You can assume I have SSH connection to my headless NixOS - which is practically the same as having LAN access to it (i.e., encryption over the internet is already taken care of).
I was able to successfully setup VNC years back. It works overall fine when near enough, but the latency makes this too laggy and practically useless when NixOS server is e.g. in America and I’m trying to control it from Asia.
Has anyone here found good alternatives to VNC from this point of view?
I occasionaly use X11spice to control both VMs and physical machines. In my experience the performance is much better than VNC: in a LAN you can even stream a video and from a decent internet connection the latency is minimal.
I haven’t tried to connect to a machine from a different continent, though, so I’m not sure how well it handles that much latency.
I’m not sure if it still performs well in a continent spanning setup, but I had set up xrdp+xfce on my headless home server a while ago and I’ve been pleasantly surprised about its performance for a couple of months now. I suspect that somewhere along the way, xrdp must have gotten optimized quite a bit. For me, it’s good enough to use via mobile internet (through wireguard) from the same country (albeit for rather trivial GUI based tasks).
Thanks, had never heard of X11spice. Can you please post a working configuration for this on a NixOS server? Also, how do you then connect to it from elsewhere (e.g. from a Debian Linux machine)?
Thanks, can you please post a working configuration for xrdp+xfce on a NixOS server? Also, how do you then connect to it from elsewhere (e.g. from a Debian Linux machine)?
Can you please post a working configuration for this on a NixOS server?
Sure. I normally tunnel it in an SSH connection, so I do something like this:
On the server:
nix-shell -p x11spice --run 'x11spice --password=something'
On the client:
ssh -NL 5900:localhost:5900 server
nix-shell -p spice-gtk --run 'spicy --password=something --uri spice://localhost:5900'
That’s it.
I’m sure it will have a better latency without the tunnel, but I’ve never tried using the built-in TLS encryption mode. (Of course you could run with no encryption, but it’s not great.)
Also, how do you then connect to it from elsewhere (e.g. from a Debian Linux machine)?
There is nothing NixOS-specific, so it should work from Debian as well, provided you have packages for spice-gtk and x11spice.
This should work. Note that the service will be set up using and ad-hoc, self-signed TLS certificate if you don’t specify services.xrdp.sslKey and services.xrdp.sslCert; see here:
$ cat services/remote-access.nix
{ config, pkgs, lib, stdenv, ...}:
{
services = {
xserver = {
enable = true;
autorun = false;
desktopManager.xfce.enable = true;
};
xrdp = {
enable = true;
defaultWindowManager = "startxfce4";
openFirewall = true;
};
};
# Prevent Xorg from starting at boot.
# `services.xserver.autorun = false;` is not sufficient anymore.
# See: https://github.com/NixOS/nixpkgs/issues/311683#issuecomment-2292177606
systemd.defaultUnit = lib.mkForce "multi-user.target";
}