diff options
author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2024-01-24 00:02:51 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-01-24 00:02:51 +0000 |
commit | 9bf128cad3576ca83f711d304f0b6c62dd477e3e (patch) | |
tree | e4c596ff833fa33175fdd288c769213f27114f6d /nixos | |
parent | 9dfb5091e1e414e329e8c0455c150d4a82b8bf34 (diff) | |
parent | 6a4e9dff735fc9f2135a04d092c3ca0d346cd56f (diff) | |
download | nixlib-9bf128cad3576ca83f711d304f0b6c62dd477e3e.tar nixlib-9bf128cad3576ca83f711d304f0b6c62dd477e3e.tar.gz nixlib-9bf128cad3576ca83f711d304f0b6c62dd477e3e.tar.bz2 nixlib-9bf128cad3576ca83f711d304f0b6c62dd477e3e.tar.lz nixlib-9bf128cad3576ca83f711d304f0b6c62dd477e3e.tar.xz nixlib-9bf128cad3576ca83f711d304f0b6c62dd477e3e.tar.zst nixlib-9bf128cad3576ca83f711d304f0b6c62dd477e3e.zip |
Merge staging-next into staging
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2405.section.md | 10 | ||||
-rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/monitoring/rustdesk-server.nix | 95 |
3 files changed, 106 insertions, 0 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md index 9dce1d1ff26a..bac94e20cadf 100644 --- a/nixos/doc/manual/release-notes/rl-2405.section.md +++ b/nixos/doc/manual/release-notes/rl-2405.section.md @@ -61,6 +61,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - [TuxClocker](https://github.com/Lurkki14/tuxclocker), a hardware control and monitoring program. Available as [programs.tuxclocker](#opt-programs.tuxclocker.enable). +- [RustDesk](https://rustdesk.com), a full-featured open source remote control alternative for self-hosting and security with minimal configuration. Alternative to TeamViewer. + ## Backward Incompatibilities {#sec-release-24.05-incompatibilities} <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> @@ -184,6 +186,14 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - [watchdogd](https://troglobit.com/projects/watchdogd/), a system and process supervisor using watchdog timers. Available as [services.watchdogd](#opt-services.watchdogd.enable). +- The `jdt-language-server` package now uses upstream's provided python wrapper instead of our own custom wrapper. This results in the following breaking and notable changes: + + - The main binary for the package is now named `jdtls` instead of `jdt-language-server`, equivalent to what most editors expect the binary to be named. + + - JVM arguments should now be provided with the `--jvm-arg` flag instead of setting `JAVA_OPTS`. + + - The `-data` path is no longer required to run the package, and will be set to point to a folder in `$TMP` if missing. + ## Other Notable Changes {#sec-release-24.05-notable-changes} <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 2552ca6fa0f5..ff76aa16c1b5 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -832,6 +832,7 @@ ./services/monitoring/riemann-dash.nix ./services/monitoring/riemann-tools.nix ./services/monitoring/riemann.nix + ./services/monitoring/rustdesk-server.nix ./services/monitoring/scollector.nix ./services/monitoring/smartd.nix ./services/monitoring/snmpd.nix diff --git a/nixos/modules/services/monitoring/rustdesk-server.nix b/nixos/modules/services/monitoring/rustdesk-server.nix new file mode 100644 index 000000000000..0a6a8e71672f --- /dev/null +++ b/nixos/modules/services/monitoring/rustdesk-server.nix @@ -0,0 +1,95 @@ +{ lib, pkgs, config, ... }: +let + TCPPorts = [21115 21116 21117 21118 21119]; + UDPPorts = [21116]; +in { + options.services.rustdesk-server = with lib; with types; { + enable = mkEnableOption "RustDesk, a remote access and remote control software, allowing maintenance of computers and other devices."; + + package = mkPackageOption pkgs "rustdesk-server" {}; + + openFirewall = mkOption { + type = types.bool; + default = false; + description = '' + Open the connection ports. + TCP (${lib.concatStringsSep ", " (map toString TCPPorts)}) + UDP (${lib.concatStringsSep ", " (map toString UDPPorts)}) + ''; + }; + + relayIP = mkOption { + type = str; + description = '' + The public facing IP of the RustDesk relay. + ''; + }; + }; + + config = let + cfg = config.services.rustdesk-server; + serviceDefaults = { + enable = true; + requiredBy = [ "rustdesk.target" ]; + serviceConfig = { + Slice = "system-rustdesk.slice"; + User = "rustdesk"; + Group = "rustdesk"; + Environment = []; + WorkingDirectory = "/var/lib/rustdesk"; + StateDirectory = "rustdesk"; + StateDirectoryMode = "0750"; + LockPersonality = true; + NoNewPrivileges = true; + PrivateDevices = true; + PrivateMounts = true; + PrivateTmp = true; + PrivateUsers = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectProc = "invisible"; + ProtectSystem = "strict"; + RemoveIPC = true; + RestrictNamespaces = true; + RestrictSUIDSGID = true; + }; + }; + in lib.mkIf cfg.enable { + users.users.rustdesk = { + description = "System user for RustDesk"; + isSystemUser = true; + group = "rustdesk"; + }; + users.groups.rustdesk = {}; + + networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall TCPPorts; + networking.firewall.allowedUDPPorts = lib.mkIf cfg.openFirewall UDPPorts; + + systemd.slices.system-rustdesk = { + enable = true; + description = "Slice designed to contain RustDesk Signal & RustDesk Relay"; + }; + + systemd.targets.rustdesk = { + enable = true; + description = "Target designed to group RustDesk Signal & RustDesk Relay"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + }; + + systemd.services.rustdesk-signal = lib.mkMerge [ serviceDefaults { + serviceConfig.ExecStart = "${cfg.package}/bin/hbbs -r ${cfg.relayIP}"; + } ]; + + systemd.services.rustdesk-relay = lib.mkMerge [ serviceDefaults { + serviceConfig.ExecStart = "${cfg.package}/bin/hbbr"; + } ]; + }; + + meta.maintainers = with lib.maintainers; [ ppom ]; +} |