-
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathconfig.toml.example
More file actions
221 lines (172 loc) · 6.83 KB
/
config.toml.example
File metadata and controls
221 lines (172 loc) · 6.83 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
# lamco-rdp-server Configuration
# Complete configuration reference with all available options
# Copy this to config.toml and customize as needed
[server]
# Address to listen on for RDP connections
# 0.0.0.0 = all interfaces, 127.0.0.1 = localhost only
listen_addr = "0.0.0.0:3389"
# Maximum concurrent connections
max_connections = 5
# Session timeout in seconds (0 = no timeout)
session_timeout = 0
# Use XDG Desktop Portals (required for Wayland)
use_portals = true
[security]
# TLS certificate paths (REQUIRED)
#
# Quick Start - Generate self-signed certificate:
# ./scripts/generate-certs.sh /etc/lamco-rdp-server $(hostname)
#
# Or manually:
# openssl req -x509 -newkey rsa:4096 -nodes \
# -keyout /etc/lamco-rdp-server/key.pem -out /etc/lamco-rdp-server/cert.pem \
# -days 365 -subj "/CN=$(hostname)" \
# -addext "subjectAltName=DNS:$(hostname),DNS:localhost,IP:127.0.0.1"
#
# Production - Use Let's Encrypt:
# sudo certbot certonly --standalone -d rdp.yourdomain.com
# cert_path = "/etc/letsencrypt/live/rdp.yourdomain.com/fullchain.pem"
# key_path = "/etc/letsencrypt/live/rdp.yourdomain.com/privkey.pem"
#
cert_path = "/etc/lamco-rdp-server/cert.pem"
key_path = "/etc/lamco-rdp-server/key.pem"
# Enable Network Level Authentication (client auth before session)
enable_nla = true
# Authentication method: "pam" (Linux users) or "none"
# Note: "pam" requires --features pam-auth at build time (not available in Flatpak)
auth_method = "pam"
# Require TLS 1.3 or higher (recommended for security)
require_tls_13 = true
[video]
# Maximum frames per second (30 or 60)
max_fps = 30
# Enable damage tracking for efficiency
# (only send changed regions, not full frames)
enable_damage_tracking = true
# Preferred pixel format (auto-detected if not specified)
# Options: "BGRx", "BGRA", "RGBx", "RGBA"
# preferred_format = "BGRx"
[input]
# Keyboard layout (auto-detected if not specified)
# Options: "us", "uk", "de", "fr", etc.
# keyboard_layout = "us"
# Input injection method
# Options: "portal" (recommended), "evdev" (direct - requires permissions)
input_method = "portal"
[clipboard]
# Enable clipboard synchronization
enabled = true
# Maximum clipboard data size (bytes)
max_size = 16777216 # 16MB
# Rate limiting: minimum milliseconds between clipboard events
# Prevents rapid clipboard changes from overwhelming Portal
# 200ms = max 5 events/second. Set to 0 to disable.
rate_limit_ms = 200
# Allowed MIME types (empty = all types allowed)
# Example: ["text/plain", "image/png"] to restrict types
allowed_types = []
# Note: These legacy options may be deprecated:
# enable_images = true
# enable_files = true
# enable_html = true
# enable_rtf = true
[logging]
# Log level: "error", "warn", "info", "debug", "trace"
# Can also use RUST_LOG environment variable
# level = "info"
# Log format: "pretty", "compact", "json"
# format = "pretty"
# Log to file (optional)
# log_file = "/var/log/wrd-server/wrd-server.log"
[performance]
# Number of encoder threads (0 = auto-detect from CPU cores)
encoder_threads = 0
# Number of network threads (0 = auto-detect)
network_threads = 0
# Frame buffer pool size
buffer_pool_size = 16
# Enable zero-copy DMA-BUF operations when available
zero_copy = true
# Adaptive FPS - Dynamically adjust frame rate based on screen activity
[performance.adaptive_fps]
enabled = true
min_fps = 5 # Static content
max_fps = 30 # High activity (set to 60 for gaming/CAD with hardware encoding)
high_activity_threshold = 0.30 # >30% screen changed
medium_activity_threshold = 0.10 # 10-30% changed
low_activity_threshold = 0.01 # 1-10% changed
# Latency Governor - Optimize latency vs quality tradeoff
[performance.latency]
mode = "balanced" # Options: "interactive" (<50ms), "balanced" (<100ms), "quality" (<300ms)
interactive_max_delay_ms = 16
balanced_max_delay_ms = 33
quality_max_delay_ms = 100
[egfx]
# Enable EGFX graphics pipeline (H.264/AVC encoding)
enabled = true
# H.264 bitrate in kbps
h264_bitrate = 5000
# Video codec preference: "auto", "avc420", "avc444"
# - avc444: Superior text/UI quality (4:4:4 chroma)
# - avc420: Standard quality, lower bandwidth (4:2:0 chroma)
# - auto: Use best available based on client capabilities
codec = "auto"
# Periodic IDR keyframe interval in seconds (0 = disabled)
# Forces a full IDR keyframe at regular intervals to clear artifacts.
# Recommended: 5-10 seconds for VDI, 2-3 for unreliable networks.
periodic_idr_interval = 5
[damage_tracking]
# Enable damage region detection (only encode changed areas)
enabled = true
# Detection method: "diff" (CPU-based pixel comparison)
method = "diff"
# Tile size for damage detection (pixels)
# Smaller = more sensitive but more CPU. FreeRDP uses 16x16 tiles.
# With 16x16: 1% threshold = 2-3 pixels to trigger update (catches typing)
tile_size = 16
# Fraction of tile pixels that must differ (0.0-1.0)
# Lower = more sensitive. 1% of 16x16 = 2-3 pixels minimum change
diff_threshold = 0.01
# Pixel value difference threshold (0-255)
# Lower = catches subtle antialiased text edges
pixel_threshold = 1
# Merge nearby damage regions within this distance (pixels)
merge_distance = 16
# Minimum damaged area to trigger update (pixels)
# 32 pixels filters sub-pixel noise while keeping small text updates
min_region_area = 32
# ==============================================================================
# HARDWARE ENCODING - GPU-accelerated video encoding (Optional)
# ==============================================================================
[hardware_encoding]
# Enable hardware encoding (requires --features vaapi or --features nvenc at build)
enabled = false
# VA-API device path (Intel/AMD GPUs)
vaapi_device = "/dev/dri/renderD128"
# Enable zero-copy DMA-BUF path (VA-API only)
enable_dmabuf_zerocopy = true
# Fallback to software encoding if hardware fails
fallback_to_software = true
# Quality preset: "speed" (low latency), "balanced", "quality" (best quality)
quality_preset = "balanced"
# Prefer NVENC over VA-API when both available (NVENC has lower latency)
prefer_nvenc = true
# ==============================================================================
# MULTI-MONITOR - Multiple display support
# ==============================================================================
[multimon]
# Enable multi-monitor support
enabled = true
# Maximum number of monitors
max_monitors = 4
# ==============================================================================
# CURSOR - Advanced cursor handling (Premium feature - Optional)
# ==============================================================================
[cursor]
# Cursor mode: "metadata" (client-side, lowest latency), "painted" (composited), "hidden", "predictive" (latency compensation)
mode = "metadata"
# Auto-switch to predictive mode when latency exceeds threshold
auto_mode = true
predictive_latency_threshold_ms = 100
# Cursor update rate (FPS) for separate cursor stream
cursor_update_fps = 60