From 4c2408763eec98ec9cecf340dccfffa34a0c3cb0 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 12 May 2017 11:35:35 +0200
Subject: [PATCH] m: init and use 'makefu.gui.user'

---
 makefu/2configs/vncserver.nix     | 70 ++++++++++++++++++++++---------
 makefu/3modules/server-config.nix |  5 +++
 makefu/5pkgs/novnc/default.nix    | 41 ++++++++++++++++++
 3 files changed, 97 insertions(+), 19 deletions(-)
 create mode 100644 makefu/5pkgs/novnc/default.nix

diff --git a/makefu/2configs/vncserver.nix b/makefu/2configs/vncserver.nix
index 2e8e50feb..c56b3e294 100644
--- a/makefu/2configs/vncserver.nix
+++ b/makefu/2configs/vncserver.nix
@@ -5,26 +5,58 @@ let
   pwtmp = "/tmp/vnc-password";
   # nixos-unstable tigervnc is currently broken :\
   package = (import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-17.03.tar.gz) {}).pkgs.tigervnc;
-  User = "makefu";
-  port = 5900;
+  user = config.makefu.gui.user;
+  vnc_port = 5900;
+  web_port = 6080;
 in {
-	networking.firewall.allowedTCPPorts = [ port ];
-	networking.firewall.allowedUDPPorts = [ port ];
+  networking.firewall.allowedTCPPorts = [ 80 vnc_port web_port ];
+  systemd.services = {
+    terminal-server = {
+      description = "VNC Terminal Server";
+      after = [ "display-manager.service"  "graphical.target" ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        User = user;
+        Restart = "always";
+        ExecStartPre = pkgs.writeDash "terminal-pre" ''
+          sleep 5
+          install -m0700 -o ${user} ${pwfile} ${pwtmp}
+        '';
+        ExecStart = "${package}/bin/x0vncserver -display :0 -rfbport ${toString vnc_port} -passwordfile ${pwtmp}";
+        PermissionsStartOnly = true;
+        PrivateTmp = true;
+      };
+    };
+    terminal-web = {
+      description = "noVNC Web Server";
+      after = [ "terminal-server.service"  "graphical.target" "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        User = "nobody";
+        ExecStart = "${pkgs.novnc}/bin/launch-novnc.sh --listen ${toString web_port} --vnc localhost:${toString vnc_port}";
+				PrivateTmp = true;
+      };
+    };
+  };
+  services.nginx.enable = true;
+  services.nginx.virtualHosts._.locations = {
+    "/" = {
+      root = "${pkgs.novnc}";
+      index = "vnc_auto.html";
+    };
+    "/websockify" = {
+      proxyPass = "http://127.0.0.1:6080/";
+      extraConfig = ''
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
 
-	systemd.services."terminal-server" = {
-    description = "Terminal Server";
-    after = [ "display-manager.service" ];
-    wantedBy = [ "graphical.target" ];
-		serviceConfig = {
-      inherit User;
-      ExecStartPre = pkgs.writeDash "terminal-pre" ''
- 
-        set -eufx
-        install -m0700 -o ${User} ${pwfile} ${pwtmp}
+        # VNC connection timeout
+        proxy_read_timeout 61s;
+
+        # Disable cache
+        proxy_buffering off;
       '';
-			ExecStart = "${package}/bin/x0vncserver -display :0 -rfbport ${toString port} -passwordfile ${pwtmp}";
-      PermissionsStartOnly = true;
-      PrivateTmp = true;
-		};
-	};
+    };
+  };
 }
diff --git a/makefu/3modules/server-config.nix b/makefu/3modules/server-config.nix
index dbd29d748..846642580 100644
--- a/makefu/3modules/server-config.nix
+++ b/makefu/3modules/server-config.nix
@@ -6,5 +6,10 @@ with import <stockholm/lib>;
 		type = types.str;
 		description = "Primary interface of the server";
 	};
+  options.makefu.gui.user = lib.mkOption {
+		type = types.str;
+		description = "GUI user";
+    default = config.krebs.build.user.name;
+	};
 }
 
diff --git a/makefu/5pkgs/novnc/default.nix b/makefu/5pkgs/novnc/default.nix
new file mode 100644
index 000000000..b1d62248d
--- /dev/null
+++ b/makefu/5pkgs/novnc/default.nix
@@ -0,0 +1,41 @@
+{ stdenv, fetchurl, pkgs }:
+# source: https://github.com/hyphon81/Nixtack/blob/master/noVNC/noVNC.nix
+let
+in
+
+stdenv.mkDerivation rec {
+  name = "novnc-${version}";
+  version = "0.6.2";
+
+  src = fetchurl {
+    url = "https://github.com/novnc/noVNC/archive/v${version}.tar.gz";
+    sha256 = "16ygbdzdmnfg9a26d9il4a6fr16qmq0ix9imfbpzl0drfbj7z8kh";
+  };
+  p = stdenv.lib.makeBinPath [ pkgs.nettools pkgs.python27Packages.websockify
+                               pkgs.coreutils pkgs.which pkgs.procps ];
+  # TODO: propagatedBuildInputs does not seem to work with shell scripts
+  patchPhase = ''
+    sed -i '1aset -efu\nexport PATH=${p}\n' utils/launch.sh
+  '';
+  installPhase = ''
+    mkdir -p $out/bin
+    cp utils/launch.sh $out/bin/launch-novnc.sh
+    chmod +x $out/bin/launch-novnc.sh
+    mkdir -p $out/images
+    cp -r images/* $out/images/
+    mkdir -p $out/include
+    cp -r include/* $out/include/
+    cp favicon.ico $out
+    cp vnc.html $out
+    cp vnc_auto.html $out
+  '';
+
+  meta = with stdenv.lib; {
+    homepage = http://novnc.com/info.html;
+    repositories.git = git://github.com/novnc/noVNC.git;
+    description = ''
+      A HTML5 VNC Client
+    '';
+    license = licenses.mpl20;
+  };
+}