nixos/xrdp: add audio.enable option
Signed-off-by: lucasew <lucas59356@gmail.com>
This commit is contained in:
parent
4a45704d34
commit
44ae5fe211
|
@ -4,14 +4,17 @@ with lib;
|
|||
|
||||
let
|
||||
cfg = config.services.xrdp;
|
||||
confDir = pkgs.runCommand "xrdp.conf" { preferLocalBuild = true; } ''
|
||||
mkdir $out
|
||||
|
||||
cp ${cfg.package}/etc/xrdp/{km-*,xrdp,sesman,xrdp_keyboard}.ini $out
|
||||
confDir = pkgs.runCommand "xrdp.conf" { preferLocalBuild = true; } ''
|
||||
mkdir -p $out
|
||||
|
||||
cp -r ${cfg.package}/etc/xrdp/* $out
|
||||
chmod -R +w $out
|
||||
|
||||
cat > $out/startwm.sh <<EOF
|
||||
#!/bin/sh
|
||||
. /etc/profile
|
||||
${lib.optionalString cfg.audio.enable "${cfg.audio.package}/libexec/pulsaudio-xrdp-module/pulseaudio_xrdp_init"}
|
||||
${cfg.defaultWindowManager}
|
||||
EOF
|
||||
chmod +x $out/startwm.sh
|
||||
|
@ -25,13 +28,17 @@ let
|
|||
|
||||
substituteInPlace $out/sesman.ini \
|
||||
--replace LogFile=xrdp-sesman.log LogFile=/dev/null \
|
||||
--replace EnableSyslog=1 EnableSyslog=0
|
||||
--replace EnableSyslog=1 EnableSyslog=0 \
|
||||
--replace startwm.sh $out/startwm.sh \
|
||||
--replace reconnectwm.sh $out/reconnectwm.sh \
|
||||
|
||||
# Ensure that clipboard works for non-ASCII characters
|
||||
sed -i -e '/.*SessionVariables.*/ a\
|
||||
LANG=${config.i18n.defaultLocale}\
|
||||
LOCALE_ARCHIVE=${config.i18n.glibcLocales}/lib/locale/locale-archive
|
||||
' $out/sesman.ini
|
||||
|
||||
${cfg.extraConfDirCommands}
|
||||
'';
|
||||
in
|
||||
{
|
||||
|
@ -44,7 +51,12 @@ in
|
|||
|
||||
enable = mkEnableOption (lib.mdDoc "xrdp, the Remote Desktop Protocol server");
|
||||
|
||||
package = mkPackageOption pkgs "xrdp" { };
|
||||
package = mkPackageOptionMD pkgs "xrdp" { };
|
||||
|
||||
audio = {
|
||||
enable = mkEnableOption (lib.mdDoc "audio support for xrdp sessions. So far it only works with PulseAudio sessions on the server side. No PipeWire support yet");
|
||||
package = mkPackageOptionMD pkgs "pulseaudio-module-xrdp" {};
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
|
@ -93,16 +105,40 @@ in
|
|||
confDir = mkOption {
|
||||
type = types.path;
|
||||
default = confDir;
|
||||
defaultText = literalMD "generated from configuration";
|
||||
description = lib.mdDoc "The location of the config files for xrdp.";
|
||||
};
|
||||
};
|
||||
internal = true;
|
||||
description = lib.mdDoc ''
|
||||
Configuration directory of xrdp and sesman.
|
||||
|
||||
Changes to this must be made through extraConfDirCommands.
|
||||
'';
|
||||
readOnly = true;
|
||||
};
|
||||
|
||||
extraConfDirCommands = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = lib.mdDoc ''
|
||||
Extra commands to run on the default confDir derivation.
|
||||
'';
|
||||
example = ''
|
||||
substituteInPlace $out/sesman.ini \
|
||||
--replace LogLevel=INFO LogLevel=DEBUG \
|
||||
--replace LogFile=/dev/null LogFile=/var/log/xrdp.log
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
config = lib.mkMerge [
|
||||
(mkIf cfg.audio.enable {
|
||||
environment.systemPackages = [ cfg.audio.package ]; # needed for autostart
|
||||
|
||||
hardware.pulseaudio.extraModules = [ cfg.audio.package ];
|
||||
})
|
||||
|
||||
(mkIf cfg.enable {
|
||||
|
||||
networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ];
|
||||
|
||||
|
@ -116,6 +152,8 @@ in
|
|||
|
||||
fonts.enableDefaultPackages = mkDefault true;
|
||||
|
||||
environment.etc."xrdp".source = "${confDir}/*";
|
||||
|
||||
systemd = {
|
||||
services.xrdp = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
@ -132,7 +170,7 @@ in
|
|||
if [ ! -s ${cfg.sslCert} -o ! -s ${cfg.sslKey} ]; then
|
||||
mkdir -p $(dirname ${cfg.sslCert}) || true
|
||||
mkdir -p $(dirname ${cfg.sslKey}) || true
|
||||
${pkgs.openssl.bin}/bin/openssl req -x509 -newkey rsa:2048 -sha256 -nodes -days 365 \
|
||||
${lib.getExe pkgs.openssl} req -x509 -newkey rsa:2048 -sha256 -nodes -days 365 \
|
||||
-subj /C=US/ST=CA/L=Sunnyvale/O=xrdp/CN=www.xrdp.org \
|
||||
-config ${cfg.package}/share/xrdp/openssl.conf \
|
||||
-keyout ${cfg.sslKey} -out ${cfg.sslCert}
|
||||
|
@ -141,14 +179,14 @@ in
|
|||
fi
|
||||
if [ ! -s /run/xrdp/rsakeys.ini ]; then
|
||||
mkdir -p /run/xrdp
|
||||
${cfg.package}/bin/xrdp-keygen xrdp /run/xrdp/rsakeys.ini
|
||||
${pkgs.xrdp}/bin/xrdp-keygen xrdp /run/xrdp/rsakeys.ini
|
||||
fi
|
||||
'';
|
||||
serviceConfig = {
|
||||
User = "xrdp";
|
||||
Group = "xrdp";
|
||||
PermissionsStartOnly = true;
|
||||
ExecStart = "${cfg.package}/bin/xrdp --nodaemon --port ${toString cfg.port} --config ${cfg.confDir}/xrdp.ini";
|
||||
ExecStart = "${pkgs.xrdp}/bin/xrdp --nodaemon --port ${toString cfg.port} --config ${confDir}/xrdp.ini";
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -158,7 +196,7 @@ in
|
|||
description = "xrdp session manager";
|
||||
restartIfChanged = false; # do not restart on "nixos-rebuild switch". like "display-manager", it can have many interactive programs as children
|
||||
serviceConfig = {
|
||||
ExecStart = "${cfg.package}/bin/xrdp-sesman --nodaemon --config ${cfg.confDir}/sesman.ini";
|
||||
ExecStart = "${pkgs.xrdp}/bin/xrdp-sesman --nodaemon --config ${confDir}/sesman.ini";
|
||||
ExecStop = "${pkgs.coreutils}/bin/kill -INT $MAINPID";
|
||||
};
|
||||
};
|
||||
|
@ -172,7 +210,12 @@ in
|
|||
};
|
||||
users.groups.xrdp = {};
|
||||
|
||||
security.pam.services.xrdp-sesman = { allowNullPassword = true; startSession = true; };
|
||||
security.pam.services.xrdp-sesman = {
|
||||
allowNullPassword = true;
|
||||
startSession = true;
|
||||
};
|
||||
|
||||
})
|
||||
];
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user