Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
537f144885fc8314a11058c69327332132b679c4
nixos/hosts/nb/modules/epicenter.nix

79 lines
2.1 KiB
Nix
Raw Blame History

{ lib, pkgs, ... }:
let
wrapperScript = pkgs.writeShellScriptBin "rustdesk-epicenter-wrapper" ''
# Grant epicenter user access to the Wayland socket
${pkgs.acl}/bin/setfacl -m u:epicenter:x "$XDG_RUNTIME_DIR"
${pkgs.acl}/bin/setfacl -m u:epicenter:rwx "$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY"
# Run rustdesk as epicenter user with absolute path to Wayland socket
exec /run/wrappers/bin/sudo -u epicenter \
WAYLAND_DISPLAY="$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY" \
XDG_RUNTIME_DIR=/run/user/1001 \
${pkgs.rustdesk-flutter}/bin/rustdesk "$@"
'';
rustdeskEpicenterDesktopItem = pkgs.makeDesktopItem {
name = "rustdesk-epicenter";
desktopName = "RustDesk Epicenter";
exec = "${wrapperScript}/bin/rustdesk-epicenter-wrapper";
icon = "rustdesk";
categories = [ "Network" "RemoteAccess" ];
comment = "Remote desktop software for office user (Epicenter)";
};
in {
environment.systemPackages = [
rustdeskEpicenterDesktopItem
];
users.users.epicenter = {
isNormalUser = true;
extraGroups = [ ]; # Minimal groups
};
users.groups.epicenter = {};
# Allow dominik to run rustdesk as epicenter user without password
security.sudo.extraRules = [
{
users = [ "dominik" ];
runAs = "epicenter";
commands = [
{
command = "${pkgs.rustdesk-flutter}/bin/rustdesk";
options = [ "NOPASSWD" "SETENV" ];
}
];
}
];
home-manager.users.epicenter = {
home.stateVersion = "24.05";
home.username = "epicenter";
home.homeDirectory = "/home/epicenter";
# Add rustdesk to the epicenter user's packages
home.packages = with pkgs; [
rustdesk-flutter
];
# Declaratively configure RustDesk for Epicenter server
home.file.".config/rustdesk/RustDesk2.toml" = {
force = true;
text = ''
rendezvous_server = 'rustdesk.helsinki.tools:21116'
nat_type = 1
serial = 0
unlock_pin = '''
trusted_devices = '''
[options]
av1-test = 'N'
key = '8jkD3HoWK+flkWcAMIqRnyn0jr4r9VPb+JYIbBtb+7k='
api-server = 'https://rustdesk.helsinki.tools'
custom-rendezvous-server = 'rustdesk.helsinki.tools'
'';
};
};
}
Reference in New Issue View Git Blame Copy Permalink