dbus-run-session -- startplasma-x11 & # Serve noVNC web UI + bridge WebSocket -> VNC exec websockify --web /usr/share/novnc 6080 localhost:5901