The VNC desktop faded to black after weston's default 300s idle
timeout, and on wake desktop-shell showed its click-to-unlock lock
screen (a green circle) — pointless for an agent desktop viewed
over /screen, and confusing for the operator (issue #180).
Add [core] idle-time=0 to the generated weston.ini. Verified against
weston 14.0.1: idle-time parses to compositor->idle_time, and
weston_compositor_wake arms the idle timer with idle_time*1000 ms;
0 ms makes wl_event_source_timer_update disarm the timer, so the
compositor never transitions to IDLE and desktop-shell never locks.
closes#180
weston calls pam_start("weston-remote-access", ...) in libweston/auth.c.
The previous security.pam.services.weston entry created /etc/pam.d/weston
which was never consulted, so PAM fell back to the system default and
rejected all credentials. Renaming to weston-remote-access makes
pam_permit.so actually take effect.
Fixes#92
- Replace ${pkgs.coreutils}/bin/hostname with cat /etc/hostname:
hostname binary is in pkgs.inetutils, not pkgs.coreutils; /etc/hostname
is always present in NixOS containers and is simpler.
- Add --disable-transport-layer-security: weston VNC requires TLS certs
by default; since VNC is loopback-only (relayed by the harness WS proxy)
TLS adds no security benefit and cert generation adds complexity.
Removes weston-rdp.nix (hyperhive.westonRdp.enable) and adds
weston-vnc.nix (hyperhive.gui.enable).
The ExecStart wrapper script computes a deterministic VNC port via
FNV-1a hash of the agent name (derived from hostname, same algorithm
as lifecycle::agent_web_port) in the range [15900, 16799], then writes
/etc/hyperhive/gui.json {"vnc_port": N, "auth": "none"} for the
harness WebSocket relay (issue #51), and execs weston with the VNC
backend + pixman renderer.
Type=simple so it can never abort nixos-container update; a
misconfigured weston degrades to a restart loop, not a blocked rebuild.
Closes#50
