Sovran_Systems/Sovran_SystemsOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(rdp): remove session-level setup to fix Session Already Running conflict

Browse Source 
Agent-Logs-Url: https://github.com/naturallaw777/staging_alpha/sessions/9ba5618b-db30-41c3-8031-68b9a9e5448c

Co-authored-by: naturallaw777 <99053422+naturallaw777@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2026-04-08 17:50:40 +00:00
committed by GitHub
parent f15e5616b7
commit 45ee8da166
1 changed files with 5 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
modules/rdp.nix
View File

@@ -1,34 +1,5 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let
rdp-session-setup-script = pkgs.writeShellScript "rdp-session-setup.sh" ''
export PATH="${lib.makeBinPath [ pkgs.gnome-remote-desktop pkgs.coreutils ]}:$PATH"
# Wait for the system-level setup to have generated credentials
for i in $(seq 1 30); do
[ -f /var/lib/gnome-remote-desktop/rdp-password ] && break
echo "Waiting for RDP credentials... ($i/30)"
sleep 1
done
PASSWORD=$(cat /var/lib/gnome-remote-desktop/rdp-password 2>/dev/null || echo "")
if [ -z "$PASSWORD" ]; then
echo "ERROR: RDP password file not found or empty after waiting; session-level RDP setup aborted" >&2
exit 1
fi
TLS_DIR="/var/lib/gnome-remote-desktop/tls"
# Configure session-level RDP (no --system flag)
grdctl rdp set-tls-cert "$TLS_DIR/rdp-tls.crt" || { echo "ERROR: grdctl rdp set-tls-cert failed" >&2; exit 1; }
grdctl rdp set-tls-key "$TLS_DIR/rdp-tls.key" || { echo "ERROR: grdctl rdp set-tls-key failed" >&2; exit 1; }
grdctl rdp set-credentials sovran "$PASSWORD" || { echo "ERROR: grdctl rdp set-credentials failed" >&2; exit 1; }
grdctl rdp enable || { echo "ERROR: grdctl rdp enable failed" >&2; exit 1; }
grdctl rdp disable-view-only || echo "WARNING: grdctl rdp disable-view-only not supported on this version" >&2
echo "Session-level RDP configured successfully"
'';
in
lib.mkIf config.sovran_systemsOS.features.rdp { lib.mkIf config.sovran_systemsOS.features.rdp {
users.users.gnome-remote-desktop = { users.users.gnome-remote-desktop = {
@@ -39,9 +10,6 @@ lib.mkIf config.sovran_systemsOS.features.rdp {
}; };
users.groups.gnome-remote-desktop = {}; users.groups.gnome-remote-desktop = {};
# Give the 'free' user read access to RDP credential files
users.users.free.extraGroups = [ "gnome-remote-desktop" ];
# Enable the GNOME Remote Desktop service at the system level # Enable the GNOME Remote Desktop service at the system level
services.gnome.gnome-remote-desktop.enable = true; services.gnome.gnome-remote-desktop.enable = true;
@@ -102,7 +70,7 @@ lib.mkIf config.sovran_systemsOS.features.rdp {
# Always fix ownership and permissions (handles re-enable after disable) # Always fix ownership and permissions (handles re-enable after disable)
chown -R gnome-remote-desktop:gnome-remote-desktop "$TLS_DIR" chown -R gnome-remote-desktop:gnome-remote-desktop "$TLS_DIR"
chmod 640 "$TLS_DIR/rdp-tls.key" chmod 600 "$TLS_DIR/rdp-tls.key"
chmod 644 "$TLS_DIR/rdp-tls.crt" chmod 644 "$TLS_DIR/rdp-tls.crt"
# Configure TLS certificate # Configure TLS certificate
@@ -114,14 +82,14 @@ lib.mkIf config.sovran_systemsOS.features.rdp {
if [ ! -f /var/lib/gnome-remote-desktop/rdp-password ]; then if [ ! -f /var/lib/gnome-remote-desktop/rdp-password ]; then
PASSWORD=$(openssl rand -base64 16) PASSWORD=$(openssl rand -base64 16)
echo "$PASSWORD" > /var/lib/gnome-remote-desktop/rdp-password echo "$PASSWORD" > /var/lib/gnome-remote-desktop/rdp-password
chmod 640 /var/lib/gnome-remote-desktop/rdp-password chmod 600 /var/lib/gnome-remote-desktop/rdp-password
else else
PASSWORD=$(cat /var/lib/gnome-remote-desktop/rdp-password) PASSWORD=$(cat /var/lib/gnome-remote-desktop/rdp-password)
fi fi
# Write username to a separate file for the hub # Write username to a separate file for the hub
echo "sovran" > /var/lib/gnome-remote-desktop/rdp-username echo "sovran" > /var/lib/gnome-remote-desktop/rdp-username
chmod 640 /var/lib/gnome-remote-desktop/rdp-username chmod 600 /var/lib/gnome-remote-desktop/rdp-username
# Get current IP address # Get current IP address
LOCAL_IP=$(hostname -I | awk '{print $1}') LOCAL_IP=$(hostname -I | awk '{print $1}')
@@ -146,20 +114,9 @@ lib.mkIf config.sovran_systemsOS.features.rdp {
# Enable RDP backend and set credentials # Enable RDP backend and set credentials
grdctl --system rdp enable grdctl --system rdp enable
grdctl --system rdp set-credentials sovran "$PASSWORD" grdctl --system rdp set-credentials sovran "$PASSWORD"
grdctl --system rdp disable-view-only || echo "WARNING: grdctl --system rdp disable-view-only not supported on this version" >&2 grdctl --system rdp disable-view-only || true
echo "GNOME Remote Desktop RDP configured successfully" echo "GNOME Remote Desktop RDP configured successfully"
''; '';
}; };
# Autostart session-level RDP configuration when the 'free' user's GNOME session starts
environment.etc."xdg/autostart/sovran-rdp-session-setup.desktop".text = ''
[Desktop Entry]
Type=Application
Name=Sovran RDP Session Setup
Exec=${rdp-session-setup-script}
Terminal=false
X-GNOME-Autostart-enabled=true
NoDisplay=true
'';
} }