Forge Home


Manage tigervnc with systemd-logind support


55 latest version

5.0 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 2.1.0 (latest)
  • 2.0.2
  • 2.0.1
  • 2.0.0
  • 1.2.0
  • 1.1.0
  • 1.0.2
  • 1.0.1
  • 1.0.0
  • 0.4.0
  • 0.3.3
  • 0.3.2
  • 0.3.1
  • 0.3.0
  • 0.2.1
  • 0.2.0
  • 0.1.2
  • 0.1.1
  • 0.1.0
released May 8th 2024
This version is compatible with:
  • Puppet Enterprise 2023.7.x, 2023.6.x, 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x
  • Puppet >= 6.21.0 < 9.0.0
  • , , , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'jcpunk-vnc', '2.1.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add jcpunk-vnc
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install jcpunk-vnc --version 2.1.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Tags: vnc, tigervnc, novnc


jcpunk/vnc — version 2.1.0 May 8th 2024


Manage tigervnc now that it expects systemd-logind support.

Table of Contents

  1. Description
  2. Setup - The basics of getting started with vnc
  3. Usage - Configuration options and additional functionality
  4. Limitations - OS compatibility, etc.
  5. Development - Guide for contributing to the module


This module manages VNC servers utilizing the new tigervnc scripts from tigervnc 1.11 and later.

Users can optionally be given rights to restart their own servers.


What vnc affects

This will impact your VNC sessions, configs in /etc/tigervnc (parameter), and PolicyKit for systemd (if user restart is granted via the params).

If requested the vnc::client::novnc will try to setup the non-webserver parts of a noVNC site.

Setup Requirements OPTIONAL

If you wish to use the novnc client, you must setup a webserver to point at the websocket.

Beginning with vnc



If the defaults are workable for you, basic usage is:

class { 'vnc::server':
  manage_services => true,
  vnc_servers => {
    'userA' => {
       'comment' => 'Optional comment',
       'displaynumber' => 1,
       'user_can_manage' =>  true,

Or via hiera

vnc::server::manage_services: true
    comment: Optional comment
    displaynumber: 1
    user_can_manage: true

The most interesting parameter is vnc::server::vnc_servers.

It has a structure of:

  comment: (optional) comment
  displaynumber: The VNC screen, like 1, 2, 3, etc
  ensure: service ensure, default is 'running'
  enable: service enable, default is 'true'
  seed_home_vnc: make ~${username}/.vnc/config, default is `vnc::server::seed_user_vnc_config`
  user_can_manage: Boolean value to permit a user to run `systemctl restart vncserver@:#.service`
                   where the `#` is their listed displaynumber.
                   default value is from $vnc::server::user_can_manage

For hosts where a users's home is on a kerberos protected volume, you'll probably want to set seed_home_vnc = false as the puppet process will not have access. Or globally via vnc::server::seed_home_vnc.

Similarly, when "user home" is not accessible to unauthenticated systemd, you'll probably want to set vnc::server::manage_services = false.

You can directly export these sessions to noVNC via include vnc::server::export::novnc.


Similarly, VNC clients can be loaded with:

class { 'vnc::client::gui': }


class { 'vnc::client::novnc': }

The noVNC client takes a parameter vnc_sessions with a format of:

  session_name: server:port
  other_session_name: server:otherport

By default token based configuration is used to let the webserver multiplex to a single websockify instance. An example HTML list of configured sessions is written out to vnc::client::novnc::webserver_vnc_index.


This requires the systemd units from tigervnc 1.11+.

You must manage you own firewall settings.

There are too may ways folks may want to setup the webserver, so no attempt is made here to provide hooks for the websockets proxy via httpd or nginx.

If you want to use the SSL wrapper for websockify you are responsible to depoy the cert, key, CA, and set the parameters you need.


See the linked repo in metadata.json