From 4c2408763eec98ec9cecf340dccfffa34a0c3cb0 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 12 May 2017 11:35:35 +0200 Subject: m: init and use 'makefu.gui.user' --- makefu/2configs/vncserver.nix | 70 ++++++++++++++++++++++++++++----------- makefu/3modules/server-config.nix | 5 +++ makefu/5pkgs/novnc/default.nix | 41 +++++++++++++++++++++++ 3 files changed, 97 insertions(+), 19 deletions(-) create mode 100644 makefu/5pkgs/novnc/default.nix diff --git a/makefu/2configs/vncserver.nix b/makefu/2configs/vncserver.nix index 2e8e50feb..c56b3e294 100644 --- a/makefu/2configs/vncserver.nix +++ b/makefu/2configs/vncserver.nix @@ -5,26 +5,58 @@ let pwtmp = "/tmp/vnc-password"; # nixos-unstable tigervnc is currently broken :\ package = (import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-17.03.tar.gz) {}).pkgs.tigervnc; - User = "makefu"; - port = 5900; + user = config.makefu.gui.user; + vnc_port = 5900; + web_port = 6080; in { - networking.firewall.allowedTCPPorts = [ port ]; - networking.firewall.allowedUDPPorts = [ port ]; + networking.firewall.allowedTCPPorts = [ 80 vnc_port web_port ]; + systemd.services = { + terminal-server = { + description = "VNC Terminal Server"; + after = [ "display-manager.service" "graphical.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = user; + Restart = "always"; + ExecStartPre = pkgs.writeDash "terminal-pre" '' + sleep 5 + install -m0700 -o ${user} ${pwfile} ${pwtmp} + ''; + ExecStart = "${package}/bin/x0vncserver -display :0 -rfbport ${toString vnc_port} -passwordfile ${pwtmp}"; + PermissionsStartOnly = true; + PrivateTmp = true; + }; + }; + terminal-web = { + description = "noVNC Web Server"; + after = [ "terminal-server.service" "graphical.target" "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "nobody"; + ExecStart = "${pkgs.novnc}/bin/launch-novnc.sh --listen ${toString web_port} --vnc localhost:${toString vnc_port}"; + PrivateTmp = true; + }; + }; + }; + services.nginx.enable = true; + services.nginx.virtualHosts._.locations = { + "/" = { + root = "${pkgs.novnc}"; + index = "vnc_auto.html"; + }; + "/websockify" = { + proxyPass = "http://127.0.0.1:6080/"; + extraConfig = '' + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; - systemd.services."terminal-server" = { - description = "Terminal Server"; - after = [ "display-manager.service" ]; - wantedBy = [ "graphical.target" ]; - serviceConfig = { - inherit User; - ExecStartPre = pkgs.writeDash "terminal-pre" '' - - set -eufx - install -m0700 -o ${User} ${pwfile} ${pwtmp} + # VNC connection timeout + proxy_read_timeout 61s; + + # Disable cache + proxy_buffering off; ''; - ExecStart = "${package}/bin/x0vncserver -display :0 -rfbport ${toString port} -passwordfile ${pwtmp}"; - PermissionsStartOnly = true; - PrivateTmp = true; - }; - }; + }; + }; } diff --git a/makefu/3modules/server-config.nix b/makefu/3modules/server-config.nix index dbd29d748..846642580 100644 --- a/makefu/3modules/server-config.nix +++ b/makefu/3modules/server-config.nix @@ -6,5 +6,10 @@ with import ; type = types.str; description = "Primary interface of the server"; }; + options.makefu.gui.user = lib.mkOption { + type = types.str; + description = "GUI user"; + default = config.krebs.build.user.name; + }; } diff --git a/makefu/5pkgs/novnc/default.nix b/makefu/5pkgs/novnc/default.nix new file mode 100644 index 000000000..b1d62248d --- /dev/null +++ b/makefu/5pkgs/novnc/default.nix @@ -0,0 +1,41 @@ +{ stdenv, fetchurl, pkgs }: +# source: https://github.com/hyphon81/Nixtack/blob/master/noVNC/noVNC.nix +let +in + +stdenv.mkDerivation rec { + name = "novnc-${version}"; + version = "0.6.2"; + + src = fetchurl { + url = "https://github.com/novnc/noVNC/archive/v${version}.tar.gz"; + sha256 = "16ygbdzdmnfg9a26d9il4a6fr16qmq0ix9imfbpzl0drfbj7z8kh"; + }; + p = stdenv.lib.makeBinPath [ pkgs.nettools pkgs.python27Packages.websockify + pkgs.coreutils pkgs.which pkgs.procps ]; + # TODO: propagatedBuildInputs does not seem to work with shell scripts + patchPhase = '' + sed -i '1aset -efu\nexport PATH=${p}\n' utils/launch.sh + ''; + installPhase = '' + mkdir -p $out/bin + cp utils/launch.sh $out/bin/launch-novnc.sh + chmod +x $out/bin/launch-novnc.sh + mkdir -p $out/images + cp -r images/* $out/images/ + mkdir -p $out/include + cp -r include/* $out/include/ + cp favicon.ico $out + cp vnc.html $out + cp vnc_auto.html $out + ''; + + meta = with stdenv.lib; { + homepage = http://novnc.com/info.html; + repositories.git = git://github.com/novnc/noVNC.git; + description = '' + A HTML5 VNC Client + ''; + license = licenses.mpl20; + }; +} -- cgit v1.2.3