feat: refactor, update settings for sunshine (#215)

modules/nixos/desktop/networking/clash-verge.nix

@@ -0,0 +1,8 @@
+{
+  programs.clash-verge = {
+    enable = true;
+    autoStart = false;
+    serviceMode = true;
+    tunMode = true;
+  };
+}

modules/nixos/desktop/networking/default.nix

@@ -0,0 +1,4 @@
+{ mylib, ... }:
+{
+  imports = mylib.scanPaths ./.;
+}

modules/nixos/desktop/networking/remote-desktop.nix

@@ -0,0 +1,42 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    moonlight-qt # moonlight client, for streaming games/desktop from a PC
+  ];
+
+  # ===============================================================================
+  #
+  # Sunshine: A self-hosted game stream server for Moonlight(Client).
+  # It's designed for game streaming, but it can be used for remote desktop as well.
+  #
+  # How to use:
+  #  1. setup user via Web Console: <https://localhost:47990/>):
+  #  2. on another machine, connect to sunshine on via moonlight-qt client
+  #
+  # Docs:
+  #  https://docs.lizardbyte.dev/projects/sunshine/latest/index.html
+  #
+  # Check Service Status
+  #   systemctl --user status sunshine
+  # Check logs
+  #   journalctl --user -u sunshine --since "2 minutes ago"
+  #
+  # References:
+  #   https://github.com/NixOS/nixpkgs/blob/nixos-25.05/nixos/modules/services/networking/sunshine.nix
+  #
+  # ===============================================================================
+  services.sunshine = {
+    enable = false; # default to false, for security reasons.
+    autoStart = true;
+    capSysAdmin = true; # only needed for Wayland -- omit this when using with Xorg
+    openFirewall = true;
+    settings = {
+      # pc  - Only localhost may access the web ui
+      # lan - Only LAN devices may access the web ui
+      origin_web_ui_allowed = "pc";
+      # 2   -	encryption is mandatory and unencrypted connections are rejected
+      lan_encryption_mode = 2;
+      wan_encryption_mode = 2;
+    };
+  };
+}

modules/nixos/desktop/networking/tailscale.nix

@@ -0,0 +1,46 @@
+{
+  config,
+  pkgs,
+  ...
+}:
+# =============================================================
+#
+# Tailscale - your own private network(VPN) that uses WireGuard
+#
+# It's open source and free for personal use,
+# and it's really easy to setup and use.
+# Tailscale has great client coverage for Linux, windows, Mac, android, and iOS.
+# Tailscale is more mature and stable compared to other alternatives such as netbird/netmaker.
+# Maybe I'll give netbird/netmaker a try when they are more mature, but for now, I'm sticking with Tailscale.
+#
+# How to use:
+#  1. Create a Tailscale account at https://login.tailscale.com
+#  2. Login via `tailscale login`
+#  3. join into your Tailscale network via `tailscale up --accept-routes`
+#  4. If you prefer automatic connection to Tailscale, use the `authKeyFile` option` in the config below.
+#
+# Status Data:
+#   `journalctl -u tailscaled` shows tailscaled's logs
+#   logs indicate that tailscale store its data in /var/lib/tailscale
+#   which is already persistent across reboots(via preservation)
+#
+# References:
+# https://github.com/NixOS/nixpkgs/blob/nixos-25.05/nixos/modules/services/networking/tailscale.nix
+#
+# =============================================================
+{
+  # make the tailscale command usable to users
+  environment.systemPackages = [ pkgs.tailscale ];
+
+  # enable the tailscale service
+  services.tailscale = {
+    enable = true;
+    port = 41641;
+    interfaceName = "tailscale0";
+    # allow the Tailscale UDP port through the firewall
+    openFirewall = true;
+    useRoutingFeatures = "client";
+    extraUpFlags = "--accept-routes";
+    # authKeyFile = "/var/lib/tailscale/authkey";
+  };
+}