summaryrefslogtreecommitdiffstats
path: root/tv/3modules/x0vncserver.nix
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2017-08-05 12:01:07 +0200
committermakefu <github@syntax-fehler.de>2017-08-05 12:01:07 +0200
commitf1124bd208306b2cfe32e1b85ccb810455453483 (patch)
treeb286db06b459e2d24409c3b4fd02eb0ea7d88a82 /tv/3modules/x0vncserver.nix
parent7db5d59018f4096b0cc39afa59df53b6a1fa9353 (diff)
parent1310375624b7fbcb6c165a032edc9d3ef336d57b (diff)
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'tv/3modules/x0vncserver.nix')
-rw-r--r--tv/3modules/x0vncserver.nix52
1 files changed, 52 insertions, 0 deletions
diff --git a/tv/3modules/x0vncserver.nix b/tv/3modules/x0vncserver.nix
new file mode 100644
index 000000000..44fed590d
--- /dev/null
+++ b/tv/3modules/x0vncserver.nix
@@ -0,0 +1,52 @@
+with import <stockholm/lib>;
+{ config, pkgs, ... }: let
+
+ cfg = config.tv.x0vncserver;
+
+in {
+ options.tv.x0vncserver = {
+ display = mkOption {
+ default = ":${toString config.services.xserver.display}";
+ type = types.str;
+ };
+ enable = mkEnableOption "tv.x0vncserver";
+ pwfile = mkOption {
+ default = {
+ owner = cfg.user;
+ path = "${cfg.user.home}/.vncpasswd";
+ source-path = toString <secrets> + "/vncpasswd";
+ };
+ description = ''
+ Use vncpasswd to edit pwfile.
+ See: nix-shell -p tigervnc --run 'man vncpasswd'
+ '';
+ type = types.secret-file;
+ };
+ rfbport = mkOption {
+ default = 5900;
+ type = types.int;
+ };
+ user = mkOption {
+ default = config.krebs.build.user;
+ type = types.user;
+ };
+ };
+ config = mkIf cfg.enable {
+ krebs.secret.files = {
+ x0vncserver-pwfile = cfg.pwfile;
+ };
+ systemd.services.x0vncserver = {
+ after = [ "graphical.target" "secret.service" ];
+ requires = [ "graphical.target" "secret.service" ];
+ serviceConfig = {
+ ExecStart = "${pkgs.tigervnc}/bin/x0vncserver ${toString [
+ "-display ${cfg.display}"
+ "-passwordfile ${cfg.pwfile.path}"
+ "-rfbport ${toString cfg.rfbport}"
+ ]}";
+ User = cfg.user.name;
+ };
+ };
+ tv.iptables.input-retiolum-accept-tcp = singleton (toString cfg.rfbport);
+ };
+}