tv x0vncserver: use LoadCredential
This commit is contained in:
parent
969bd9767e
commit
8ee6e71092
@ -11,17 +11,12 @@ in {
|
|||||||
};
|
};
|
||||||
enable = mkEnableOption "tv.x0vncserver";
|
enable = mkEnableOption "tv.x0vncserver";
|
||||||
pwfile = mkOption {
|
pwfile = mkOption {
|
||||||
default = {
|
default = toString <secrets> + "/vncpasswd";
|
||||||
name = "x0vncserver-pwfile";
|
|
||||||
owner = cfg.user;
|
|
||||||
path = "${cfg.user.home}/.vncpasswd";
|
|
||||||
source-path = toString <secrets> + "/vncpasswd";
|
|
||||||
};
|
|
||||||
description = ''
|
description = ''
|
||||||
Use vncpasswd to edit pwfile.
|
Use vncpasswd to edit pwfile.
|
||||||
See: nix-shell -p tigervnc --run 'man vncpasswd'
|
See: nix-shell -p tigervnc --run 'man vncpasswd'
|
||||||
'';
|
'';
|
||||||
type = types.secret-file;
|
type = types.absolute-pathname;
|
||||||
};
|
};
|
||||||
rfbport = mkOption {
|
rfbport = mkOption {
|
||||||
default = 5900;
|
default = 5900;
|
||||||
@ -33,26 +28,17 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
krebs.secret.files = {
|
krebs.systemd.services.x0vncserver = {};
|
||||||
x0vncserver-pwfile = cfg.pwfile;
|
|
||||||
};
|
|
||||||
systemd.services.x0vncserver = {
|
systemd.services.x0vncserver = {
|
||||||
after = [
|
after = [ "graphical.target" ];
|
||||||
config.krebs.secret.files.x0vncserver-pwfile.service
|
requires = [ "graphical.target" ];
|
||||||
"graphical.target"
|
|
||||||
];
|
|
||||||
partOf = [
|
|
||||||
config.krebs.secret.files.x0vncserver-pwfile.service
|
|
||||||
];
|
|
||||||
requires = [
|
|
||||||
"graphical.target"
|
|
||||||
];
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = "${pkgs.tigervnc}/bin/x0vncserver ${toString [
|
ExecStart = "${pkgs.tigervnc}/bin/x0vncserver ${toString [
|
||||||
"-display ${cfg.display}"
|
"-display ${cfg.display}"
|
||||||
"-passwordfile ${cfg.pwfile.path}"
|
"-passwordfile \${CREDENTIALS_DIRECTORY}/pwfile"
|
||||||
"-rfbport ${toString cfg.rfbport}"
|
"-rfbport ${toString cfg.rfbport}"
|
||||||
]}";
|
]}";
|
||||||
|
LoadCredential = "ssh_key:${cfg.pwfile}";
|
||||||
User = cfg.user.name;
|
User = cfg.user.name;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
Loading…
Reference in New Issue
Block a user