diff options
author | tv <tv@krebsco.de> | 2021-12-25 11:41:06 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2021-12-25 16:43:51 +0100 |
commit | 8ee6e71092d3da2da372f0827b0a7fe27e6797cd (patch) | |
tree | b5e8bcef677b29fb241d050ed2c767a9dfc9c038 /tv | |
parent | 969bd9767ea91aa9f2487285bed8f5f1fdd50aa3 (diff) |
tv x0vncserver: use LoadCredential
Diffstat (limited to 'tv')
-rw-r--r-- | tv/3modules/x0vncserver.nix | 28 |
1 files changed, 7 insertions, 21 deletions
diff --git a/tv/3modules/x0vncserver.nix b/tv/3modules/x0vncserver.nix index ba79c4a49..4dbb34df0 100644 --- a/tv/3modules/x0vncserver.nix +++ b/tv/3modules/x0vncserver.nix @@ -11,17 +11,12 @@ in { }; enable = mkEnableOption "tv.x0vncserver"; pwfile = mkOption { - default = { - name = "x0vncserver-pwfile"; - owner = cfg.user; - path = "${cfg.user.home}/.vncpasswd"; - source-path = toString <secrets> + "/vncpasswd"; - }; + default = toString <secrets> + "/vncpasswd"; description = '' Use vncpasswd to edit pwfile. See: nix-shell -p tigervnc --run 'man vncpasswd' ''; - type = types.secret-file; + type = types.absolute-pathname; }; rfbport = mkOption { default = 5900; @@ -33,26 +28,17 @@ in { }; }; config = mkIf cfg.enable { - krebs.secret.files = { - x0vncserver-pwfile = cfg.pwfile; - }; + krebs.systemd.services.x0vncserver = {}; systemd.services.x0vncserver = { - after = [ - config.krebs.secret.files.x0vncserver-pwfile.service - "graphical.target" - ]; - partOf = [ - config.krebs.secret.files.x0vncserver-pwfile.service - ]; - requires = [ - "graphical.target" - ]; + after = [ "graphical.target" ]; + requires = [ "graphical.target" ]; serviceConfig = { ExecStart = "${pkgs.tigervnc}/bin/x0vncserver ${toString [ "-display ${cfg.display}" - "-passwordfile ${cfg.pwfile.path}" + "-passwordfile \${CREDENTIALS_DIRECTORY}/pwfile" "-rfbport ${toString cfg.rfbport}" ]}"; + LoadCredential = "ssh_key:${cfg.pwfile}"; User = cfg.user.name; }; }; |