diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md
index 6956c1ab6053e..551ed005a64bc 100644
--- a/nixos/doc/manual/release-notes/rl-2405.section.md
+++ b/nixos/doc/manual/release-notes/rl-2405.section.md
@@ -61,6 +61,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
 
 - [TuxClocker](https://github.com/Lurkki14/tuxclocker), a hardware control and monitoring program. Available as [programs.tuxclocker](#opt-programs.tuxclocker.enable).
 
+- [RustDesk](https://rustdesk.com), a full-featured open source remote control alternative for self-hosting and security with minimal configuration. Alternative to TeamViewer.
+
 ## Backward Incompatibilities {#sec-release-24.05-incompatibilities}
 
 <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 2552ca6fa0f54..ff76aa16c1b56 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -832,6 +832,7 @@
   ./services/monitoring/riemann-dash.nix
   ./services/monitoring/riemann-tools.nix
   ./services/monitoring/riemann.nix
+  ./services/monitoring/rustdesk-server.nix
   ./services/monitoring/scollector.nix
   ./services/monitoring/smartd.nix
   ./services/monitoring/snmpd.nix
diff --git a/nixos/modules/services/monitoring/rustdesk-server.nix b/nixos/modules/services/monitoring/rustdesk-server.nix
new file mode 100644
index 0000000000000..0a6a8e71672fd
--- /dev/null
+++ b/nixos/modules/services/monitoring/rustdesk-server.nix
@@ -0,0 +1,95 @@
+{ lib, pkgs, config, ... }:
+let
+  TCPPorts = [21115 21116 21117 21118 21119];
+  UDPPorts = [21116];
+in {
+  options.services.rustdesk-server = with lib; with types; {
+    enable = mkEnableOption "RustDesk, a remote access and remote control software, allowing maintenance of computers and other devices.";
+
+    package = mkPackageOption pkgs "rustdesk-server" {};
+
+    openFirewall = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Open the connection ports.
+        TCP (${lib.concatStringsSep ", " (map toString TCPPorts)})
+        UDP (${lib.concatStringsSep ", " (map toString UDPPorts)})
+      '';
+    };
+
+    relayIP = mkOption {
+      type = str;
+      description = ''
+        The public facing IP of the RustDesk relay.
+      '';
+    };
+  };
+
+  config = let
+    cfg = config.services.rustdesk-server;
+    serviceDefaults = {
+      enable = true;
+      requiredBy = [ "rustdesk.target" ];
+      serviceConfig = {
+        Slice = "system-rustdesk.slice";
+        User  = "rustdesk";
+        Group = "rustdesk";
+        Environment = [];
+        WorkingDirectory = "/var/lib/rustdesk";
+        StateDirectory   = "rustdesk";
+        StateDirectoryMode = "0750";
+        LockPersonality = true;
+        NoNewPrivileges = true;
+        PrivateDevices = true;
+        PrivateMounts = true;
+        PrivateTmp = true;
+        PrivateUsers = true;
+        ProtectClock = true;
+        ProtectControlGroups = true;
+        ProtectHome = true;
+        ProtectHostname = true;
+        ProtectKernelLogs = true;
+        ProtectKernelModules = true;
+        ProtectKernelTunables = true;
+        ProtectProc = "invisible";
+        ProtectSystem = "strict";
+        RemoveIPC = true;
+        RestrictNamespaces = true;
+        RestrictSUIDSGID = true;
+      };
+    };
+  in lib.mkIf cfg.enable {
+    users.users.rustdesk = {
+      description = "System user for RustDesk";
+      isSystemUser = true;
+      group = "rustdesk";
+    };
+    users.groups.rustdesk = {};
+
+    networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall TCPPorts;
+    networking.firewall.allowedUDPPorts = lib.mkIf cfg.openFirewall UDPPorts;
+
+    systemd.slices.system-rustdesk = {
+      enable = true;
+      description = "Slice designed to contain RustDesk Signal & RustDesk Relay";
+    };
+
+    systemd.targets.rustdesk = {
+      enable = true;
+      description = "Target designed to group RustDesk Signal & RustDesk Relay";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+    };
+
+    systemd.services.rustdesk-signal = lib.mkMerge [ serviceDefaults {
+      serviceConfig.ExecStart = "${cfg.package}/bin/hbbs -r ${cfg.relayIP}";
+    } ];
+
+    systemd.services.rustdesk-relay = lib.mkMerge [ serviceDefaults {
+      serviceConfig.ExecStart = "${cfg.package}/bin/hbbr";
+    } ];
+  };
+
+  meta.maintainers = with lib.maintainers; [ ppom ];
+}
diff --git a/pkgs/by-name/ye/yeswiki/package.nix b/pkgs/by-name/ye/yeswiki/package.nix
new file mode 100644
index 0000000000000..64ccd4353525f
--- /dev/null
+++ b/pkgs/by-name/ye/yeswiki/package.nix
@@ -0,0 +1,28 @@
+{
+  lib,
+  stdenv,
+  fetchurl,
+  unzip,
+}:
+let
+  version = "4.4.2";
+in stdenv.mkDerivation {
+  pname = "yeswiki";
+  inherit version;
+
+  src = fetchurl {
+    url = "https://repository.yeswiki.net/doryphore/yeswiki-doryphore-${version}.zip";
+    hash = "sha256-TNiVBragEnLkMTu/Op6sCFsk9wWXUQ2GUPqmWgPV/vk=";
+  };
+
+  nativeBuildInputs = [
+    unzip
+  ];
+
+  installPhase = ''
+    runHook preInstall
+    mkdir -p $out/
+    cp -R . $out/
+    runHook postInstall
+  '';
+}