Unverified Commit 65544c69 authored by ppom's avatar ppom Committed by Maciej Krüger
Browse files

rustdesk-server: init module

parent 4aa80bb1

nixos/doc/manual/release-notes/rl-2405.section.md

+2 −0
Original line number Diff line number Diff line
@@ -61,6 +61,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m 


- [TuxClocker](https://github.com/Lurkki14/tuxclocker), a hardware control and monitoring program. Available as [programs.tuxclocker](#opt-programs.tuxclocker.enable).



- [RustDesk](https://rustdesk.com), a full-featured open source remote control alternative for self-hosting and security with minimal configuration. Alternative to TeamViewer.



## Backward Incompatibilities {#sec-release-24.05-incompatibilities}



<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->

nixos/modules/module-list.nix

+1 −0
Original line number Diff line number Diff line
@@ -832,6 +832,7 @@ 
  ./services/monitoring/riemann-dash.nix

  ./services/monitoring/riemann-tools.nix

  ./services/monitoring/riemann.nix

  ./services/monitoring/rustdesk-server.nix

  ./services/monitoring/scollector.nix

  ./services/monitoring/smartd.nix

  ./services/monitoring/snmpd.nix

nixos/modules/services/monitoring/rustdesk-server.nix

0 → 100644
+95 −0
Original line number Diff line number Diff line 
{ lib, pkgs, config, ... }:

let

  TCPPorts = [21115 21116 21117 21118 21119];

  UDPPorts = [21116];

in {

  options.services.rustdesk-server = with lib; with types; {

    enable = mkEnableOption "RustDesk, a remote access and remote control software, allowing maintenance of computers and other devices.";



    package = mkPackageOption pkgs "rustdesk-server" {};



    openFirewall = mkOption {

      type = types.bool;

      default = false;

      description = ''

        Open the connection ports.

        TCP (${lib.concatStringsSep ", " (map toString TCPPorts)})

        UDP (${lib.concatStringsSep ", " (map toString UDPPorts)})

      '';

    };



    relayIP = mkOption {

      type = str;

      description = ''

        The public facing IP of the RustDesk relay.

      '';

    };

  };



  config = let

    cfg = config.services.rustdesk-server;

    serviceDefaults = {

      enable = true;

      requiredBy = [ "rustdesk.target" ];

      serviceConfig = {

        Slice = "system-rustdesk.slice";

        User  = "rustdesk";

        Group = "rustdesk";

        Environment = [];

        WorkingDirectory = "/var/lib/rustdesk";

        StateDirectory   = "rustdesk";

        StateDirectoryMode = "0750";

        LockPersonality = true;

        NoNewPrivileges = true;

        PrivateDevices = true;

        PrivateMounts = true;

        PrivateTmp = true;

        PrivateUsers = true;

        ProtectClock = true;

        ProtectControlGroups = true;

        ProtectHome = true;

        ProtectHostname = true;

        ProtectKernelLogs = true;

        ProtectKernelModules = true;

        ProtectKernelTunables = true;

        ProtectProc = "invisible";

        ProtectSystem = "strict";

        RemoveIPC = true;

        RestrictNamespaces = true;

        RestrictSUIDSGID = true;

      };

    };

  in lib.mkIf cfg.enable {

    users.users.rustdesk = {

      description = "System user for RustDesk";

      isSystemUser = true;

      group = "rustdesk";

    };

    users.groups.rustdesk = {};



    networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall TCPPorts;

    networking.firewall.allowedUDPPorts = lib.mkIf cfg.openFirewall UDPPorts;



    systemd.slices.system-rustdesk = {

      enable = true;

      description = "Slice designed to contain RustDesk Signal & RustDesk Relay";

    };



    systemd.targets.rustdesk = {

      enable = true;

      description = "Target designed to group RustDesk Signal & RustDesk Relay";

      after = [ "network.target" ];

      wantedBy = [ "multi-user.target" ];

    };



    systemd.services.rustdesk-signal = lib.mkMerge [ serviceDefaults {

      serviceConfig.ExecStart = "${cfg.package}/bin/hbbs -r ${cfg.relayIP}";

    } ];



    systemd.services.rustdesk-relay = lib.mkMerge [ serviceDefaults {

      serviceConfig.ExecStart = "${cfg.package}/bin/hbbr";

    } ];

  };



  meta.maintainers = with lib.maintainers; [ ppom ];

}

pkgs/by-name/ye/yeswiki/package.nix

0 → 100644
+28 −0
Original line number Diff line number Diff line 
{

  lib,

  stdenv,

  fetchurl,

  unzip,

}:

let

  version = "4.4.2";

in stdenv.mkDerivation {

  pname = "yeswiki";

  inherit version;



  src = fetchurl {

    url = "https://repository.yeswiki.net/doryphore/yeswiki-doryphore-${version}.zip";

    hash = "sha256-TNiVBragEnLkMTu/Op6sCFsk9wWXUQ2GUPqmWgPV/vk=";

  };



  nativeBuildInputs = [

    unzip

  ];



  installPhase = ''

    runHook preInstall

    mkdir -p $out/

    cp -R . $out/

    runHook postInstall

  '';

}