clanModules: init localsend module

clanModules/flake-module.nix

@@ -9,8 +9,10 @@
     borgbackup = ./borgbackup.nix;
     deltachat = ./deltachat.nix;
     moonlight = ./moonlight.nix;
+    sunshine = ./sunshine.nix;
     syncthing = ./syncthing.nix;
     xfce = ./xfce.nix;
     zt-tcp-relay = ./zt-tcp-relay.nix;
+    localsend = ./localsend.nix;
   };
 }

clanModules/localsend.nix

@@ -0,0 +1,40 @@
+{ config
+, pkgs
+, lib
+, ...
+}:
+{
+  options.clan.localsend = {
+    enable = lib.mkEnableOption (lib.mdDoc "enable the localsend module");
+    defaultLocation = lib.mkOption {
+      type = lib.types.str;
+      description = "The default download location";
+    };
+    package = lib.mkPackageOption pkgs "localsend" { };
+  };
+
+  imports =
+    if config.clan.localsend.enable then
+      [
+        {
+          clanCore.state.localsend.folders = [
+            "/var/localsend"
+            config.clan.localsend.defaultLocation
+          ];
+          environment.systemPackages = [ config.clan.localsend.package ];
+
+          networking.firewall.interfaces."zt+".allowedTCPPorts = [ 53317 ];
+          networking.firewall.interfaces."zt+".allowedUDPPorts = [ 53317 ];
+
+          #TODO: This is currently needed because there is no ipv6 multicasting support yet
+          #
+          systemd.network.networks."09-zerotier" = {
+            networkConfig = {
+              Address = "192.168.56.2/24";
+            };
+          };
+        }
+      ]
+    else
+      [ ];
+}

clanModules/sunshine.nix

@@ -0,0 +1,109 @@
+{ pkgs, config, ... }:
+{
+  networking.firewall = {
+    allowedTCPPorts = [
+      47984
+      47989
+      47990
+      48010
+    ];
+
+    allowedUDPPorts = [
+      47998
+      47999
+      48000
+      48002
+      48010
+    ];
+  };
+
+  networking.firewall.allowedTCPPortRanges = [
+    {
+      from = 47984;
+      to = 48010;
+    }
+  ];
+  networking.firewall.allowedUDPPortRanges = [
+    {
+      from = 47998;
+      to = 48010;
+    }
+  ];
+
+  environment.systemPackages = [
+    pkgs.sunshine
+    pkgs.avahi
+    # Convenience script, until we find a better UX
+    (pkgs.writers.writeDashBin "sun" ''
+      ${pkgs.sunshine}/bin/sunshine -1 ${
+        pkgs.writeText "sunshine.conf" ''
+          address_family = both
+        ''
+      } "$@"
+    '')
+    # Create a dummy account, for easier setup,
+    # don't use this account in actual production yet.
+    (pkgs.writers.writeDashBin "init-sun" ''
+      ${pkgs.sunshine}/bin/sunshine \
+      --creds "sun" "sun"
+    '')
+  ];
+
+  # Required to simulate input
+  boot.kernelModules = [ "uinput" ];
+  security.rtkit.enable = true;
+
+  # services.udev.extraRules = ''
+  #   KERNEL=="uinput", SUBSYSTEM=="misc", OPTIONS+="static_node=uinput", TAG+="uaccess"
+  # '';
+
+  services.udev.extraRules = ''
+    KERNEL=="uinput", GROUP="input", MODE="0660" OPTIONS+="static_node=uinput"
+  '';
+
+  security.wrappers.sunshine = {
+    owner = "root";
+    group = "root";
+    capabilities = "cap_sys_admin+p";
+    source = "${pkgs.sunshine}/bin/sunshine";
+  };
+
+  systemd.user.services.sunshine = {
+    description = "sunshine";
+    wantedBy = [ "graphical-session.target" ];
+    environment = {
+      DISPLAY = ":0";
+    };
+    serviceConfig = {
+      ExecStart = "${config.security.wrapperDir}/sunshine";
+    };
+  };
+
+  # xdg.configFile."sunshine/apps.json".text = builtins.toJSON {
+  #   env = "/run/current-system/sw/bin";
+  #   apps = [
+  #     {
+  #       name = "Steam";
+  #       output = "steam.txt";
+  #       detached = [
+  #         "${pkgs.util-linux}/bin/setsid ${pkgs.steam}/bin/steam steam://open/bigpicture"
+  #       ];
+  #       image-path = "steam.png";
+  #     }
+  #   ];
+  # };
+
+  services = {
+    avahi = {
+      enable = true;
+      reflector = true;
+      nssmdns = true;
+      publish = {
+        enable = true;
+        addresses = true;
+        userServices = true;
+        workstation = true;
+      };
+    };
+  };
+}