From 669a7936fc75e377e840472d2b941fef382413b3 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 10 May 2017 16:47:58 +0200
Subject: m 2 vncserver: init

---
 makefu/2configs/vncserver.nix | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 makefu/2configs/vncserver.nix

(limited to 'makefu/2configs/vncserver.nix')

diff --git a/makefu/2configs/vncserver.nix b/makefu/2configs/vncserver.nix
new file mode 100644
index 000000000..2e8e50feb
--- /dev/null
+++ b/makefu/2configs/vncserver.nix
@@ -0,0 +1,30 @@
+{config,lib,pkgs, ...}:
+with lib;
+let
+  pwfile = (toString <secrets>)+ "/vnc-password"; # create with `vncpasswd`
+  pwtmp = "/tmp/vnc-password";
+  # nixos-unstable tigervnc is currently broken :\
+  package = (import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-17.03.tar.gz) {}).pkgs.tigervnc;
+  User = "makefu";
+  port = 5900;
+in {
+	networking.firewall.allowedTCPPorts = [ port ];
+	networking.firewall.allowedUDPPorts = [ port ];
+
+	systemd.services."terminal-server" = {
+    description = "Terminal Server";
+    after = [ "display-manager.service" ];
+    wantedBy = [ "graphical.target" ];
+		serviceConfig = {
+      inherit User;
+      ExecStartPre = pkgs.writeDash "terminal-pre" ''
+ 
+        set -eufx
+        install -m0700 -o ${User} ${pwfile} ${pwtmp}
+      '';
+			ExecStart = "${package}/bin/x0vncserver -display :0 -rfbport ${toString port} -passwordfile ${pwtmp}";
+      PermissionsStartOnly = true;
+      PrivateTmp = true;
+		};
+	};
+}
-- 
cgit v1.2.3


From 4c2408763eec98ec9cecf340dccfffa34a0c3cb0 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 12 May 2017 11:35:35 +0200
Subject: m: init and use 'makefu.gui.user'

---
 makefu/2configs/vncserver.nix | 70 +++++++++++++++++++++++++++++++------------
 1 file changed, 51 insertions(+), 19 deletions(-)

(limited to 'makefu/2configs/vncserver.nix')

diff --git a/makefu/2configs/vncserver.nix b/makefu/2configs/vncserver.nix
index 2e8e50feb..c56b3e294 100644
--- a/makefu/2configs/vncserver.nix
+++ b/makefu/2configs/vncserver.nix
@@ -5,26 +5,58 @@ let
   pwtmp = "/tmp/vnc-password";
   # nixos-unstable tigervnc is currently broken :\
   package = (import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-17.03.tar.gz) {}).pkgs.tigervnc;
-  User = "makefu";
-  port = 5900;
+  user = config.makefu.gui.user;
+  vnc_port = 5900;
+  web_port = 6080;
 in {
-	networking.firewall.allowedTCPPorts = [ port ];
-	networking.firewall.allowedUDPPorts = [ port ];
+  networking.firewall.allowedTCPPorts = [ 80 vnc_port web_port ];
+  systemd.services = {
+    terminal-server = {
+      description = "VNC Terminal Server";
+      after = [ "display-manager.service"  "graphical.target" ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        User = user;
+        Restart = "always";
+        ExecStartPre = pkgs.writeDash "terminal-pre" ''
+          sleep 5
+          install -m0700 -o ${user} ${pwfile} ${pwtmp}
+        '';
+        ExecStart = "${package}/bin/x0vncserver -display :0 -rfbport ${toString vnc_port} -passwordfile ${pwtmp}";
+        PermissionsStartOnly = true;
+        PrivateTmp = true;
+      };
+    };
+    terminal-web = {
+      description = "noVNC Web Server";
+      after = [ "terminal-server.service"  "graphical.target" "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        User = "nobody";
+        ExecStart = "${pkgs.novnc}/bin/launch-novnc.sh --listen ${toString web_port} --vnc localhost:${toString vnc_port}";
+				PrivateTmp = true;
+      };
+    };
+  };
+  services.nginx.enable = true;
+  services.nginx.virtualHosts._.locations = {
+    "/" = {
+      root = "${pkgs.novnc}";
+      index = "vnc_auto.html";
+    };
+    "/websockify" = {
+      proxyPass = "http://127.0.0.1:6080/";
+      extraConfig = ''
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
 
-	systemd.services."terminal-server" = {
-    description = "Terminal Server";
-    after = [ "display-manager.service" ];
-    wantedBy = [ "graphical.target" ];
-		serviceConfig = {
-      inherit User;
-      ExecStartPre = pkgs.writeDash "terminal-pre" ''
- 
-        set -eufx
-        install -m0700 -o ${User} ${pwfile} ${pwtmp}
+        # VNC connection timeout
+        proxy_read_timeout 61s;
+
+        # Disable cache
+        proxy_buffering off;
       '';
-			ExecStart = "${package}/bin/x0vncserver -display :0 -rfbport ${toString port} -passwordfile ${pwtmp}";
-      PermissionsStartOnly = true;
-      PrivateTmp = true;
-		};
-	};
+    };
+  };
 }
-- 
cgit v1.2.3