summaryrefslogtreecommitdiffstats
path: root/makefu
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2017-05-12 11:35:35 +0200
committermakefu <github@syntax-fehler.de>2017-05-12 11:35:35 +0200
commit4c2408763eec98ec9cecf340dccfffa34a0c3cb0 (patch)
tree995be05e5b059970082095079c16af3a073d882d /makefu
parent1f9ddd9c6f8cdd9ce1b5a6bb9dc65475e2a90e62 (diff)
m: init and use 'makefu.gui.user'
Diffstat (limited to 'makefu')
-rw-r--r--makefu/2configs/vncserver.nix70
-rw-r--r--makefu/3modules/server-config.nix5
-rw-r--r--makefu/5pkgs/novnc/default.nix41
3 files changed, 97 insertions, 19 deletions
diff --git a/makefu/2configs/vncserver.nix b/makefu/2configs/vncserver.nix
index 2e8e50feb..c56b3e294 100644
--- a/makefu/2configs/vncserver.nix
+++ b/makefu/2configs/vncserver.nix
@@ -5,26 +5,58 @@ let
pwtmp = "/tmp/vnc-password";
# nixos-unstable tigervnc is currently broken :\
package = (import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-17.03.tar.gz) {}).pkgs.tigervnc;
- User = "makefu";
- port = 5900;
+ user = config.makefu.gui.user;
+ vnc_port = 5900;
+ web_port = 6080;
in {
- networking.firewall.allowedTCPPorts = [ port ];
- networking.firewall.allowedUDPPorts = [ port ];
+ networking.firewall.allowedTCPPorts = [ 80 vnc_port web_port ];
+ systemd.services = {
+ terminal-server = {
+ description = "VNC Terminal Server";
+ after = [ "display-manager.service" "graphical.target" ];
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ User = user;
+ Restart = "always";
+ ExecStartPre = pkgs.writeDash "terminal-pre" ''
+ sleep 5
+ install -m0700 -o ${user} ${pwfile} ${pwtmp}
+ '';
+ ExecStart = "${package}/bin/x0vncserver -display :0 -rfbport ${toString vnc_port} -passwordfile ${pwtmp}";
+ PermissionsStartOnly = true;
+ PrivateTmp = true;
+ };
+ };
+ terminal-web = {
+ description = "noVNC Web Server";
+ after = [ "terminal-server.service" "graphical.target" "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ User = "nobody";
+ ExecStart = "${pkgs.novnc}/bin/launch-novnc.sh --listen ${toString web_port} --vnc localhost:${toString vnc_port}";
+ PrivateTmp = true;
+ };
+ };
+ };
+ services.nginx.enable = true;
+ services.nginx.virtualHosts._.locations = {
+ "/" = {
+ root = "${pkgs.novnc}";
+ index = "vnc_auto.html";
+ };
+ "/websockify" = {
+ proxyPass = "http://127.0.0.1:6080/";
+ extraConfig = ''
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
- systemd.services."terminal-server" = {
- description = "Terminal Server";
- after = [ "display-manager.service" ];
- wantedBy = [ "graphical.target" ];
- serviceConfig = {
- inherit User;
- ExecStartPre = pkgs.writeDash "terminal-pre" ''
-
- set -eufx
- install -m0700 -o ${User} ${pwfile} ${pwtmp}
+ # VNC connection timeout
+ proxy_read_timeout 61s;
+
+ # Disable cache
+ proxy_buffering off;
'';
- ExecStart = "${package}/bin/x0vncserver -display :0 -rfbport ${toString port} -passwordfile ${pwtmp}";
- PermissionsStartOnly = true;
- PrivateTmp = true;
- };
- };
+ };
+ };
}
diff --git a/makefu/3modules/server-config.nix b/makefu/3modules/server-config.nix
index dbd29d748..846642580 100644
--- a/makefu/3modules/server-config.nix
+++ b/makefu/3modules/server-config.nix
@@ -6,5 +6,10 @@ with import <stockholm/lib>;
type = types.str;
description = "Primary interface of the server";
};
+ options.makefu.gui.user = lib.mkOption {
+ type = types.str;
+ description = "GUI user";
+ default = config.krebs.build.user.name;
+ };
}
diff --git a/makefu/5pkgs/novnc/default.nix b/makefu/5pkgs/novnc/default.nix
new file mode 100644
index 000000000..b1d62248d
--- /dev/null
+++ b/makefu/5pkgs/novnc/default.nix
@@ -0,0 +1,41 @@
+{ stdenv, fetchurl, pkgs }:
+# source: https://github.com/hyphon81/Nixtack/blob/master/noVNC/noVNC.nix
+let
+in
+
+stdenv.mkDerivation rec {
+ name = "novnc-${version}";
+ version = "0.6.2";
+
+ src = fetchurl {
+ url = "https://github.com/novnc/noVNC/archive/v${version}.tar.gz";
+ sha256 = "16ygbdzdmnfg9a26d9il4a6fr16qmq0ix9imfbpzl0drfbj7z8kh";
+ };
+ p = stdenv.lib.makeBinPath [ pkgs.nettools pkgs.python27Packages.websockify
+ pkgs.coreutils pkgs.which pkgs.procps ];
+ # TODO: propagatedBuildInputs does not seem to work with shell scripts
+ patchPhase = ''
+ sed -i '1aset -efu\nexport PATH=${p}\n' utils/launch.sh
+ '';
+ installPhase = ''
+ mkdir -p $out/bin
+ cp utils/launch.sh $out/bin/launch-novnc.sh
+ chmod +x $out/bin/launch-novnc.sh
+ mkdir -p $out/images
+ cp -r images/* $out/images/
+ mkdir -p $out/include
+ cp -r include/* $out/include/
+ cp favicon.ico $out
+ cp vnc.html $out
+ cp vnc_auto.html $out
+ '';
+
+ meta = with stdenv.lib; {
+ homepage = http://novnc.com/info.html;
+ repositories.git = git://github.com/novnc/noVNC.git;
+ description = ''
+ A HTML5 VNC Client
+ '';
+ license = licenses.mpl20;
+ };
+}