Next: , Previous: , Up: Services   [Contents][Index]


11.10.23 VNC Services

The (gnu services vnc) module provides services related to Virtual Network Computing (VNC), which makes it possible to locally use graphical Xorg applications running on a remote machine. Combined with a graphical manager that supports the X Display Manager Control Protocol, such as GDM (see gdm) or LightDM (see lightdm), it is possible to remote an entire desktop for a multi-user environment.

Xvnc

Xvnc is a VNC server that spawns its own X window server; which means it can run on headless servers. The Xvnc implementations provided by the tigervnc-server and turbovnc aim to be fast and efficient.

Variable: xvnc-service-type

The xvnc-service-type service can be configured via the xvnc-configuration record, documented below. A second virtual display could be made available on a remote machine via the following configuration:

(service xvnc-service-type
         (xvnc-configuration (display-number 10)))

As a demonstration, the xclock command could then be started on the remote machine on display number 10, and it could be displayed locally via the vncviewer command:

# Start xclock on the remote machine.
ssh -L5910:localhost:5910 your-host -- guix shell xclock \
    -- env DISPLAY=:10 xclock
# Access it via VNC.
guix shell tigervnc-client -- vncviewer localhost:5910

The following configuration combines XDMCP and Inetd to allow multiple users to concurrently use the remote system and login graphically via the GDM display manager:

(operating-system
  [...]
  (services (cons*
             [...]
             (service xvnc-service-type (xvnc-configuration
                                         (display-number 5)
                                         (localhost? #f)
                                         (xdmcp? #t)
                                         (inetd? #t)))
             (modify-services %desktop-services
               (gdm-service-type config => (gdm-configuration
                                            (inherit config)
                                            (auto-suspend? #f)
                                            (xdmcp? #t)))))))

A remote user could then connect to it by using the vncviewer command or a compatible VNC client and start a desktop session of their choosing:

vncviewer remote-host:5905

Warning: Unless your machine is in a controlled environment, for security reasons, the localhost? configuration of the xvnc-configuration record should be left to its default #t value and exposed via a secure means such as an SSH port forward. The XDMCP port, UDP 177 should also be blocked from the outside by a firewall, as it is not a secure protocol and can expose login credentials in clear.

Data Type: xvnc-configuration

Available xvnc-configuration fields are:

xvnc (default: tigervnc-server) (type: file-like)

The package that provides the Xvnc binary.

display-number (default: 0) (type: number)

The display number used by Xvnc. You should set this to a number not already used a Xorg server.

geometry (default: "1024x768") (type: string)

The size of the desktop to be created.

depth (default: 24) (type: color-depth)

The pixel depth in bits of the desktop to be created. Accepted values are 16, 24 or 32.

port (type: maybe-port)

The port on which to listen for connections from viewers. When left unspecified, it defaults to 5900 plus the display number.

ipv4? (default: #t) (type: boolean)

Use IPv4 for incoming and outgoing connections.

ipv6? (default: #t) (type: boolean)

Use IPv6 for incoming and outgoing connections.

password-file (type: maybe-string)

The password file to use, if any. Refer to vncpasswd(1) to learn how to generate such a file.

xdmcp? (default: #f) (type: boolean)

Query the XDMCP server for a session. This enables users to log in a desktop session from the login manager screen. For a multiple users scenario, you’ll want to enable the inetd? option as well, so that each connection to the VNC server is handled separately rather than shared.

inetd? (default: #f) (type: boolean)

Use an Inetd-style service, which runs the Xvnc server on demand.

frame-rate (default: 60) (type: number)

The maximum number of updates per second sent to each client.

security-types (default: '("None")) (type: security-types)

The allowed security schemes to use for incoming connections. The default is "None", which is safe given that Xvnc is configured to authenticate the user via the display manager, and only for local connections. Accepted values are any of the following: ("None" "VncAuth" "Plain" "TLSNone" "TLSVnc" "TLSPlain" "X509None" "X509Vnc")

localhost? (default: #t) (type: boolean)

Only allow connections from the same machine. It is set to #true by default for security, which means SSH or another secure means should be used to expose the remote port.

log-level (default: 30) (type: log-level)

The log level, a number between 0 and 100, 100 meaning most verbose output. The log messages are output to syslog.

extra-options (default: '()) (type: strings)

This can be used to provide extra Xvnc options not exposed via this <xvnc-configuration> record.


Next: VPN Services, Previous: DNS Services, Up: Services   [Contents][Index]