retooled rdp.nix

modules/rdp.nix

@@ -10,7 +10,6 @@ lib.mkIf config.sovran_systemsOS.features.rdp {
     freerdp
   ];
 
-  # gnome-remote-desktop ships a system service that needs to be explicitly enabled
   systemd.services.gnome-remote-desktop = {
     wantedBy = [ "graphical.target" ];
     after = [ "graphical.target" ];
@@ -20,7 +19,6 @@ lib.mkIf config.sovran_systemsOS.features.rdp {
     };
   };
 
-  # Configure RDP credentials and enable RDP mode on first boot
   systemd.services.gnome-remote-desktop-setup = {
     description = "Configure GNOME Remote Desktop RDP";
     wantedBy = [ "multi-user.target" ];
@@ -29,22 +27,22 @@ lib.mkIf config.sovran_systemsOS.features.rdp {
       Type = "oneshot";
       RemainAfterExit = true;
     };
-    path = [ pkgs.gnome-remote-desktop ];
+    path = [
+      pkgs.gnome-remote-desktop
+      pkgs.polkit
+      pkgs.openssl
+    ];
     script = ''
-      # Enable RDP backend
-      grdctl --system rdp enable
-
-      # Disable requiring a prompt/handshake for unattended access
-      grdctl --system rdp set-credentials sovran "$(cat /var/lib/gnome-remote-desktop/rdp-password 2>/dev/null || echo 'changeme')"
-
       # Generate a default password file if one doesn't exist
       if [ ! -f /var/lib/gnome-remote-desktop/rdp-password ]; then
         mkdir -p /var/lib/gnome-remote-desktop
-        ${pkgs.openssl}/bin/openssl rand -base64 16 > /var/lib/gnome-remote-desktop/rdp-password
+        openssl rand -base64 16 > /var/lib/gnome-remote-desktop/rdp-password
         chmod 600 /var/lib/gnome-remote-desktop/rdp-password
         echo "Generated new RDP password at /var/lib/gnome-remote-desktop/rdp-password"
       fi
 
+      # Enable RDP backend and set credentials
+      grdctl --system rdp enable
       grdctl --system rdp set-credentials sovran "$(cat /var/lib/gnome-remote-desktop/rdp-password)"
     '';
   };