summaryrefslogtreecommitdiffstats
path: root/modules/x0vncserver.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/x0vncserver.nix')
-rw-r--r--modules/x0vncserver.nix44
1 files changed, 44 insertions, 0 deletions
diff --git a/modules/x0vncserver.nix b/modules/x0vncserver.nix
new file mode 100644
index 0000000..d24c2d0
--- /dev/null
+++ b/modules/x0vncserver.nix
@@ -0,0 +1,44 @@
+{ config, lib, mylib, pkgs, ... }: let
+ cfg = config.tv.x0vncserver;
+in {
+ options.tv.x0vncserver = {
+ display = lib.mkOption {
+ default = ":${toString config.services.xserver.display}";
+ type = lib.types.str;
+ };
+ enable = lib.mkEnableOption "tv.x0vncserver";
+ pwfile = lib.mkOption {
+ default = "${config.krebs.secret.directory}/vncpasswd";
+ description = ''
+ Use vncpasswd to edit pwfile.
+ See: nix-shell -p tigervnc --run 'man vncpasswd'
+ '';
+ type = mylib.types.absolute-pathname;
+ };
+ rfbport = lib.mkOption {
+ default = 5900;
+ type = lib.types.int;
+ };
+ user = lib.mkOption {
+ default = config.krebs.build.user;
+ type = mylib.types.user;
+ };
+ };
+ config = lib.mkIf cfg.enable {
+ krebs.systemd.services.x0vncserver.restartIfCredentialsChange = true;
+ systemd.services.x0vncserver = {
+ after = [ "graphical.target" ];
+ requires = [ "graphical.target" ];
+ serviceConfig = {
+ ExecStart = "${pkgs.tigervnc}/bin/x0vncserver ${toString [
+ "-display ${cfg.display}"
+ "-passwordfile \${CREDENTIALS_DIRECTORY}/pwfile"
+ "-rfbport ${toString cfg.rfbport}"
+ ]}";
+ LoadCredential = "ssh_key:${cfg.pwfile}";
+ User = cfg.user.name;
+ };
+ };
+ tv.iptables.input-retiolum-accept-tcp = [ (toString cfg.rfbport) ];
+ };
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-29 12:37:28 +0000