diff options
Diffstat (limited to 'makefu/2configs/vncserver.nix')
| -rw-r--r-- | makefu/2configs/vncserver.nix | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/makefu/2configs/vncserver.nix b/makefu/2configs/vncserver.nix new file mode 100644 index 000000000..c56b3e294 --- /dev/null +++ b/makefu/2configs/vncserver.nix @@ -0,0 +1,62 @@ +{config,lib,pkgs, ...}: +with lib; +let + pwfile = (toString <secrets>)+ "/vnc-password"; # create with `vncpasswd` + pwtmp = "/tmp/vnc-password"; + # nixos-unstable tigervnc is currently broken :\ + package = (import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-17.03.tar.gz) {}).pkgs.tigervnc; + user = config.makefu.gui.user; + vnc_port = 5900; + web_port = 6080; +in { + networking.firewall.allowedTCPPorts = [ 80 vnc_port web_port ]; + systemd.services = { + terminal-server = { + description = "VNC Terminal Server"; + after = [ "display-manager.service" "graphical.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = user; + Restart = "always"; + ExecStartPre = pkgs.writeDash "terminal-pre" '' + sleep 5 + install -m0700 -o ${user} ${pwfile} ${pwtmp} + ''; + ExecStart = "${package}/bin/x0vncserver -display :0 -rfbport ${toString vnc_port} -passwordfile ${pwtmp}"; + PermissionsStartOnly = true; + PrivateTmp = true; + }; + }; + terminal-web = { + description = "noVNC Web Server"; + after = [ "terminal-server.service" "graphical.target" "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "nobody"; + ExecStart = "${pkgs.novnc}/bin/launch-novnc.sh --listen ${toString web_port} --vnc localhost:${toString vnc_port}"; + PrivateTmp = true; + }; + }; + }; + services.nginx.enable = true; + services.nginx.virtualHosts._.locations = { + "/" = { + root = "${pkgs.novnc}"; + index = "vnc_auto.html"; + }; + "/websockify" = { + proxyPass = "http://127.0.0.1:6080/"; + extraConfig = '' + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + # VNC connection timeout + proxy_read_timeout 61s; + + # Disable cache + proxy_buffering off; + ''; + }; + }; +} |