# VNC Desktop Setup Web-accessible virtual desktop at `vnc.quinefoundation.com`, running TigerVNC + noVNC in a Podman container. ## First-time setup ### 1. Create the VNC password secret ```bash printf "VNC_PASSWORD=yourpassword\n" | nix run nixpkgs#age -- \ -r "$(cat /root/petersweb-infra/nixos/keys/mainframe.pub)" \ -o /root/petersweb-infra/nixos/secrets/vnc-password.age ``` ### 2. Create the nginx basic auth secret Generate an htpasswd entry (requires `apache2-utils` or `httpd-tools`): ```bash htpasswd -n admin # Enter password when prompted; copy the output line (e.g. admin:$apr1$...) ``` Encrypt it: ```bash printf "admin:\$apr1\$...\n" | nix run nixpkgs#age -- \ -r "$(cat /root/petersweb-infra/nixos/keys/mainframe.pub)" \ -o /root/petersweb-infra/nixos/secrets/vnc-htpasswd.age ``` ### 3. Build and push the container image ```bash cd nixos/vnc-desktop docker build -t forge.quinefoundation.com/ironmagma/vnc-desktop:latest . docker push forge.quinefoundation.com/ironmagma/vnc-desktop:latest ``` ### 4. Commit the new secrets and apply ```bash git add nixos/secrets/vnc-password.age nixos/secrets/vnc-htpasswd.age git commit -m "add vnc secrets" git push ./nixos/apply.sh ``` ## Accessing the desktop Visit `https://vnc.quinefoundation.com/vnc.html` in a browser. You'll be prompted for: 1. **HTTP basic auth** — the username/password from step 2 above 2. **VNC password** — the `VNC_PASSWORD` from step 1 above ## SSHing to the host from inside the container The host machine is reachable as `hetzner-host` from within the container, and the host's SSH keys are mounted read-only at `/root/host-ssh/`: ```bash ssh -i /root/host-ssh/id_rsa root@hetzner-host ```