summaryrefslogtreecommitdiffstats
path: root/makefu/2configs/vncserver.nix
diff options
context:
space:
mode:
Diffstat (limited to 'makefu/2configs/vncserver.nix')
-rw-r--r--makefu/2configs/vncserver.nix62
1 files changed, 62 insertions, 0 deletions
diff --git a/makefu/2configs/vncserver.nix b/makefu/2configs/vncserver.nix
new file mode 100644
index 000000000..c56b3e294
--- /dev/null
+++ b/makefu/2configs/vncserver.nix
@@ -0,0 +1,62 @@
+{config,lib,pkgs, ...}:
+with lib;
+let
+ pwfile = (toString <secrets>)+ "/vnc-password"; # create with `vncpasswd`
+ pwtmp = "/tmp/vnc-password";
+ # nixos-unstable tigervnc is currently broken :\
+ package = (import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-17.03.tar.gz) {}).pkgs.tigervnc;
+ user = config.makefu.gui.user;
+ vnc_port = 5900;
+ web_port = 6080;
+in {
+ networking.firewall.allowedTCPPorts = [ 80 vnc_port web_port ];
+ systemd.services = {
+ terminal-server = {
+ description = "VNC Terminal Server";
+ after = [ "display-manager.service" "graphical.target" ];
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ User = user;
+ Restart = "always";
+ ExecStartPre = pkgs.writeDash "terminal-pre" ''
+ sleep 5
+ install -m0700 -o ${user} ${pwfile} ${pwtmp}
+ '';
+ ExecStart = "${package}/bin/x0vncserver -display :0 -rfbport ${toString vnc_port} -passwordfile ${pwtmp}";
+ PermissionsStartOnly = true;
+ PrivateTmp = true;
+ };
+ };
+ terminal-web = {
+ description = "noVNC Web Server";
+ after = [ "terminal-server.service" "graphical.target" "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ User = "nobody";
+ ExecStart = "${pkgs.novnc}/bin/launch-novnc.sh --listen ${toString web_port} --vnc localhost:${toString vnc_port}";
+ PrivateTmp = true;
+ };
+ };
+ };
+ services.nginx.enable = true;
+ services.nginx.virtualHosts._.locations = {
+ "/" = {
+ root = "${pkgs.novnc}";
+ index = "vnc_auto.html";
+ };
+ "/websockify" = {
+ proxyPass = "http://127.0.0.1:6080/";
+ extraConfig = ''
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+
+ # VNC connection timeout
+ proxy_read_timeout 61s;
+
+ # Disable cache
+ proxy_buffering off;
+ '';
+ };
+ };
+}