add xrdp

flake.nix

@@ -388,6 +388,7 @@
                 misskey-proxy."xn--s8w913fdga.chn.moe" = {};
                 synapse.enable = true;
                 synapse-proxy."synapse.chn.moe" = {};
+                xrdp = { enable = true; hostname = "vps7.chn.moe"; };
               };
             };})
           ];

modules/services/default.nix

@@ -12,6 +12,7 @@ inputs:
     ./coturn.nix
     ./synapse.nix
     ./phpfpm.nix
+    ./xrdp.nix
     # ./docker.nix
   ];
   options.nixos.services = let inherit (inputs.lib) mkOption types; in

modules/services/xrdp.nix

@@ -0,0 +1,35 @@
+inputs:
+{
+  options.nixos.services.xrdp = let inherit (inputs.lib) mkOption types; in
+  {
+    enable = mkOption { type = types.bool; default = false; };
+    port = mkOption { type = types.ints.unsigned; default = 3389; };
+    hostname = mkOption { type = types.nullOr types.str; default = null; };
+  };
+  config =
+    let
+      inherit (inputs.lib) mkMerge mkIf;
+      inherit (inputs.localLib) stripeTabs attrsToList;
+      inherit (inputs.config.nixos.services) xrdp;
+      inherit (builtins) map listToAttrs concatStringsSep toString filter attrValues;
+    in mkMerge
+    [
+      {
+        services.xrdp =
+        {
+          enable = true;
+          port = xrdp.port;
+          openFirewall = true;
+          defaultWindowManager = "startplasma-x11";
+        };
+      }
+      (
+        mkIf (xrdp.hostname != null)
+        {
+          services.xrdp = let keydir = inputs.config.security.acme.certs.${xrdp.hostname}.directory; in
+            { sslCert = "${keydir}/full.pem"; sslKey = "${keydir}/key.pem"; };
+          nixos.services.acme = { enable = true; certs = [ xrdp.hostname ]; };
+        }
+      )
+    ];
+}