petersweb-infra/nixos/README_VNC.md
Philip Peterson 6d27c40759 add VNC setup README
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-25 17:15:30 -08:00

1.7 KiB

VNC Desktop Setup

Web-accessible virtual desktop at vnc.quinefoundation.com, running TigerVNC + noVNC in a Podman container.

First-time setup

1. Create the VNC password secret

printf "VNC_PASSWORD=yourpassword\n" | nix run nixpkgs#age -- \
  -r "$(cat /root/petersweb-infra/nixos/keys/mainframe.pub)" \
  -o /root/petersweb-infra/nixos/secrets/vnc-password.age

2. Create the nginx basic auth secret

Generate an htpasswd entry (requires apache2-utils or httpd-tools):

htpasswd -n admin
# Enter password when prompted; copy the output line (e.g. admin:$apr1$...)

Encrypt it:

printf "admin:\$apr1\$...\n" | nix run nixpkgs#age -- \
  -r "$(cat /root/petersweb-infra/nixos/keys/mainframe.pub)" \
  -o /root/petersweb-infra/nixos/secrets/vnc-htpasswd.age

3. Build and push the container image

cd nixos/vnc-desktop
docker build -t forge.quinefoundation.com/ironmagma/vnc-desktop:latest .
docker push forge.quinefoundation.com/ironmagma/vnc-desktop:latest

4. Commit the new secrets and apply

git add nixos/secrets/vnc-password.age nixos/secrets/vnc-htpasswd.age
git commit -m "add vnc secrets"
git push
./nixos/apply.sh

Accessing the desktop

Visit https://vnc.quinefoundation.com/vnc.html in a browser. You'll be prompted for:

  1. HTTP basic auth — the username/password from step 2 above
  2. VNC password — the VNC_PASSWORD from step 1 above

SSHing to the host from inside the container

The host machine is reachable as hetzner-host from within the container, and the host's SSH keys are mounted read-only at /root/host-ssh/:

ssh -i /root/host-ssh/id_rsa root@hetzner-host