Skip to content

feat(services): add Chrome Remote Desktop (headless X11 host)#20

Merged
UnbreakableMJ merged 1 commit into
mainfrom
feat/chrome-remote-desktop
Jul 2, 2026
Merged

feat(services): add Chrome Remote Desktop (headless X11 host)#20
UnbreakableMJ merged 1 commit into
mainfrom
feat/chrome-remote-desktop

Conversation

@UnbreakableMJ

Copy link
Copy Markdown
Contributor

Adds Google Chrome Remote Desktop — not in nixpkgs, so pkgs/chrome-remote-desktop/ repackages Google's official amd64 .deb (150.0.7871.19), wired via a new modules/services/chrome-remote-desktop.nix (steelbore.services.chromeRemoteDesktop, enabled on the ThinkPad host).

Package (pkgs/chrome-remote-desktop/package.nix)

  • dpkg -x + autoPatchelfHook on the bundled host ELF binaries.
  • libremoting_core.so fix: the app dir is added to RUNPATH (appendRunpaths) so the host binaries find it — the classic NixOS CRD failure.
  • Path patches only (not behavior): the Python management script's #!/usr/bin/python3, Xvfb/Xorg/xrandr/xdpyinfo, /usr/lib/xorg/modules, and /usr/bin/{sudo,pkexec} → Nix-store / /run/wrappers equivalents. CRD keeps its normal headless-virtual-X flow.
  • No setuid user-session helper exists in this release (naminx's 2024 reference wrapped one) — none needed.

Module + session

  • chrome-remote-desktop group, pam_unix PAM stack, chrome-remote-desktop@mj system service.
  • Session = LeftWM (X11) via ~/.chrome-remote-desktop-session (users/mj/home.nix) — launched directly under dbus-run-session, not the startx-based start-leftwm (which would collide with CRD's virtual X). Niri/GNOME here are Wayland, so unusable as a CRD session.

Verification

  • Package builds warning-free; interpreter + rpaths patched; script paths substituted; toplevel builds with the service + PAM in the closure.
  • ⚠️ Runtime needs a manual one-time authorization (can't be automated): sign into Google in Chrome → remotedesktop.google.com/headless → Authorize → run the shown start-host --code=… as mj → set a 6-digit PIN → connect from remotedesktop.google.com/access. Outbound HTTPS only (no inbound firewall port). CRD-on-NixOS is historically finicky, so treat first connection as the real test.

Maintenance

Bump version + src.sha256 from the CRD apt Packages index. Docs: PRD §12.2, TODO.

🤖 Generated with Claude Code

CRD is not in nixpkgs. pkgs/chrome-remote-desktop/ repackages Google's
official amd64 .deb (150.0.7871.19): dpkg -x + autoPatchelfHook, the app dir
added to RUNPATH so libremoting_core.so resolves (the classic NixOS failure),
and the Python host script's hardcoded paths patched to Nix-store / /run/wrappers
equivalents (interpreter, Xvfb/Xorg/xrandr/xdpyinfo, Xorg module dir, sudo/pkexec).
Only path patches — NOT CRD's session-launch logic — so it uses the normal
headless-virtual-X flow. No setuid user-session helper exists in this release, so
none is wrapped.

modules/services/chrome-remote-desktop.nix (steelbore.services.chromeRemoteDesktop,
enabled on the ThinkPad host): chrome-remote-desktop group, pam_unix PAM stack,
and a chrome-remote-desktop@mj system service. CRD runs a headless virtual X11
session and execs ~/.chrome-remote-desktop-session -> LeftWM (users/mj/home.nix;
Niri/GNOME here are Wayland). Launches leftwm directly under dbus-run-session, NOT
the startx-based start-leftwm (which would collide with CRD's virtual X).

Verified: package builds warning-free; ELF interpreter + rpaths patched (opt dir
on RUNPATH); script paths substituted; toplevel builds with the service + PAM in
the closure. Runtime requires a MANUAL one-time Google authorization (web + PIN),
which can't be automated — see the module header.

Bump version + src.sha256 from the CRD apt index per release. PRD §12.2 + TODO.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@UnbreakableMJ UnbreakableMJ merged commit 12f1224 into main Jul 2, 2026
1 check passed
@UnbreakableMJ UnbreakableMJ deleted the feat/chrome-remote-desktop branch July 2, 2026 09:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant