From 8c276b53a60726c6447c313ecc7ff47aa470ffe8 Mon Sep 17 00:00:00 2001
From: Franziska Kunsmann <hi@kunsmann.eu>
Date: Sat, 1 May 2021 15:18:21 +0200
Subject: [PATCH] nodes/home.nas: enable x11 forwarding for admins

---
 bundles/openssh/files/sshd_config | 3 +++
 bundles/openssh/items.py          | 1 +
 nodes/home/nas.py                 | 5 +++++
 3 files changed, 9 insertions(+)

diff --git a/bundles/openssh/files/sshd_config b/bundles/openssh/files/sshd_config
index bd3ec34..60e8e43 100644
--- a/bundles/openssh/files/sshd_config
+++ b/bundles/openssh/files/sshd_config
@@ -37,3 +37,6 @@ Match Group sftp
 
 Match User ${','.join(sorted(admin_users))}
     AllowTcpForwarding yes
+% if enable_x_forwarding_for_admins:
+    X11Forwarding yes
+% endif
diff --git a/bundles/openssh/items.py b/bundles/openssh/items.py
index 475c60f..a93b873 100644
--- a/bundles/openssh/items.py
+++ b/bundles/openssh/items.py
@@ -13,6 +13,7 @@ files = {
         'context': {
             'login_users': login_users,
             'admin_users': users_from_metadata,
+            'enable_x_forwarding_for_admins': node.metadata.get('openssh/enable_x_forwarding_for_admins', False),
         },
         'triggers': {
             'action:sshd_check_config',
diff --git a/nodes/home/nas.py b/nodes/home/nas.py
index b130a74..00dd3b6 100644
--- a/nodes/home/nas.py
+++ b/nodes/home/nas.py
@@ -28,6 +28,10 @@ nodes['home.nas'] = {
             'unattended_upgrades': {
                 'day': 6,
             },
+            'packages': {
+                'mpv': {},
+                'youtube-dl': {},
+            },
         },
         'backups': {
             # This *is* the backup server
@@ -153,6 +157,7 @@ nodes['home.nas'] = {
             'allowed_users': {
                 'kunsi-t470', # backup user
             },
+            'enable_x_forwarding_for_admins': True,
         },
         'users': {
             'f2k1de': {