Add rdesktop container to nuc-server

2025-01-13 17:39:06 +01:00 · 2025-01-13 17:39:06 +01:00 · 59de7731d3
commit 59de7731d3
parent 3ebbc8c2d9
3 changed files with 73 additions and 0 deletions
--- a/nixos/containers/jared-rdesktop/default.nix
+++ b/nixos/containers/jared-rdesktop/default.nix
@ -0,0 +1,23 @@
+{ pkgs, desktop, username, ... }: {
+  imports = [
+    ../../users/${username}
+    ../../common/desktops/${desktop}
+    ../../common/packages
+    ../../common/modules/fonts.nix
+    ../../common/software/cli/scripts.nix
+  ];
+
+  hardware.pulseaudio.extraModules = [ pkgs.pulseaudio-module-xrdp ];
+
+  services.xrdp = {
+    enable = true;
+    openFirewall = true;
+    audio = {
+      enable = true;
+      package = pkgs.pulseaudio-module-xrdp;
+    };
+  };
+  environment.systemPackages = with pkgs; [
+    signal-desktop
+  ];
+}
--- a/nixos/containers/jared-rdesktop/mounts.nix
+++ b/nixos/containers/jared-rdesktop/mounts.nix
@ -0,0 +1,20 @@
+{
+  "/etc/nixos/git" = {
+    hostPath = "/etc/nixos/git";
+    mountPoint = "/etc/nixos/git";
+    isReadOnly = false;
+  };
+  "/shared" = {
+    hostPath = "/Storage/Data/Docker/sysctl.io/guacamole/guacd/shared";
+    mountPoint = "/shared";
+    isReadOnly = false;
+  };
+  "/home/albert/.ssh/id_ed25519" = {
+    mountPoint = "/home/albert/.ssh/id_ed25519";
+    isReadOnly = true;
+  };
+  "/home/albert/.ssh/id_ed25519.pub"  = {
+    mountPoint = "/home/albert/.ssh/id_ed25519.pub";
+    isReadOnly = true;
+  };
+}
--- a/nixos/hosts/nuc-server/containers.nix
+++ b/nixos/hosts/nuc-server/containers.nix
@ -0,0 +1,30 @@
+{ lib, self, inputs, outputs, stateVersion, hmStateVersion, ... }:
+let 
+  libx = import ../../../lib { inherit lib self inputs outputs stateVersion hmStateVersion; };
+in {
+
+  containers = {
+    rdesktop = libx.mkContainer { hostname = "jared-rdesktop"; ip = "2"; unfree = true; desktop = "gnome"; };
+  };
+
+  # Networking config
+  networking.bridges.nix-br0.interfaces = [];
+
+  # Add an IP address to the bridge interface.
+  networking.localCommands = ''ip address add 192.168.2.1/24 dev nix-br0'';
+
+  # Firewall commands allowing traffic to go in and out of the bridge interface
+  # (and to the guest LXD instance).  Also sets up the actual NAT masquerade rule.
+  networking.firewall.extraCommands = ''
+    iptables -A INPUT -i nix-br0  -j ACCEPT
+
+    # These three technically aren't needed, since by default the FORWARD and
+    # OUTPUT firewalls accept everything everything, but lets keep them in just
+    # in case.
+    iptables -A FORWARD -o nix-br0  -j ACCEPT
+    iptables -A FORWARD -i nix-br0  -j ACCEPT
+    iptables -A OUTPUT  -o nix-br0  -j ACCEPT
+
+    iptables -t nat -A POSTROUTING -s 192.168.2.0/24 ! -d 192.168.2.0/24 -j MASQUERADE
+  '';
+}