From 30989c77cd47fed49b3770e069cccbd2264b0ea2 Mon Sep 17 00:00:00 2001
From: Antoine Fauroux <antoine.fauroux@uhn.ca>
Date: Mon, 10 Nov 2025 11:08:09 -0500
Subject: [PATCH] TODO: cleanup commits

---
 machines/kcnhub/configuration.nix        |  2 +
 machines/kcnhub/packages.nix             |  1 +
 machines/kcnhub/packages/containers.nix  | 13 ++++--
 machines/kcnhub/packages/vnc.nix         | 39 ++++++++++++++++++
 machines/kcnhub/secrets/ngilab_net.yaml  | 22 ++++++++++
 machines/kcnhub/services.nix             |  1 +
 machines/kcnhub/services/vnc-startup.nix | 52 ++++++++++++++++++++++++
 7 files changed, 127 insertions(+), 3 deletions(-)
 create mode 100755 machines/kcnhub/packages/vnc.nix
 create mode 100644 machines/kcnhub/secrets/ngilab_net.yaml
 create mode 100755 machines/kcnhub/services/vnc-startup.nix

diff --git a/machines/kcnhub/configuration.nix b/machines/kcnhub/configuration.nix
index 79274d8..e025b86 100644
--- a/machines/kcnhub/configuration.nix
+++ b/machines/kcnhub/configuration.nix
@@ -23,6 +23,8 @@
   sops.age.keyFile = "/root/.config/sops/age/keys.txt";
   sops.defaultSopsFile = ./secrets/system.yaml;
 
+  networking.networkmanager.enable = true;
+
   # Support NTFS(3g)
   boot.supportedFilesystems = ["ntfs"];
   
diff --git a/machines/kcnhub/packages.nix b/machines/kcnhub/packages.nix
index f1e0370..e5cf4a1 100644
--- a/machines/kcnhub/packages.nix
+++ b/machines/kcnhub/packages.nix
@@ -7,5 +7,6 @@
     ./packages/matlab.nix
     ./packages/containers.nix
     ./packages/deeplabcut.nix
+    ./packages/vnc.nix
   ];  
 }
diff --git a/machines/kcnhub/packages/containers.nix b/machines/kcnhub/packages/containers.nix
index ccd7cb2..7db14ba 100644
--- a/machines/kcnhub/packages/containers.nix
+++ b/machines/kcnhub/packages/containers.nix
@@ -2,10 +2,17 @@
   virtualisation = {
     podman = {
       enable = true;
+      # Enable CDI (Container Device Interface) for GPU support
+      enableNvidia = true;
     };
-    docker.rootless = {
-      enable = true;
-      setSocketVariable = true;
+    
+    docker = { 
+      rootless = {
+        enable = true;
+        setSocketVariable = true;
+      };
+      # Enable CDI (Container Device Interface) for GPU support
+      enableNvidia = true;
     };
     # For compatability, and for some reason this isn't able to be per
     # container?
diff --git a/machines/kcnhub/packages/vnc.nix b/machines/kcnhub/packages/vnc.nix
new file mode 100755
index 0000000..4972153
--- /dev/null
+++ b/machines/kcnhub/packages/vnc.nix
@@ -0,0 +1,39 @@
+{ pkgs, ... }: {
+  # TurboVNC and VirtualGL packages with 32-bit support
+  environment.systemPackages = with pkgs; [
+    turbovnc
+    virtualgl
+    pkgsi686Linux.virtualgl  # Essential for 32-bit OpenGL applications
+    
+    # Additional utilities for VNC sessions
+    xorg.xhost
+    xorg.xauth
+    xorg.xrandr
+    
+    # Desktop environment components for VNC
+    plasma-desktop
+    konsole
+    dolphin
+    
+    # Alternative lightweight desktop
+    xfce.xfce4-session
+    xfce.xfdesktop
+    xfce.xfce4-panel
+    xfce.thunar
+  ];
+
+  # Configure library paths for VirtualGL
+  environment.sessionVariables = {
+    LD_LIBRARY_PATH = [ "/run/opengl-driver/lib/:/run/opengl-driver-32/lib:${pkgs.virtualgl}/lib:${pkgs.pkgsi686Linux.virtualgl}/lib" ];
+  };
+
+  # Open VNC ports in firewall
+  networking.firewall.allowedTCPPorts = [ 5901 5902 5903 ];
+
+  # Ensure proper OpenGL support
+  hardware.opengl = {
+    enable = true;
+    driSupport = true;
+    driSupport32Bit = true;  # Critical for VirtualGL 32-bit support
+  };
+}
diff --git a/machines/kcnhub/secrets/ngilab_net.yaml b/machines/kcnhub/secrets/ngilab_net.yaml
new file mode 100644
index 0000000..a34eae8
--- /dev/null
+++ b/machines/kcnhub/secrets/ngilab_net.yaml
@@ -0,0 +1,22 @@
+SSID: ENC[AES256_GCM,data:1yAXMlH4eHseIutf,iv:Jj8ZaPihXlqe7BObLkAIIL1yj4cCmwrbIZY7iEB25LA=,tag:XfNIVpq488lXh3brnVVDBA==,type:str]
+psk: ENC[AES256_GCM,data:In4FOsD9tfNVMCTmeyx+XLUqrg==,iv:W/tvKb0O8R0vBQ8+ckLsGVpoONorgfIjyxpt5sz6Io8=,tag:qnRYtjoOp3dOFRSbgwpUKg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1cvmffz227lhsvy4ufh0gnkfsvs5f27hv5l90m0lf4558uphteefsj2t74j
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHOURUTWQ0VlFMTXBlTTkv
+            WGlWeW92M3YyaUFZcUN2U1VGOE43Y0pBU0UwCmtQTXBBbVFMeDJIQ0loSW5FbU1L
+            NmhxbW5GTXlJVjBRRzVLejBwUXpINlkKLS0tIG9MS0cyOEZuVmxaRmRkZUxSalph
+            b2VWcThCOWNrTXBraDVHc002c0pYVTQKg0EotBCMyF3JMuEQWklY7snO9WkwW/FO
+            IfoZduqkdaIbn0SybZnCC12TgbVYoKstwANV9HsZREw+2G9wq8vm3Q==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-11-07T17:00:04Z"
+    mac: ENC[AES256_GCM,data:61+fDKLcYgdHVqvdQIK+6v0BvkoE34PnI/3vQ+5xmqQpGOcgVJbWdL9XCDj29prWgVRpIOOsmXgkXB37pLswd53S5PWKOzxCsyYfanqT/lzjzA8ntU4r9T9jOzz6H/MU7J41rzzKrvH0cyisGw0LkLhbhKXCgMdFF0vz1gynIlA=,iv:TDfRYDCFCIXkKlhWx0c6Qjmg+19cvgoczyuDevNmkG4=,tag:tI0eMREuKip9BTZAAPATsg==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1
diff --git a/machines/kcnhub/services.nix b/machines/kcnhub/services.nix
index 04cc197..dee489b 100644
--- a/machines/kcnhub/services.nix
+++ b/machines/kcnhub/services.nix
@@ -2,6 +2,7 @@
   imports = [
     ./services/ssh.nix
     ./services/xrdp.nix
+    ./services/vnc-startup.nix
   ];
   services.vscode-server.enable = true;
 }
diff --git a/machines/kcnhub/services/vnc-startup.nix b/machines/kcnhub/services/vnc-startup.nix
new file mode 100755
index 0000000..7b46126
--- /dev/null
+++ b/machines/kcnhub/services/vnc-startup.nix
@@ -0,0 +1,52 @@
+{ pkgs, ... }: {
+  # Create VNC startup scripts for different desktop environments
+  environment.etc."vnc/xstartup-plasma".source = pkgs.writeScript "xstartup-plasma" ''
+    #!/usr/bin/env bash
+    
+    # Set up environment
+    export XDG_CURRENT_DESKTOP=KDE
+    export KDE_SESSION_VERSION=5
+    export QT_QPA_PLATFORM=xcb
+    
+    # Start D-Bus if not running
+    if [ -z "$DBUS_SESSION_BUS_ADDRESS" ]; then
+        eval $(dbus-launch --sh-syntax --exit-with-session)
+    fi
+    
+    # Start Plasma desktop session
+    exec startplasma-x11
+  '';
+
+  environment.etc."vnc/xstartup-xfce".source = pkgs.writeScript "xstartup-xfce" ''
+    #!/usr/bin/env bash
+    
+    # Set up environment
+    export XDG_CURRENT_DESKTOP=XFCE
+    export XDG_SESSION_DESKTOP=xfce
+    
+    # Start D-Bus if not running
+    if [ -z "$DBUS_SESSION_BUS_ADDRESS" ]; then
+        eval $(dbus-launch --sh-syntax --exit-with-session)
+    fi
+    
+    # Start XFCE session
+    exec startxfce4
+  '';
+
+  environment.etc."vnc/xstartup-minimal".source = pkgs.writeScript "xstartup-minimal" ''
+    #!/usr/bin/env bash
+
+    # Minimal desktop with window manager only
+    xrdb $HOME/.Xresources
+    xsetroot -solid grey
+    
+    # Start a simple window manager and terminal
+    icewm &
+    exec konsole
+  '';
+
+  # Make scripts executable
+  system.activationScripts.vnc-scripts = ''
+    chmod +x /etc/vnc/xstartup-*
+  '';
+}