1 files changed, 44 insertions, 0 deletions
diff --git a/modules/x0vncserver.nix b/modules/x0vncserver.nix
new file mode 100644
index 0000000..d24c2d0
--- /dev/null
+++ b/modules/x0vncserver.nix
@@ -0,0 +1,44 @@
+{ config, lib, mylib, pkgs, ... }: let
+  cfg = config.tv.x0vncserver;
+in {
+  options.tv.x0vncserver = {
+    display = lib.mkOption {
+      default = ":${toString config.services.xserver.display}";
+      type = lib.types.str;
+    };
+    enable = lib.mkEnableOption "tv.x0vncserver";
+    pwfile = lib.mkOption {
+      default = "${config.krebs.secret.directory}/vncpasswd";
+      description = ''
+        Use vncpasswd to edit pwfile.
+        See: nix-shell -p tigervnc --run 'man vncpasswd'
+      '';
+      type = mylib.types.absolute-pathname;
+    };
+    rfbport = lib.mkOption {
+      default = 5900;
+      type = lib.types.int;
+    };
+    user = lib.mkOption {
+      default = config.krebs.build.user;
+      type = mylib.types.user;
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    krebs.systemd.services.x0vncserver.restartIfCredentialsChange = true;
+    systemd.services.x0vncserver = {
+      after = [ "graphical.target" ];
+      requires = [ "graphical.target" ];
+      serviceConfig = {
+        ExecStart = "${pkgs.tigervnc}/bin/x0vncserver ${toString [
+          "-display ${cfg.display}"
+          "-passwordfile \${CREDENTIALS_DIRECTORY}/pwfile"
+          "-rfbport ${toString cfg.rfbport}"
+        ]}";
+        LoadCredential = "ssh_key:${cfg.pwfile}";
+        User = cfg.user.name;
+      };
+    };
+    tv.iptables.input-retiolum-accept-tcp = [ (toString cfg.rfbport) ];
+  };
+}