Remote Desktop

From NixOS Wiki
Revision as of 00:35, 20 September 2024 by Thepiratebae (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Software

Remote desktop software is split into two types: servers and clients. To access a computer remotely, it must have a server running, which usually is exposed to a port or set thereof. Access to that server can be gained using a client; many protocols, like RDP, are open to all clients willing to support them. Others require specific clients, so consult the documentation for whichever service you choose to use.

Server Protocols

  • VNC
  • XRDP

Clients

  • Apache Guacamole
  • freerdp
  • KRDC (KDE)
  • remmina
  • tightvnc and its forks tigervnc and turbovnc
  • x2goclient
  • GNOME Connections

Configuration

VNC

Most servers provide a vncserver command. Various servers provide configuration options either by CLI or by configuration file.

Desktop session

To start a desktop session or window manager, one currently has to do this manually because servers still have hard-coded paths to /usr/share/xsessions to look for .desktop files. That means one has to write a script that starts the desktop session, window manager, or any other X application.

Some servers will automatically run $HOME/.vnc/xstartup but the more secure option is to write an executable script and run vncserver -xstartup $pathToScript

An example script:

#!/usr/bin/env bash

# set some env variables
# start window manager
exec icewm

pathToScript can also be a path to an executable like ${pkgs.icewm}/bin/icewm

Tiger VNC

Nixpkgs has a package but no service. The server component can be started using the vncserver command. To connect, use the vncviewer command.

x2go

X2go client is packaged in nixos as x2goclient.

The server is installed by adding the following line:
services.x2goserver.enable = true;
to /etc/nixos/configuration.nix.

Guacamole

Guacamole-server and guacamole-client are in nixpkgs. Some details are in the package request.

RDP

NixOS has first-class support for XRDP. Client-wise, RDP can be accessed in many ways, but `remmina` and `freerdp` support it natively.

All of the options for the xrdp service can be viewed on the NixOS Options wiki, though an example setup inside of configuration.nix is provided below:

services.xserver.enable = true;
services.xserver.displayManager.sddm.enable = true;
services.xserver.desktopManager.plasma5.enable = true;

services.xrdp.enable = true;
services.xrdp.defaultWindowManager = "startplasma-x11";
services.xrdp.openFirewall = true;

(Source: Discourse Link, nixpkgs code)

A different window manager can be used for XRDP than a machine user, provided it has been enabled (through NixOS services or nixpkgs.

Make sure you log out the visual user first on the remote machine, otherwise you'll get a black screen. (Source: Reddit). You may be able to work around this by enabling and configuring Polkit, as demonstrated on that page.

GNOME

GNOME running in an XRDP shell in Remmina.

The XRDP defaultWindowManager setting to access a remote GNOME shell should be set to gnome-remote-desktop. Also ensure you include the package pkgs.gnome.gnome-remote-desktop in your configuration files and that you have a firewall port open for XRDP to communicate on (for the GNOME connections app, this is usually 3389).

If the above results in a black screen and disconnection after login, the following should work:

  services.xrdp.enable = true;
  services.xrdp.defaultWindowManager = "${pkgs.gnome.gnome-session}/bin/gnome-session";
  services.xrdp.openFirewall = true;

  # Disable the GNOME3/GDM auto-suspend feature that cannot be disabled in GUI!
  # If no user is logged in, the machine will power down after 20 minutes.
  systemd.targets.sleep.enable = false;
  systemd.targets.suspend.enable = false;
  systemd.targets.hibernate.enable = false;
  systemd.targets.hybrid-sleep.enable = false;

(Source: Discourse Link)

Meshcentral

Meshcentral is a self-hosted open source administration tool similar to teamviewer. It can be added with:

services.meshcentral.enable = true;

However, the agent (client) is not available. (Request)