m: init and use 'makefu.gui.user'

This commit is contained in:
makefu 2017-05-12 11:35:35 +02:00
parent 1f9ddd9c6f
commit 4c2408763e
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
3 changed files with 97 additions and 19 deletions

View File

@ -5,26 +5,58 @@ let
pwtmp = "/tmp/vnc-password";
# nixos-unstable tigervnc is currently broken :\
package = (import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-17.03.tar.gz) {}).pkgs.tigervnc;
User = "makefu";
port = 5900;
user = config.makefu.gui.user;
vnc_port = 5900;
web_port = 6080;
in {
networking.firewall.allowedTCPPorts = [ port ];
networking.firewall.allowedUDPPorts = [ port ];
networking.firewall.allowedTCPPorts = [ 80 vnc_port web_port ];
systemd.services = {
terminal-server = {
description = "VNC Terminal Server";
after = [ "display-manager.service" "graphical.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = user;
Restart = "always";
ExecStartPre = pkgs.writeDash "terminal-pre" ''
sleep 5
install -m0700 -o ${user} ${pwfile} ${pwtmp}
'';
ExecStart = "${package}/bin/x0vncserver -display :0 -rfbport ${toString vnc_port} -passwordfile ${pwtmp}";
PermissionsStartOnly = true;
PrivateTmp = true;
};
};
terminal-web = {
description = "noVNC Web Server";
after = [ "terminal-server.service" "graphical.target" "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "nobody";
ExecStart = "${pkgs.novnc}/bin/launch-novnc.sh --listen ${toString web_port} --vnc localhost:${toString vnc_port}";
PrivateTmp = true;
};
};
};
services.nginx.enable = true;
services.nginx.virtualHosts._.locations = {
"/" = {
root = "${pkgs.novnc}";
index = "vnc_auto.html";
};
"/websockify" = {
proxyPass = "http://127.0.0.1:6080/";
extraConfig = ''
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
systemd.services."terminal-server" = {
description = "Terminal Server";
after = [ "display-manager.service" ];
wantedBy = [ "graphical.target" ];
serviceConfig = {
inherit User;
ExecStartPre = pkgs.writeDash "terminal-pre" ''
# VNC connection timeout
proxy_read_timeout 61s;
set -eufx
install -m0700 -o ${User} ${pwfile} ${pwtmp}
# Disable cache
proxy_buffering off;
'';
ExecStart = "${package}/bin/x0vncserver -display :0 -rfbport ${toString port} -passwordfile ${pwtmp}";
PermissionsStartOnly = true;
PrivateTmp = true;
};
};
};
};
}

View File

@ -6,5 +6,10 @@ with import <stockholm/lib>;
type = types.str;
description = "Primary interface of the server";
};
options.makefu.gui.user = lib.mkOption {
type = types.str;
description = "GUI user";
default = config.krebs.build.user.name;
};
}

View File

@ -0,0 +1,41 @@
{ stdenv, fetchurl, pkgs }:
# source: https://github.com/hyphon81/Nixtack/blob/master/noVNC/noVNC.nix
let
in
stdenv.mkDerivation rec {
name = "novnc-${version}";
version = "0.6.2";
src = fetchurl {
url = "https://github.com/novnc/noVNC/archive/v${version}.tar.gz";
sha256 = "16ygbdzdmnfg9a26d9il4a6fr16qmq0ix9imfbpzl0drfbj7z8kh";
};
p = stdenv.lib.makeBinPath [ pkgs.nettools pkgs.python27Packages.websockify
pkgs.coreutils pkgs.which pkgs.procps ];
# TODO: propagatedBuildInputs does not seem to work with shell scripts
patchPhase = ''
sed -i '1aset -efu\nexport PATH=${p}\n' utils/launch.sh
'';
installPhase = ''
mkdir -p $out/bin
cp utils/launch.sh $out/bin/launch-novnc.sh
chmod +x $out/bin/launch-novnc.sh
mkdir -p $out/images
cp -r images/* $out/images/
mkdir -p $out/include
cp -r include/* $out/include/
cp favicon.ico $out
cp vnc.html $out
cp vnc_auto.html $out
'';
meta = with stdenv.lib; {
homepage = http://novnc.com/info.html;
repositories.git = git://github.com/novnc/noVNC.git;
description = ''
A HTML5 VNC Client
'';
license = licenses.mpl20;
};
}