2017-08-02 02:13:21 +02:00
|
|
|
with import <stockholm/lib>;
|
|
|
|
{ config, pkgs, ... }: let
|
|
|
|
|
|
|
|
cfg = config.tv.x0vncserver;
|
|
|
|
|
|
|
|
in {
|
|
|
|
options.tv.x0vncserver = {
|
|
|
|
display = mkOption {
|
|
|
|
default = ":${toString config.services.xserver.display}";
|
|
|
|
type = types.str;
|
|
|
|
};
|
|
|
|
enable = mkEnableOption "tv.x0vncserver";
|
|
|
|
pwfile = mkOption {
|
|
|
|
default = {
|
2020-08-04 22:22:43 +02:00
|
|
|
name = "x0vncserver-pwfile";
|
2017-08-02 02:13:21 +02:00
|
|
|
owner = cfg.user;
|
|
|
|
path = "${cfg.user.home}/.vncpasswd";
|
|
|
|
source-path = toString <secrets> + "/vncpasswd";
|
|
|
|
};
|
|
|
|
description = ''
|
|
|
|
Use vncpasswd to edit pwfile.
|
|
|
|
See: nix-shell -p tigervnc --run 'man vncpasswd'
|
|
|
|
'';
|
|
|
|
type = types.secret-file;
|
|
|
|
};
|
|
|
|
rfbport = mkOption {
|
|
|
|
default = 5900;
|
|
|
|
type = types.int;
|
|
|
|
};
|
|
|
|
user = mkOption {
|
|
|
|
default = config.krebs.build.user;
|
|
|
|
type = types.user;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
|
|
krebs.secret.files = {
|
|
|
|
x0vncserver-pwfile = cfg.pwfile;
|
|
|
|
};
|
|
|
|
systemd.services.x0vncserver = {
|
2020-08-04 20:28:04 +02:00
|
|
|
after = [
|
|
|
|
config.krebs.secret.files.x0vncserver-pwfile.service
|
|
|
|
"graphical.target"
|
|
|
|
];
|
|
|
|
partOf = [
|
|
|
|
config.krebs.secret.files.x0vncserver-pwfile.service
|
|
|
|
];
|
|
|
|
requires = [
|
|
|
|
"graphical.target"
|
|
|
|
];
|
2017-08-02 02:13:21 +02:00
|
|
|
serviceConfig = {
|
|
|
|
ExecStart = "${pkgs.tigervnc}/bin/x0vncserver ${toString [
|
|
|
|
"-display ${cfg.display}"
|
|
|
|
"-passwordfile ${cfg.pwfile.path}"
|
|
|
|
"-rfbport ${toString cfg.rfbport}"
|
|
|
|
]}";
|
|
|
|
User = cfg.user.name;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
tv.iptables.input-retiolum-accept-tcp = singleton (toString cfg.rfbport);
|
|
|
|
};
|
|
|
|
}
|