69 lines
6.1 KiB
Cheetah
69 lines
6.1 KiB
Cheetah
{{- if (ne .host.distro.family "windows") -}}
|
|
#!/usr/bin/env bash
|
|
# @file VNC Setup
|
|
# @brief Ensures VNC is set-up if system packages are available.
|
|
# @description
|
|
# This script ensures VNC is setup and enabled. It will run on macOS always since macOS includes
|
|
# a VNC server baked into its system. On Linux, it will check for the presence of the `tightvncserver`
|
|
# package before configuring and enabling VNC.
|
|
#
|
|
# The script will set the VNC password using the `VNC_PASSWORD` environment variable or the encrypted
|
|
# equivalent stored in `home/.chezmoitemplates/secrets`. If neither are provided, then the default
|
|
# password will be equal to `vncpass` since the password must be between 6-8 characters long.
|
|
#
|
|
# Additionally, the `VNC_READ_PASSWORD` can be defined to allow read-only VNC sessions. The default password
|
|
# for a read-only session is `readonly`.
|
|
|
|
{{- includeTemplate "universal/profile" }}
|
|
{{- includeTemplate "universal/logg" }}
|
|
|
|
if [ -d /Applications ] && [ -d /System ]; then
|
|
# System is macOS
|
|
# Source: https://apple.stackexchange.com/questions/30238/how-to-enable-os-x-screen-sharing-vnc-through-ssh
|
|
# To disable, run: sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -configure -access -off
|
|
# Only enable when computer is not a corporate / work computer
|
|
logg info 'Enabling VNC using the VNC_PASSWORD variable which is vncpass when nothing is specified'
|
|
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -allowAccessFor -specifiedUsers -clientopts -setreqperm -reqperm yes -setvnclegacy -vnclegacy yes -setvncpw -vncpw "{{- if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "VNC_PASSWORD")) }}{{ includeTemplate "secrets/VNC_PASSWORD" | decrypt | trim }}{{ else }}{{ default "vncpass" (env "VNC_PASSWORD") }}{{ end }}" -restart -agent -privs -all -users "$USER"
|
|
else
|
|
# System is Linux
|
|
### VNC set-up / configuration
|
|
# KasmVNC / TigerVNC (or alternative VNC program) is installed
|
|
if command -v kasmvncpasswd > /dev/null; then
|
|
logg info 'Copying VNC configuration files from ~/.config/vnc/etc/kasmvnc/ to /etc/'
|
|
sudo cp -Rf "${XDG_CONFIG_HOME:-$HOME/.config}/vnc/etc/kasmvnc/" /etc/
|
|
logg info 'Adding VNC full-control password to ~/.config/vnc/kasmpasswd'
|
|
echo -e "{{- if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "VNC_PASSWORD")) }}{{ includeTemplate "secrets/VNC_PASSWORD" | decrypt | trim }}{{ else }}{{ default "vncpass" (env "VNC_PASSWORD") }}{{ end }}\n{{- if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "VNC_PASSWORD")) }}{{ includeTemplate "secrets/VNC_PASSWORD" | decrypt | trim }}{{ else }}{{ default "vncpass" (env "VNC_PASSWORD") }}{{ end }}" | kasmvncpasswd -u {{ .user.name }} -rwo
|
|
logg info 'Adding VNC read-only password to ~/.config/vnc/kasmpasswd for user readonly'
|
|
echo -e "{{- if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "VNC_READ_PASSWORD")) }}{{ includeTemplate "secrets/VNC_READ_PASSWORD" | decrypt | trim }}{{ else }}{{ default "readonly" (env "VNC_READ_PASSWORD") }}{{ end }}\n{{- if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "VNC_READ_PASSWORD")) }}{{ includeTemplate "secrets/VNC_READ_PASSWORD" | decrypt | trim }}{{ else }}{{ default "readonly" (env "VNC_READ_PASSWORD") }}{{ end }}" | kasmvncpasswd -u guest -r
|
|
logg info 'Reloading the systemctl configuration files since a new one for VNC may have been added'
|
|
sudo systemctl daemon-reload
|
|
logg info 'Enabling / starting the VNC service for the current user / display 1'
|
|
sudo systemctl start vncserver@1
|
|
sudo systemctl enable vncserver@1
|
|
if command -v update-alternatives > /dev/null; then
|
|
update-alternatives --set vncserver "$(which kasmvncserver)"
|
|
update-alternatives --set vncpasswd "$(which kasmvncpasswd)"
|
|
update-alternatives --set Xvnc "$(which Xkasmvnc)"
|
|
update-alternatives --set vncconfig "$(which kasmvncconfig)"
|
|
fi
|
|
fi
|
|
if command -v tigervncpasswd > /dev/null; then
|
|
if [ ! -d "${XDG_CONFIG_HOME:-$HOME/.config}/vnc" ]; then
|
|
mkdir -p "${XDG_CONFIG_HOME:-$HOME/.config}/vnc"
|
|
fi
|
|
logg info 'Copying VNC configuration files from ~/.config/vnc/etc/tigervnc/ to /etc/'
|
|
sudo cp -Rf "${XDG_CONFIG_HOME:-$HOME/.config}/vnc/etc/tigervnc/" /etc/
|
|
logg info 'Adding VNC full-control password to ~/.config/vnc/passwd'
|
|
echo -n "{{- if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "VNC_PASSWORD")) }}{{ includeTemplate "secrets/VNC_PASSWORD" | decrypt | trim }}{{ else }}{{ default "vncpass" (env "VNC_PASSWORD") }}{{ end }}" | tigervncpasswd -f > "${XDG_CONFIG_HOME:-$HOME/.config}/vnc/passwd"
|
|
logg info 'Adding VNC read-only password to ~/.config/vnc/passwd'
|
|
echo -n "{{- if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "VNC_READ_PASSWORD")) }}{{ includeTemplate "secrets/VNC_READ_PASSWORD" | decrypt | trim }}{{ else }}{{ default "readonly" (env "VNC_READ_PASSWORD") }}{{ end }}" | tigervncpasswd -f >> "${XDG_CONFIG_HOME:-$HOME/.config}/vnc/passwd"
|
|
logg info 'Reloading the systemctl configuration files since a new one for VNC may have been added'
|
|
sudo systemctl daemon-reload
|
|
logg info 'Enabling / starting the VNC service for the current user / display 1'
|
|
sudo systemctl start vncserver@1
|
|
sudo systemctl enable vncserver@1
|
|
else
|
|
logg info 'Skipping VNC setup since the tightvncserver package is not present on the system'
|
|
fi
|
|
fi
|
|
{{ end -}}
|