Xpra-web service

David Crompton 2023-09-07 12:20:30 -04:00
parent b14750a99e
commit 48d14a7e54
1 changed files with 46 additions and 12 deletions

View File

@ -1,14 +1,48 @@
{ config, pkgs, lib, ...}: { { config, pkgs, lib, ...}: let
services.xserver.displayManager.xpra = { xpra-html5 = pkgs.fetchFromGitHub {
enable = false; owner = "Xpra-org";
repo = "xpra-html5";
rev = "e5fb000a9d4042c54e55c5e30c0936125ec3a045";
hash = "sha256-nfPePTvOVBgx/aMx380vu4Kn9sxmo1QNb050N95ENPk=";
};
xpra-web = pkgs.writeScript "xpra-web" ''
#!${pkgs.bash}/bin/bash
${pkgs.xpra}/bin/xpra $@ --html=${xpra-html5}/html5
'';
in {
environment.systemPackages = [ pkgs.xpra ];
systemd.sockets.xpra-web = {
description = "Xpra Web Socket";
partOf = [ "xpra-web.service" ];
wantedBy = [ "sockets.target" ];
socketConfig = {
# ListenStream = 14500;
ListenStream = "/run/xpra/system";
SocketUser = "root";
SocketGroup = "users";
PassCredentials = "true";
};
};
systemd.services.xpra-web = {
description = "xpra-web";
after = [ "network.target" "xpra-web.socket" ];
requires = [ "xpra-web.socket" ];
wantedBy = [ "multi-user.target" ];
# Where to bind port/address: serviceConfig = {
bindTcp = "127.0.0.1:10000"; Type = "simple";
ExecStart = ''${xpra-web} proxy :14500 --daemon=no \
# Use system login creds: --socket-dirs=/run/xpra --socket-permissions=666 \
auth = "pam"; --log-dir=/var/log --pidfile=/run/xpra/proxy.pid \
--auth=pam --bind-tcp=0.0.0.0:10000'';
# Should sound be streamed? Restart = "always";
pulseaudio = false; # Security
NoNewPrivileges = true;
ReadWritePaths = [ "/run/xpra" "/tmp" ];
# Sandboxing
ProtectSystem = "strict";
ProtectKernelTunables = true;
ProtectControlGroups = true;
};
}; };
} }