petersweb-infra/nixos/vnc-desktop/start.sh
Philip Peterson c51352e6fe fix riverside DNS, VNC stale lock, and pids limit
- firewall.nix: allow DNS (UDP/TCP 53) from all podman bridge networks
  (10.89.0.0/16); NixOS only auto-adds a rule for podman0 but docker-compose
  arion stacks land on podman1/2/3 where container DNS was silently blocked
- vnc-desktop/start.sh: rm stale /tmp/.X1-lock on container start so
  container restarts don't leave Xvnc unable to bind display :1
- linux.nix: TasksMax=infinity on arion-vnc-desktop so the systemd cgroup
  doesn't cap KDE Plasma's thread count below the container pids limit
- arion-riverside/arion-compose.nix: add ADMIN_PASS env var required by
  the riverside entrypoint

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-25 19:36:36 -08:00

31 lines
737 B
Bash

#!/bin/bash
set -e
mkdir -p /root/.vnc /root/.ssh
chmod 700 /root/.ssh
# Clean up stale X lock files from previous container runs
rm -f /tmp/.X1-lock /tmp/.X11-unix/X1
# Set VNC password from environment
echo "${VNC_PASSWORD:?VNC_PASSWORD must be set}" | vncpasswd -f > /root/.vnc/passwd
chmod 600 /root/.vnc/passwd
# Start Xvnc (headless X server + VNC server in one)
Xvnc :1 \
-rfbport 5901 \
-SecurityTypes VncAuth \
-PasswordFile /root/.vnc/passwd \
-geometry 1280x800 \
-depth 24 \
-AlwaysShared \
&
export DISPLAY=:1
sleep 2
# Start KDE Plasma session
dbus-run-session -- startplasma-x11 &
# Serve noVNC web UI + bridge WebSocket -> VNC
exec websockify --web /usr/share/novnc 6080 localhost:5901