vuls: init at 0.27.0
[NixPkgs.git] / nixos / modules / services / networking / x2goserver.nix
blobe46a493924ef72c2ce553f426718e5214b7a72d4
1 { config, lib, pkgs, ... }:
3 with lib;
5 let
6   cfg = config.services.x2goserver;
8   defaults = {
9     superenicer = { enable = cfg.superenicer.enable; };
10   };
11   confText = generators.toINI {} (recursiveUpdate defaults cfg.settings);
12   x2goServerConf = pkgs.writeText "x2goserver.conf" confText;
14   x2goAgentOptions = pkgs.writeText "x2goagent.options" ''
15     X2GO_NXOPTIONS=""
16     X2GO_NXAGENT_DEFAULT_OPTIONS="${concatStringsSep " " cfg.nxagentDefaultOptions}"
17   '';
19 in {
20   imports = [
21     (mkRenamedOptionModule [ "programs" "x2goserver" ] [ "services" "x2goserver" ])
22   ];
24   options.services.x2goserver = {
25     enable = mkEnableOption "x2goserver" // {
26       description = ''
27         Enables the x2goserver module.
28         NOTE: This will create a good amount of symlinks in `/usr/local/bin`
29       '';
30     };
32     superenicer = {
33       enable = mkEnableOption "superenicer" // {
34         description = ''
35           Enables the SupeReNicer code in x2gocleansessions, this will renice
36           suspended sessions to nice level 19 and renice them to level 0 if the
37           session becomes marked as running again
38         '';
39       };
40     };
42     nxagentDefaultOptions = mkOption {
43       type = types.listOf types.str;
44       default = [ "-extension GLX" "-nolisten tcp" ];
45       description = ''
46         List of default nx agent options.
47       '';
48     };
50     settings = mkOption {
51       type = types.attrsOf types.attrs;
52       default = {};
53       description = ''
54         x2goserver.conf ini configuration as nix attributes. See
55         `x2goserver.conf(5)` for details
56       '';
57       example = literalExpression ''
58         {
59           superenicer = {
60             "enable" = "yes";
61             "idle-nice-level" = 19;
62           };
63           telekinesis = { "enable" = "no"; };
64         }
65       '';
66     };
67   };
69   config = mkIf cfg.enable {
71     # x2goserver can run X11 program even if "services.xserver.enable = false"
72     xdg = {
73       autostart.enable = true;
74       menus.enable = true;
75       mime.enable = true;
76       icons.enable = true;
77     };
79     environment.systemPackages = [ pkgs.x2goserver ];
81     users.groups.x2go = {};
82     users.users.x2go = {
83       home = "/var/lib/x2go/db";
84       group = "x2go";
85       isSystemUser = true;
86     };
88     security.wrappers.x2gosqliteWrapper = {
89       source = "${pkgs.x2goserver}/lib/x2go/libx2go-server-db-sqlite3-wrapper.pl";
90       owner = "x2go";
91       group = "x2go";
92       setuid = false;
93       setgid = true;
94     };
95     security.wrappers.x2goprintWrapper = {
96       source = "${pkgs.x2goserver}/bin/x2goprint";
97       owner = "x2go";
98       group = "x2go";
99       setuid = false;
100       setgid = true;
101     };
103     systemd.tmpfiles.rules = with pkgs; [
104       "d /var/lib/x2go/ - x2go x2go - -"
105       "d /var/lib/x2go/db - x2go x2go - -"
106       "d /var/lib/x2go/conf - x2go x2go - -"
107       "d /run/x2go 0755 x2go x2go - -"
108     ] ++
109     # x2goclient sends SSH commands with preset PATH set to
110     # "/usr/local/bin;/usr/bin;/bin". Since we cannot filter arbitrary ssh
111     # commands, we have to make the following executables available.
112     map (f: "L+ /usr/local/bin/${f} - - - - ${x2goserver}/bin/${f}") [
113       "x2goagent" "x2gobasepath" "x2gocleansessions" "x2gocmdexitmessage"
114       "x2godbadmin" "x2gofeature" "x2gofeaturelist" "x2gofm" "x2gogetapps"
115       "x2gogetservers" "x2golistdesktops" "x2golistmounts" "x2golistsessions"
116       "x2golistsessions_root" "x2golistshadowsessions" "x2gomountdirs"
117       "x2gopath" "x2goprint" "x2goresume-desktopsharing" "x2goresume-session"
118       "x2goruncommand" "x2goserver-run-extensions" "x2gosessionlimit"
119       "x2gosetkeyboard" "x2goshowblocks" "x2gostartagent"
120       "x2gosuspend-desktopsharing" "x2gosuspend-session"
121       "x2goterminate-desktopsharing" "x2goterminate-session"
122       "x2goumount-session" "x2goversion"
123     ] ++ [
124       "L+ /usr/local/bin/awk - - - - ${gawk}/bin/awk"
125       "L+ /usr/local/bin/chmod - - - - ${coreutils}/bin/chmod"
126       "L+ /usr/local/bin/cp - - - - ${coreutils}/bin/cp"
127       "L+ /usr/local/bin/sed - - - - ${gnused}/bin/sed"
128       "L+ /usr/local/bin/setsid - - - - ${util-linux}/bin/setsid"
129       "L+ /usr/local/bin/xrandr - - - - ${xorg.xrandr}/bin/xrandr"
130       "L+ /usr/local/bin/xmodmap - - - - ${xorg.xmodmap}/bin/xmodmap"
131     ];
133     systemd.services.x2goserver = {
134       description = "X2Go Server Daemon";
135       wantedBy = [ "multi-user.target" ];
136       unitConfig.Documentation = "man:x2goserver.conf(5)";
137       serviceConfig = {
138         Type = "forking";
139         ExecStart = "${pkgs.x2goserver}/bin/x2gocleansessions";
140         PIDFile = "/run/x2go/x2goserver.pid";
141         User = "x2go";
142         Group = "x2go";
143         RuntimeDirectory = "x2go";
144         StateDirectory = "x2go";
145       };
146       preStart = ''
147         if [ ! -e /var/lib/x2go/setup_ran ]
148         then
149           mkdir -p /var/lib/x2go/conf
150           cp -r ${pkgs.x2goserver}/etc/x2go/* /var/lib/x2go/conf/
151           ln -sf ${x2goServerConf} /var/lib/x2go/conf/x2goserver.conf
152           ln -sf ${x2goAgentOptions} /var/lib/x2go/conf/x2goagent.options
153           ${pkgs.x2goserver}/bin/x2godbadmin --createdb
154           touch /var/lib/x2go/setup_ran
155         fi
156       '';
157     };
159     # https://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=276
160     security.sudo.extraConfig = ''
161       Defaults  env_keep+=QT_GRAPHICSSYSTEM
162     '';
163     security.sudo-rs.extraConfig = ''
164       Defaults  env_keep+=QT_GRAPHICSSYSTEM
165     '';
166   };