Remote Desktop

From NixOS Wiki
Jump to: navigation, search

Software

Remote desktop software is split into two types: servers and clients. To access a computer remotely, it must have a server running, which usually is exposed to a port or set thereof. Access to that server can be gained using a client; many protocols, like RDP, are open to all clients willing to support them. Others require specific clients, so consult the documentation for whichever service you choose to use.

Server Protocols

  • VNC
  • XRDP

Clients

  • Apache Guacamole
  • freerdp
  • KRDC (KDE)
  • remmina
  • tightvnc and its forks tigervnc and turbovnc
  • x2goclient
  • GNOME Connections

Configuration

VNC

Most servers provide a vncserver command. Various servers provide configuration options either by CLI or by configuration file.

Desktop session

To start a desktop session or window manager, one currently has to do this manually because servers still have hard-coded paths to /usr/share/xsessions to look for .desktop files. That means one has to write a script that starts the desktop session, window manager, or any other X application.

Some servers will automatically run $HOME/.vnc/xstartup but the more secure option is to write an executable script and run vncserver -xstartup $pathToScript

An example script:

#!/usr/bin/env bash

# set some env variables
# start window manager
exec icewm

pathToScript can also be a path to an executable like ${pkgs.icewm}/bin/icewm

Tiger VNC

Nixpkgs has a package but no service. The server component can be started using the vncserver command. To connect, use the vncviewer command.

x2go

X2go client is packaged in nixos as x2goclient.

The server is installed by adding the following line:
services.x2goserver.enable = true;
to /etc/nixos/configuration.nix.

Guacamole

Guacamole-server and guacamole-client are in nixpkgs. Some details are in the package request.

RDP

NixOS has first-class support for XRDP. Client-wise, RDP can be accessed in many ways, but `remmina` and `freerdp` support it natively.

All of the options for the xrdp service can be viewed on the NixOS Options wiki, though an example setup inside of configuration.nix is provided below:

services.xserver.enable = true;
services.xserver.displayManager.sddm.enable = true;
services.xserver.desktopManager.plasma5.enable = true;

services.xrdp.enable = true;
services.xrdp.defaultWindowManager = "startplasma-x11";
services.xrdp.openFirewall = true;

(Source: Discourse Link, nixpkgs code)

A different window manager can be used for XRDP than a machine user, provided it has been enabled (through NixOS services or nixpkgs.

Make sure you log out the visual user first on the remote machine, otherwise you'll get a black screen. (Source: Reddit). You may be able to work around this by enabling and configuring Polkit, as demonstrated on that page.

GNOME

GNOME running in an XRDP shell in Remmina.

You can connect to a remote GNOME desktop on NixOS using two primary methods: a general XRDP session or GNOME's native Remote Desktop feature.

Using XRDP

For modern versions of GNOME (46 and newer), XRDP requires integration with the `gnome-remote-desktop` backend. The recommended configuration involves setting the `defaultWindowManager` to `gnome-session`, which launches a Wayland-based session.

Ensure that automatic login is disabled to prevent conflicts with the RDP session.

services.xrdp.enable = true;

# Use the GNOME Wayland session
services.xrdp.defaultWindowManager = "${pkgs.gnome-session}/bin/gnome-session";

# XRDP needs the GNOME remote desktop backend to function
services.gnome.gnome-remote-desktop.enable = true;

# Open the default RDP port (3389)
services.xrdp.openFirewall = true;

# Disable autologin to avoid session conflicts
services.displayManager.autoLogin.enable = false;
services.getty.autologinUser = null;

Using Native GNOME RDP

This method enables the built-in "Remote Desktop" panel within GNOME's Settings application, allowing you to manage RDP access directly from the desktop environment.

Simply enabling the service (`services.gnome.gnome-remote-desktop.enable = true;`) is not enough, as it doesn't automatically start the required systemd user service at boot. You must also explicitly configure the service to start with the graphical target.

# Enable the GNOME RDP components
services.gnome.gnome-remote-desktop.enable = true;

# Ensure the service starts automatically at boot so the settings panel appears
systemd.services.gnome-remote-desktop = {
  wantedBy = [ "graphical.target" ];
};

# Open the default RDP port (3389)
networking.firewall.allowedTCPPorts = [ 3389 ];

# Disable autologin to avoid session conflicts
services.displayManager.autoLogin.enable = false;
services.getty.autologinUser = null;

Preventing Automatic Suspend

For any remote desktop server, it's crucial to disable automatic suspend features, which can activate if no local user is logged in and cause the machine to go offline.

# Disable systemd targets for sleep and hibernation
systemd.targets.sleep.enable = false;
systemd.targets.suspend.enable = false;
systemd.targets.hibernate.enable = false;
systemd.targets.hybrid-sleep.enable = false;

Meshcentral

Meshcentral is a self-hosted open source administration tool similar to teamviewer. It can be added with:

services.meshcentral.enable = true;

However, the agent (client) is not available. (Request)