TODO: cleanup commits

2025-11-10 11:08:09 -05:00 · 2025-11-10 11:08:09 -05:00 · 30989c77cd
parent 61a74ec25e
commit 30989c77cd
7 changed files with 127 additions and 3 deletions
--- a/machines/kcnhub/configuration.nix
+++ b/machines/kcnhub/configuration.nix
@ -23,6 +23,8 @@
  sops.age.keyFile = "/root/.config/sops/age/keys.txt";
  sops.defaultSopsFile = ./secrets/system.yaml;

+  networking.networkmanager.enable = true;
+
  # Support NTFS(3g)
  boot.supportedFilesystems = ["ntfs"];
  
--- a/machines/kcnhub/packages.nix
+++ b/machines/kcnhub/packages.nix
@ -7,5 +7,6 @@
    ./packages/matlab.nix
    ./packages/containers.nix
    ./packages/deeplabcut.nix
+    ./packages/vnc.nix
  ];  
 }
--- a/machines/kcnhub/packages/containers.nix
+++ b/machines/kcnhub/packages/containers.nix
@ -2,11 +2,18 @@
  virtualisation = {
    podman = {
      enable = true;
+      # Enable CDI (Container Device Interface) for GPU support
+      enableNvidia = true;
    };
-    docker.rootless = {
+    
+    docker = { 
+      rootless = {
        enable = true;
        setSocketVariable = true;
      };
+      # Enable CDI (Container Device Interface) for GPU support
+      enableNvidia = true;
+    };
    # For compatability, and for some reason this isn't able to be per
    # container?
    oci-containers.backend = "docker";
--- a/machines/kcnhub/packages/vnc.nix
+++ b/machines/kcnhub/packages/vnc.nix
@ -0,0 +1,39 @@
+{ pkgs, ... }: {
+  # TurboVNC and VirtualGL packages with 32-bit support
+  environment.systemPackages = with pkgs; [
+    turbovnc
+    virtualgl
+    pkgsi686Linux.virtualgl  # Essential for 32-bit OpenGL applications
+    
+    # Additional utilities for VNC sessions
+    xorg.xhost
+    xorg.xauth
+    xorg.xrandr
+    
+    # Desktop environment components for VNC
+    plasma-desktop
+    konsole
+    dolphin
+    
+    # Alternative lightweight desktop
+    xfce.xfce4-session
+    xfce.xfdesktop
+    xfce.xfce4-panel
+    xfce.thunar
+  ];
+
+  # Configure library paths for VirtualGL
+  environment.sessionVariables = {
+    LD_LIBRARY_PATH = [ "/run/opengl-driver/lib/:/run/opengl-driver-32/lib:${pkgs.virtualgl}/lib:${pkgs.pkgsi686Linux.virtualgl}/lib" ];
+  };
+
+  # Open VNC ports in firewall
+  networking.firewall.allowedTCPPorts = [ 5901 5902 5903 ];
+
+  # Ensure proper OpenGL support
+  hardware.opengl = {
+    enable = true;
+    driSupport = true;
+    driSupport32Bit = true;  # Critical for VirtualGL 32-bit support
+  };
+}
--- a/machines/kcnhub/secrets/ngilab_net.yaml
+++ b/machines/kcnhub/secrets/ngilab_net.yaml
@ -0,0 +1,22 @@
+SSID: ENC[AES256_GCM,data:1yAXMlH4eHseIutf,iv:Jj8ZaPihXlqe7BObLkAIIL1yj4cCmwrbIZY7iEB25LA=,tag:XfNIVpq488lXh3brnVVDBA==,type:str]
+psk: ENC[AES256_GCM,data:In4FOsD9tfNVMCTmeyx+XLUqrg==,iv:W/tvKb0O8R0vBQ8+ckLsGVpoONorgfIjyxpt5sz6Io8=,tag:qnRYtjoOp3dOFRSbgwpUKg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1cvmffz227lhsvy4ufh0gnkfsvs5f27hv5l90m0lf4558uphteefsj2t74j
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHOURUTWQ0VlFMTXBlTTkv
+            WGlWeW92M3YyaUFZcUN2U1VGOE43Y0pBU0UwCmtQTXBBbVFMeDJIQ0loSW5FbU1L
+            NmhxbW5GTXlJVjBRRzVLejBwUXpINlkKLS0tIG9MS0cyOEZuVmxaRmRkZUxSalph
+            b2VWcThCOWNrTXBraDVHc002c0pYVTQKg0EotBCMyF3JMuEQWklY7snO9WkwW/FO
+            IfoZduqkdaIbn0SybZnCC12TgbVYoKstwANV9HsZREw+2G9wq8vm3Q==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-11-07T17:00:04Z"
+    mac: ENC[AES256_GCM,data:61+fDKLcYgdHVqvdQIK+6v0BvkoE34PnI/3vQ+5xmqQpGOcgVJbWdL9XCDj29prWgVRpIOOsmXgkXB37pLswd53S5PWKOzxCsyYfanqT/lzjzA8ntU4r9T9jOzz6H/MU7J41rzzKrvH0cyisGw0LkLhbhKXCgMdFF0vz1gynIlA=,iv:TDfRYDCFCIXkKlhWx0c6Qjmg+19cvgoczyuDevNmkG4=,tag:tI0eMREuKip9BTZAAPATsg==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1
--- a/machines/kcnhub/services.nix
+++ b/machines/kcnhub/services.nix
@ -2,6 +2,7 @@
  imports = [
    ./services/ssh.nix
    ./services/xrdp.nix
+    ./services/vnc-startup.nix
  ];
  services.vscode-server.enable = true;
 }
--- a/machines/kcnhub/services/vnc-startup.nix
+++ b/machines/kcnhub/services/vnc-startup.nix
@ -0,0 +1,52 @@
+{ pkgs, ... }: {
+  # Create VNC startup scripts for different desktop environments
+  environment.etc."vnc/xstartup-plasma".source = pkgs.writeScript "xstartup-plasma" ''
+    #!/usr/bin/env bash
+    
+    # Set up environment
+    export XDG_CURRENT_DESKTOP=KDE
+    export KDE_SESSION_VERSION=5
+    export QT_QPA_PLATFORM=xcb
+    
+    # Start D-Bus if not running
+    if [ -z "$DBUS_SESSION_BUS_ADDRESS" ]; then
+        eval $(dbus-launch --sh-syntax --exit-with-session)
+    fi
+    
+    # Start Plasma desktop session
+    exec startplasma-x11
+  '';
+
+  environment.etc."vnc/xstartup-xfce".source = pkgs.writeScript "xstartup-xfce" ''
+    #!/usr/bin/env bash
+    
+    # Set up environment
+    export XDG_CURRENT_DESKTOP=XFCE
+    export XDG_SESSION_DESKTOP=xfce
+    
+    # Start D-Bus if not running
+    if [ -z "$DBUS_SESSION_BUS_ADDRESS" ]; then
+        eval $(dbus-launch --sh-syntax --exit-with-session)
+    fi
+    
+    # Start XFCE session
+    exec startxfce4
+  '';
+
+  environment.etc."vnc/xstartup-minimal".source = pkgs.writeScript "xstartup-minimal" ''
+    #!/usr/bin/env bash
+
+    # Minimal desktop with window manager only
+    xrdb $HOME/.Xresources
+    xsetroot -solid grey
+    
+    # Start a simple window manager and terminal
+    icewm &
+    exec konsole
+  '';
+
+  # Make scripts executable
+  system.activationScripts.vnc-scripts = ''
+    chmod +x /etc/vnc/xstartup-*
+  '';
+}