From 8ee6e71092d3da2da372f0827b0a7fe27e6797cd Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 25 Dec 2021 11:41:06 +0100 Subject: [PATCH] tv x0vncserver: use LoadCredential --- tv/3modules/x0vncserver.nix | 28 +++++++--------------------- 1 file changed, 7 insertions(+), 21 deletions(-) diff --git a/tv/3modules/x0vncserver.nix b/tv/3modules/x0vncserver.nix index ba79c4a49..4dbb34df0 100644 --- a/tv/3modules/x0vncserver.nix +++ b/tv/3modules/x0vncserver.nix @@ -11,17 +11,12 @@ in { }; enable = mkEnableOption "tv.x0vncserver"; pwfile = mkOption { - default = { - name = "x0vncserver-pwfile"; - owner = cfg.user; - path = "${cfg.user.home}/.vncpasswd"; - source-path = toString + "/vncpasswd"; - }; + default = toString + "/vncpasswd"; description = '' Use vncpasswd to edit pwfile. See: nix-shell -p tigervnc --run 'man vncpasswd' ''; - type = types.secret-file; + type = types.absolute-pathname; }; rfbport = mkOption { default = 5900; @@ -33,26 +28,17 @@ in { }; }; config = mkIf cfg.enable { - krebs.secret.files = { - x0vncserver-pwfile = cfg.pwfile; - }; + krebs.systemd.services.x0vncserver = {}; systemd.services.x0vncserver = { - after = [ - config.krebs.secret.files.x0vncserver-pwfile.service - "graphical.target" - ]; - partOf = [ - config.krebs.secret.files.x0vncserver-pwfile.service - ]; - requires = [ - "graphical.target" - ]; + after = [ "graphical.target" ]; + requires = [ "graphical.target" ]; serviceConfig = { ExecStart = "${pkgs.tigervnc}/bin/x0vncserver ${toString [ "-display ${cfg.display}" - "-passwordfile ${cfg.pwfile.path}" + "-passwordfile \${CREDENTIALS_DIRECTORY}/pwfile" "-rfbport ${toString cfg.rfbport}" ]}"; + LoadCredential = "ssh_key:${cfg.pwfile}"; User = cfg.user.name; }; };