{ lib, pkgs, ... }: let wrapperScript = pkgs.writeShellScriptBin "rustdesk-epicenter-wrapper" '' # Grant epicenter user access to the Wayland socket ${pkgs.acl}/bin/setfacl -m u:epicenter:x "$XDG_RUNTIME_DIR" ${pkgs.acl}/bin/setfacl -m u:epicenter:rwx "$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY" # Run rustdesk as epicenter user with absolute path to Wayland socket exec /run/wrappers/bin/sudo -u epicenter \ WAYLAND_DISPLAY="$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY" \ XDG_RUNTIME_DIR=/run/user/1001 \ ${pkgs.rustdesk-flutter}/bin/rustdesk "$@" ''; rustdeskEpicenterDesktopItem = pkgs.makeDesktopItem { name = "rustdesk-epicenter"; desktopName = "RustDesk Epicenter"; exec = "${wrapperScript}/bin/rustdesk-epicenter-wrapper"; icon = "rustdesk"; categories = [ "Network" "RemoteAccess" ]; comment = "Remote desktop software for office user (Epicenter)"; }; in { environment.systemPackages = [ rustdeskEpicenterDesktopItem ]; users.users.epicenter = { isNormalUser = true; extraGroups = [ ]; # Minimal groups }; users.groups.epicenter = {}; # Allow dominik to run rustdesk as epicenter user without password security.sudo.extraRules = [ { users = [ "dominik" ]; runAs = "epicenter"; commands = [ { command = "${pkgs.rustdesk-flutter}/bin/rustdesk"; options = [ "NOPASSWD" "SETENV" ]; } ]; } ]; home-manager.users.epicenter = { home.stateVersion = "24.05"; home.username = "epicenter"; home.homeDirectory = "/home/epicenter"; # Add rustdesk to the epicenter user's packages home.packages = with pkgs; [ rustdesk-flutter ]; # Declaratively configure RustDesk for Epicenter server home.file.".config/rustdesk/RustDesk2.toml" = { force = true; text = '' rendezvous_server = 'rustdesk.helsinki.tools:21116' nat_type = 1 serial = 0 unlock_pin = ''' trusted_devices = ''' [options] av1-test = 'N' key = '8jkD3HoWK+flkWcAMIqRnyn0jr4r9VPb+JYIbBtb+7k=' api-server = 'https://rustdesk.helsinki.tools' custom-rendezvous-server = 'rustdesk.helsinki.tools' ''; }; }; }