From 2c15341d35027876d1f1e6cb8cf9bed235f3c4c3 Mon Sep 17 00:00:00 2001 From: naturallaw77 Date: Wed, 25 Mar 2026 13:01:10 -0500 Subject: [PATCH] retooled rdp.nix --- modules/rdp.nix | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/modules/rdp.nix b/modules/rdp.nix index 9fb154a..72a0a93 100755 --- a/modules/rdp.nix +++ b/modules/rdp.nix @@ -10,7 +10,6 @@ lib.mkIf config.sovran_systemsOS.features.rdp { freerdp ]; - # gnome-remote-desktop ships a system service that needs to be explicitly enabled systemd.services.gnome-remote-desktop = { wantedBy = [ "graphical.target" ]; after = [ "graphical.target" ]; @@ -20,7 +19,6 @@ lib.mkIf config.sovran_systemsOS.features.rdp { }; }; - # Configure RDP credentials and enable RDP mode on first boot systemd.services.gnome-remote-desktop-setup = { description = "Configure GNOME Remote Desktop RDP"; wantedBy = [ "multi-user.target" ]; @@ -29,22 +27,22 @@ lib.mkIf config.sovran_systemsOS.features.rdp { Type = "oneshot"; RemainAfterExit = true; }; - path = [ pkgs.gnome-remote-desktop ]; + path = [ + pkgs.gnome-remote-desktop + pkgs.polkit + pkgs.openssl + ]; script = '' - # Enable RDP backend - grdctl --system rdp enable - - # Disable requiring a prompt/handshake for unattended access - grdctl --system rdp set-credentials sovran "$(cat /var/lib/gnome-remote-desktop/rdp-password 2>/dev/null || echo 'changeme')" - # Generate a default password file if one doesn't exist if [ ! -f /var/lib/gnome-remote-desktop/rdp-password ]; then mkdir -p /var/lib/gnome-remote-desktop - ${pkgs.openssl}/bin/openssl rand -base64 16 > /var/lib/gnome-remote-desktop/rdp-password + openssl rand -base64 16 > /var/lib/gnome-remote-desktop/rdp-password chmod 600 /var/lib/gnome-remote-desktop/rdp-password echo "Generated new RDP password at /var/lib/gnome-remote-desktop/rdp-password" fi + # Enable RDP backend and set credentials + grdctl --system rdp enable grdctl --system rdp set-credentials sovran "$(cat /var/lib/gnome-remote-desktop/rdp-password)" ''; };