Next: VPN Services, Previous: DNS Services, Up: Services [Contents][Index]
The (gnu services vnc) module provides services related to
Virtual Network Computing (VNC), which makes it possible to
locally use graphical Xorg applications running on a remote machine.
Combined with a graphical manager that supports the X Display
Manager Control Protocol, such as GDM (see gdm) or LightDM
(see lightdm), it is possible to remote an entire desktop for a
multi-user environment.
Xvnc is a VNC server that spawns its own X window server; which means it
can run on headless servers. The Xvnc implementations provided by the
tigervnc-server and turbovnc aim to be fast and efficient.
The xvnc-server-type service can be configured via the
xvnc-configuration record, documented below. A second virtual
display could be made available on a remote machine via the
following configuration:
(service xvnc-service-type
(xvnc-configuration (display-number 10)))
As a demonstration, the xclock command could then be started
on the remote machine on display number 10, and it could be displayed
locally via the vncviewer command:
# Start xclock on the remote machine. ssh -L5910:localhost:5910 -- guix shell xclock -- env DISPLAY=:10 xclock # Access it via VNC. guix shell tigervnc-client -- vncviewer localhost:5910
The following configuration combines XDMCP and Inetd to allow multiple users to concurrently use the remote system, login in graphically via the GDM display manager:
(operating-system
[...]
(services (cons*
[...]
(service xvnc-service-type (xvnc-configuration
(display-number 5)
(localhost? #f)
(xdmcp? #t)
(inetd? #t)))
(modify-services %desktop-services
(gdm-service-type config => (gdm-configuration
(inherit config)
(auto-suspend? #f)
(xdmcp? #t)))))))
A remote user could then connect to it by using the vncviewer
command or a compatible VNC client and start a desktop session of their
choosing:
vncviewer remote-host:5905
Warning: Unless your machine is in a controlled environment, for security reasons, the
localhost?configuration of thexvnc-configurationrecord should be left to its default#tvalue and exposed via a secure means such as an SSH port forward. The XDMCP port, UDP 177 should also be blocked from the outside by a firewall, as it is not a secure protocol and can expose login credentials in clear.
Available xvnc-configuration fields are:
xvnc (default: tigervnc-server) (type: file-like)The package that provides the Xvnc binary.
display-number (default: 0) (type: number)The display number used by Xvnc. You should set this to a number not already used a Xorg server.
geometry (default: "1024x768") (type: string)The size of the desktop to be created.
depth (default: 24) (type: color-depth)The pixel depth in bits of the desktop to be created. Accepted values are 16, 24 or 32.
port (type: maybe-port)The port on which to listen for connections from viewers. When left unspecified, it defaults to 5900 plus the display number.
ipv4? (default: #t) (type: boolean)Use IPv4 for incoming and outgoing connections.
ipv6? (default: #t) (type: boolean)Use IPv6 for incoming and outgoing connections.
password-file (type: maybe-string)The password file to use, if any. Refer to vncpasswd(1) to learn how to generate such a file.
xdmcp? (default: #f) (type: boolean)Query the XDMCP server for a session. This enables users to log in a
desktop session from the login manager screen. For a multiple users
scenario, you’ll want to enable the inetd? option as well, so
that each connection to the VNC server is handled separately rather than
shared.
inetd? (default: #f) (type: boolean)Use an Inetd-style service, which runs the Xvnc server on demand.
frame-rate (default: 60) (type: number)The maximum number of updates per second sent to each client.
security-types (default: ("None")) (type: security-types)The allowed security schemes to use for incoming connections. The default is "None", which is safe given that Xvnc is configured to authenticate the user via the display manager, and only for local connections. Accepted values are any of the following: ("None" "VncAuth" "Plain" "TLSNone" "TLSVnc" "TLSPlain" "X509None" "X509Vnc")
localhost? (default: #t) (type: boolean)Only allow connections from the same machine. It is set to #true by default for security, which means SSH or another secure means should be used to expose the remote port.
log-level (default: 30) (type: log-level)The log level, a number between 0 and 100, 100 meaning most verbose output. The log messages are output to syslog.
extra-options (default: ()) (type: strings)This can be used to provide extra Xvnc options not exposed via this <xvnc-configuration> record.
Next: VPN Services, Previous: DNS Services, Up: Services [Contents][Index]