nomachine-client: Added nomachine server and rename to nomachine

[rytec-nl]

Motivation for this change

Switching to NixOs as my daily driver made me miss the availability of NoMachine server. After some fiddling I now have a working implementation on at least 2 systems. However as I'm fairly new to nix I would like some feedback about what could be improved and what is missing. Discourse page here

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 22.05 Release Notes (or backporting 21.11 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
  • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
• Fits CONTRIBUTING.md.

[nixos-discourse]

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/nomachine-server/16899/4

[aanderse]

Hi 👋. I left a few low impact suggestions on the module portion of your PR. Unfortunately I'm not familiar with this software so I can't leave a more meaningful review. Hopefully my comments are at least somewhat useful... 😄

[rytec-nl]

Thanks for your time! Any feedback is appreciated :) Allows me to learn best practices!

[talyz]

Thanks a lot for doing this! I'll try it out and review it properly when I have time next week.

[talyz]

Great work! Thanks for doing it! I've tried it out now and got it working, but ran into some issues which I've addressed in separate comments.

Additionally, I'm wondering what the reasoning behind the directory structure is: could all the etc files be kept in /etc instead of /var/lib? Could the tmp folder actually be a /tmp folder? Do the binaries have to be kept in /etc?

[talyz]

What this whole thing does is pretty non-obvious and needs to be documented. I'm guessing it's replacing /usr/bin/ with /run/current-system/sw/bin in the .pm files, but some information on the escaping and when/if this has to be updated (I'm guessing it does since it references specific line numbers?) would be good.

[rytec-nl]

I wrote a small comment, is that what you had in mind? Or something more elaborate.

[talyz]

nxserver doesn't seem to like it when the display manager is started before it or restarted while it's running. I had to manually restart it a lot while testing, but to make this automatic, we could bind it to display-manager.service and make sure it starts after it.

Suggested change

	after = [ "syslog.target" "network.target" "network-online.target" ];
	wants = [ "network-online.target" ];
	after = [ "syslog.target" "network.target" "network-online.target" "display-manager.service" ];
	wants = [ "network-online.target" ];
	bindsTo = [ "display-manager.service" ];

[rytec-nl]

I blindly copied what you suggested, I had no issue so far. Could you tell me how to reproduce the issue so I can test is as well?

[rytec-nl]

Thanks for you time! I will work through your comments when I have some time available, hopefully before the end of next week.

Regarding the strange file placement and layout, that's due to how NoMachine seems to be setup. Their normal install procedure sort of creates its own rootfs in /usr/NX/. Except they also place copies of certain binaries in /etc/NX. Then they use config files in /etc where you can set the NX root (normally /usr/NX) except that there are a lot of hardcoded paths to /etc for the binaries anyway. I tried to patch a lot, including those obfuscated perl file which the weird bash function is for, but they also exist in the binaries. So my solution was to simply create the file paths instead of trying to patch those as well.

Besides the hard coded paths they are also very fond of keeping state in weird places like /usr/NX/etc. Which is what explains the symlinks to /var/lib

The way I set it up now is what I did after spending a week of looking at strace output and cursing at finding yet another hard coded path :) So it is very possible it can be improved or simplified. I also do not know what preferred file locations are in Nix, so please point me at the correct locations!

Thanks again for your efforts!

[talyz]

I see, I figured it was something like that :)

If possible, it would be nice to at least have a unified etc: keep everything needed in /etc, point ${nxserver}/NX/etc to it and get rid of /var/lib/nxserver/etc.

I would say that the preferred paths for services in NixOS are generally close to FHS where possible and follows what systemd uses by default:

• configuration files in /etc
• (persistent) state in /var/lib
• (temporary) runtime files in /run
• temporary files in /tmp

[rytec-nl]

Sorry for the delay in progess, life happened :). I processed you comments and also relocated all etc files to /etc/NX. The only thing I'm not sure about is that the nx processes need write access there. For now I did:

chown nx:nx /etx/NX

but that does not feel as the right thing to do. Would you know of a better solution? I know of at least these two files that it creates and writes:

/etc/NX/sshstatus
/etc/NX/usb.db.lock

I also rebased on master and applied your version update :).

[talyz]

Sorry for the late reply.

I've now looked into this in more detail and started improving things on my own branch instead of submitting everything as suggestions. Here is all of it in one commit: talyz@ec259d8. It's mostly changes to make the code more readable, simplify the wrappers as much as possible, make the hex replacement stuff more future-proof (hopefully) and minor changes to the directory structure. Unless you disagree with any of it, you're welcome to squash it.

I also added a parameter in the node config to enable audio, but this highlights another aspect that I think needs to be addressed - we should make it possible for the user to change the configuration, preferably in an RFC 0042 compatible way.

[talyz]

Oh yeah, I forgot to address your question - I think chowning, as you currently do, it is the best solution. At least, I couldn't find any declarative way to do it that works equally well.

[austinbutler]

I've tested this with the commit from @talyz, and I can connect but I get "No available sessions on this server." Tried with X11 and Wayland. In the logs I see 2846 2885 2022-03-13 13:41:46 216.850 ServerPhysicalSession/ServerConnectOnDisplaySocket: ERROR! Can't connect to socket @'/tmp/.X11-unix/X0' proto UNIX. 2846 2885 2022-03-13 13:41:46 216.908 ServerPhysicalSession/ServerConnectOnDisplaySocket: Error is 11, Resource temporarily unavailable..

Tried restarting nxserver, no change.

Logs from Wayland tries:

nxerror.log

unable to link authority file /nix/store/f5fmp22dh4zislfkn2djkcswkb7j7l4d-nomachine-7.8.2/NX/var/tmp/nx, use /nix/store/f5fmp22dh4zislfkn2djkcswkb7j7l4d-nomachine-7.8.2/NX/var/tmp/nx-n
Authorization required, but no authorization protocol specified
Authorization required, but no authorization protocol specified
17825 18615 13:57:55 023.348 HostWmRunningHelper: WARNING! Failed to open display ':0'.

nxserver.log

17825 17825 2022-03-13 13:57:55 023.507 NXSERVER WARNING! Cannot check WM on display :0 EEXIST
17825 17825 2022-03-13 13:57:56 336.825 NXSERVER WARNING! CF22B6BE5D99CDA73A82CFC52D9367AB nxnode died with exit code 6.
17825 17825 2022-03-13 13:57:56 434.450 NXSERVER WARNING! Session CF22B6BE5D99CDA73A82CFC52D9367AB crashed on display 0.

[lucasew]

Merge conflict

lucasew@riverwood ~/WORKSPACE/nixpkgs 0$  nix run nixpkgs#nixpkgs-review -- pr --post-result 153072
$ git -c fetch.prune=false fetch --no-tags --force https://github.com/NixOS/nixpkgs master:refs/nixpkgs-review/0 pull/153072/head:refs/nixpkgs-review/1
remote: Enumerating objects: 36133, done.
remote: Counting objects: 100% (12594/12594), done.
remote: Compressing objects: 100% (24/24), done.
remote: Total 36133 (delta 12580), reused 12572 (delta 12570), pack-reused 23539
Receiving objects: 100% (36133/36133), 30.29 MiB | 1.30 MiB/s, done.
Resolving deltas: 100% (23208/23208), completed with 3745 local objects.
From https://github.com/NixOS/nixpkgs
   10181346e6d..8af7032afaa  master                -> refs/nixpkgs-review/0
 + 22d230be61d...a312461214a refs/pull/153072/head -> refs/nixpkgs-review/1  (forced update)
$ git worktree add /home/lucasew/.cache/nixpkgs-review/pr-153072/nixpkgs 8af7032afaad219c0c37dd3d50171f73d37002a4
Preparing worktree (detached HEAD 8af7032afaa)
Updating files: 100% (34072/34072), done.
HEAD is now at 8af7032afaa Merge pull request #223049 from trofi/xorg.mkfontscale-update
$ git merge --no-commit --no-ff a312461214aa64253b74bd31f0d4a32cd029a932
Auto-merging nixos/modules/module-list.nix
Auto-merging pkgs/top-level/aliases.nix
CONFLICT (content): Merge conflict in pkgs/top-level/aliases.nix
Auto-merging pkgs/top-level/all-packages.nix
Automatic merge failed; fix conflicts and then commit the result.
https://github.com/NixOS/nixpkgs/pull/153072 failed to build
$ git worktree prune

[lucasew]

BTW, this PR looks abandoned.

If there is no activity for one week from now, I think it's better to close it.

If someone needs this, they can submit another PR and use the diff of this one as a starting point.

[rytec-nl]

Hi all,

Sorry for the lack of updates. I got distracted by other things and have since moved away from nomachine. This means for me the motivation to continue work on this has dropped. I will see if I can rebase on master to help continuation. If there are any questions regaring the implementation please let me know, I will do my best to answer them.

[lucasew]

No problem, if you don't have the motivation anymore someone else can continue the work. This PR will not disappear.

The problem is more like we have a lot of PRs to review. Drafting is a good way to demonstrate that the pr is not ready to review but if you don't want to continue it anymore you can close it. You can open another one later, or someone else.

[lucasew]

Result of nixpkgs-review pr 153072 run on x86_64-linux 1

2 packages blacklisted:

• nixos-install-tools
• tests.nixos-functions.nixos-test

1 package built:

• nomachine

[lucasew]

You can use an attrset to map the system to the fetchurl parameters

[lucasew]

Isn't this the default? Is this line necessary?

[lucasew]

meta.platforms already do that, you can just use null as the fallback or use a attrset

[talyz]

@talyz were you satisfied with the change @rytec-nl made in response to your feedback? Any blockers to reviewing?

Last I checked, there were still unresolved issues and @rytec-nl said he didn't have time to address them at the time. I can try to look into this again next week and see if this is still accurate.

[rytec-nl]

Yes there are still multiple issues, this is what I can remember:

• Wayland does not seem to work, even though nomachine supports it
• I think Pipewire, even with pulse enabled, does not work
• Client cannot read server status, due to a setuid requirement that nixos does not allow

I have not looked into the issue @gou4shi1 is having, so that is also still open.

Perhaps an initial version with comments or added assert to prevent the use with the broken parts can be merged?

[watkinsr]

I tried the server but got:

[nix-shell:~/.cache/nixpkgs-review/pr-153072-12]$ nxserver
awk: fatal: cannot open file `/nix/store/7m6bhzh37cq1z4pml4a820f6lwbnplmw-nomachine-7.10.1/NX/scripts.static/etc/server/localhost/server.cfg' for reading: No such file or directory
Cannot found ServerRoot in /nix/store/7m6bhzh37cq1z4pml4a820f6lwbnplmw-nomachine-7.10.1/NX/scripts.static/etc/server/localhost/server.cfg configuration file

Any ideas?

[rytec-nl]

It looks like you are trying to start the server manually without using the provided nix service, is that correct? This pull requests adds a service that prepares required stuff when started, stuff like the missing config files. You can checkout nixos/modules/services/admin/nomachine.nix to see what is setup.

Also your ping reminded me that the systemd prestart script was broken, that should be fixed now :)

[silverjam]

This works well on my machine with XFCE desktop (since I guess it doesn't use Wayland?) -- I've also disable sound since it's a laboratory machine.

For what it's worth, I made the following changes to load this into my configuration.nix:

-  imports =
-    [ # Include the results of the hardware scan.
-      ./hardware-configuration.nix
-    ];
+  # Loads up NoMachine package from https://github.com/NixOS/nixpkgs/pull/153072
+  imports = let
+      nixpkgs-tars = "https://github.com/NixOS/nixpkgs/archive/";
+      pr153072 = builtins.fetchTarball "${nixpkgs-tars}63686e66b7441ef5d5e7a6277d1c36c413548b05.tar.gz";
+    in
+      [ # Include the results of the hardware scan.
+        ./hardware-configuration.nix
+        (import "${pr153072}/nixos/modules/services/admin/nomachine.nix")
+      ];
+
+  disabledModules = [
+    "pkgs/tools/admin/nomachine-client/default.nix"
+  ];

-  nixpkgs.config.allowUnfree = true;
+  nixpkgs.config = {
+    # Allow unfree packages
+    allowUnfree = true;
+    # Loads up NoMachine package from https://github.com/NixOS/nixpkgs/pull/153072
+    packageOverrides = pkgs:
+      let
+        nixpkgs-tars = "https://github.com/NixOS/nixpkgs/archive/";
+        pr153072 = builtins.fetchTarball "${nixpkgs-tars}63686e66b7441ef5d5e7a6277d1c36c413548b05.tar.gz";
+      in
+    {
+        nomachine = pkgs.callPackage (import "${pr153072}/pkgs/tools/admin/nomachine/default.nix") {};
+    };
+  };
+

Then adding this to enable the service:

services.nxserver.enable = true

(Also need to either disable firewall, or allow NX ports).

[nixos-discourse]

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/trying-to-install-nomachine-server/35208/1

[ccheath]

curious if anyone working on this has looked at this KB on the nomachine site about installing on silverblue and other immutable systems? (makes it look so easy)

i'm new to nix (running a nixos vm currently) and would love to help out getting this package working since it would be a requirement for me to have in my daily driver

[abathur]

@rytec-nl Are you still interested in landing this?

[InAnYan]

Having this problem:

error: hash mismatch in fixed-output derivation '/nix/store/pb3zqkq8s1wabik28841i6kyax1hpfqr-nomachine_7.10.1_1_x86_64.tar.gz.drv':
	specified: sha256-alClFaNbQ76r8LukbygesWWXA5rx6VEzxK+bY5tOfO0=
	got:    sha256-Ba4kzbyj/MblReoqPyBg9nDhD/MP76T/dT+D7UP4nIE=

[InAnYan]

Oh, it's because "https://download.nomachine.com/download/7.10/Linux/nomachine_7.10.1_1_x86_64.tar.gz" is not available.

It redirects to the home page