XPRA Fixes

TODO: Matlab not working???
master
David Crompton 2023-10-27 11:52:31 -04:00
parent 8f5c8a1a2e
commit 85e721a9fd
1 changed files with 49 additions and 3 deletions

View File

@ -10,7 +10,54 @@
${pkgs.xpra}/bin/xpra $@ --html=${xpra-html5}/html5
'';
in {
nixpkgs.overlays = [
(final: prev: {
xpra = prev.xpra.overrideAttrs (old: {
postPatch = old.postPatch or "" + ''
sed -e 's#"%s/share/xsessions" % sys.prefix#"${config.services.xserver.displayManager.sessionData.desktops}/share/xsessions"#g' -i xpra/platform/xposix/menu_helper.py
'';
});
})
];
# To use instead of Plasma
services.xserver.windowManager.fluxbox.enable = true;
environment.systemPackages = [ pkgs.xpra ];
security.pam.services = {
xpra = {
text = ''
# Account management.
account required pam_unix.so
# Authentication management.
auth sufficient pam_unix.so likeauth try_first_pass
auth required pam_deny.so
# Password management.
password sufficient pam_unix.so nullok yescrypt
session required pam_unix.so
#account required pam_nologin.so
# account include system-auth
# password include system-auth
# pam_selinux.so close should be the first session rule
#session required pam_selinux.so close
session required pam_loginuid.so
#to require a local user account, uncomment this line:
#session required pam_localuser.so
# session sufficient pam_systemd.so class=background type=x11
# pam_selinux.so open should only be followed by sessions to be executed in the user context
# session required pam_selinux.so open
# session required pam_namespace.so
# session optional pam_keyinit.so force revoke
# session include system-auth
# session include postlogin
-session optional pam_ck_connector.so
'';
};
};
systemd.sockets.xpra-web = {
description = "Xpra Web Socket";
partOf = [ "xpra-web.service" ];
@ -32,9 +79,8 @@ in {
serviceConfig = {
Type = "simple";
ExecStart = ''${xpra-web} proxy :14500 --daemon=no \
--socket-dirs=/run/xpra --socket-permissions=666 \
--log-dir=/var/log --pidfile=/run/xpra/proxy.pid \
--ws-auth=pam --auth=pam --tcp-auth=pam --bind-tcp=0.0.0.0:10000'';
--tcp-auth=pam --auth=pam --bind=none \
--log-dir=/var/log --pidfile=/run/xpra/proxy.pid --bind-tcp=:10000'';
Restart = "always";
# Security
NoNewPrivileges = true;