David Crompton
parent
8f5c8a1a2e
commit
85e721a9fd
|
|
@ -10,7 +10,54 @@
|
||||||
${pkgs.xpra}/bin/xpra $@ --html=${xpra-html5}/html5
|
${pkgs.xpra}/bin/xpra $@ --html=${xpra-html5}/html5
|
||||||
'';
|
'';
|
||||||
in {
|
in {
|
||||||
|
nixpkgs.overlays = [
|
||||||
|
(final: prev: {
|
||||||
|
xpra = prev.xpra.overrideAttrs (old: {
|
||||||
|
postPatch = old.postPatch or "" + ''
|
||||||
|
sed -e 's#"%s/share/xsessions" % sys.prefix#"${config.services.xserver.displayManager.sessionData.desktops}/share/xsessions"#g' -i xpra/platform/xposix/menu_helper.py
|
||||||
|
'';
|
||||||
|
});
|
||||||
|
})
|
||||||
|
];
|
||||||
|
# To use instead of Plasma
|
||||||
|
services.xserver.windowManager.fluxbox.enable = true;
|
||||||
environment.systemPackages = [ pkgs.xpra ];
|
environment.systemPackages = [ pkgs.xpra ];
|
||||||
|
security.pam.services = {
|
||||||
|
xpra = {
|
||||||
|
text = ''
|
||||||
|
# Account management.
|
||||||
|
account required pam_unix.so
|
||||||
|
|
||||||
|
# Authentication management.
|
||||||
|
auth sufficient pam_unix.so likeauth try_first_pass
|
||||||
|
auth required pam_deny.so
|
||||||
|
|
||||||
|
# Password management.
|
||||||
|
password sufficient pam_unix.so nullok yescrypt
|
||||||
|
|
||||||
|
session required pam_unix.so
|
||||||
|
|
||||||
|
#account required pam_nologin.so
|
||||||
|
# account include system-auth
|
||||||
|
# password include system-auth
|
||||||
|
|
||||||
|
# pam_selinux.so close should be the first session rule
|
||||||
|
#session required pam_selinux.so close
|
||||||
|
session required pam_loginuid.so
|
||||||
|
#to require a local user account, uncomment this line:
|
||||||
|
#session required pam_localuser.so
|
||||||
|
# session sufficient pam_systemd.so class=background type=x11
|
||||||
|
|
||||||
|
# pam_selinux.so open should only be followed by sessions to be executed in the user context
|
||||||
|
# session required pam_selinux.so open
|
||||||
|
# session required pam_namespace.so
|
||||||
|
# session optional pam_keyinit.so force revoke
|
||||||
|
# session include system-auth
|
||||||
|
# session include postlogin
|
||||||
|
-session optional pam_ck_connector.so
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
systemd.sockets.xpra-web = {
|
systemd.sockets.xpra-web = {
|
||||||
description = "Xpra Web Socket";
|
description = "Xpra Web Socket";
|
||||||
partOf = [ "xpra-web.service" ];
|
partOf = [ "xpra-web.service" ];
|
||||||
|
|
@ -32,9 +79,8 @@ in {
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "simple";
|
Type = "simple";
|
||||||
ExecStart = ''${xpra-web} proxy :14500 --daemon=no \
|
ExecStart = ''${xpra-web} proxy :14500 --daemon=no \
|
||||||
--socket-dirs=/run/xpra --socket-permissions=666 \
|
--tcp-auth=pam --auth=pam --bind=none \
|
||||||
--log-dir=/var/log --pidfile=/run/xpra/proxy.pid \
|
--log-dir=/var/log --pidfile=/run/xpra/proxy.pid --bind-tcp=:10000'';
|
||||||
--ws-auth=pam --auth=pam --tcp-auth=pam --bind-tcp=0.0.0.0:10000'';
|
|
||||||
Restart = "always";
|
Restart = "always";
|
||||||
# Security
|
# Security
|
||||||
NoNewPrivileges = true;
|
NoNewPrivileges = true;
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue