Sovran_Systems/Sovran_SystemsOS
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

retooling rdp.nix

Browse Source
This commit is contained in:
naturallaw77
2026-03-25 13:31:18 -05:00
parent 03ecb65aca
commit 51169ff51c
1 changed files with 25 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
modules/rdp.nix
View File

@@ -10,13 +10,11 @@ lib.mkIf config.sovran_systemsOS.features.rdp {
freerdp freerdp
]; ];
# The NixOS module installs the unit but doesn't enable it — we just need to start it and order it
systemd.services.gnome-remote-desktop = { systemd.services.gnome-remote-desktop = {
wantedBy = [ "graphical.target" ]; wantedBy = [ "graphical.target" ];
after = [ "graphical.target" ]; after = [ "gnome-remote-desktop-setup.service" ];
serviceConfig = { wants = [ "gnome-remote-desktop-setup.service" ];
Restart = "on-failure";
RestartSec = 5;
};
}; };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
@@ -48,10 +46,29 @@ lib.mkIf config.sovran_systemsOS.features.rdp {
mkdir -p /var/lib/gnome-remote-desktop/.local/share/gnome-remote-desktop mkdir -p /var/lib/gnome-remote-desktop/.local/share/gnome-remote-desktop
chown -R gnome-remote-desktop:gnome-remote-desktop /var/lib/gnome-remote-desktop chown -R gnome-remote-desktop:gnome-remote-desktop /var/lib/gnome-remote-desktop
TLS_DIR="/var/lib/gnome-remote-desktop/tls"
CRED_FILE="/var/lib/gnome-remote-desktop/rdp-credentials" CRED_FILE="/var/lib/gnome-remote-desktop/rdp-credentials"
PASSWORD=""
# Generate TLS certificate if it doesn't exist
if [ ! -f "$TLS_DIR/rdp-tls.crt" ]; then
mkdir -p "$TLS_DIR"
openssl req -x509 -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 \
-sha256 -nodes -days 3650 \
-keyout "$TLS_DIR/rdp-tls.key" \
-out "$TLS_DIR/rdp-tls.crt" \
-subj "/CN=gnome-remote-desktop"
chown -R gnome-remote-desktop:gnome-remote-desktop "$TLS_DIR"
chmod 600 "$TLS_DIR/rdp-tls.key"
chmod 644 "$TLS_DIR/rdp-tls.crt"
echo "Generated RDP TLS certificate"
fi
# Configure TLS certificate
grdctl --system rdp set-tls-cert "$TLS_DIR/rdp-tls.crt"
grdctl --system rdp set-tls-key "$TLS_DIR/rdp-tls.key"
# Generate password on first boot only # Generate password on first boot only
PASSWORD=""
if [ ! -f /var/lib/gnome-remote-desktop/rdp-password ]; then if [ ! -f /var/lib/gnome-remote-desktop/rdp-password ]; then
PASSWORD=$(openssl rand -base64 16) PASSWORD=$(openssl rand -base64 16)
echo "$PASSWORD" > /var/lib/gnome-remote-desktop/rdp-password echo "$PASSWORD" > /var/lib/gnome-remote-desktop/rdp-password
@@ -83,6 +100,8 @@ lib.mkIf config.sovran_systemsOS.features.rdp {
# Enable RDP backend and set credentials # Enable RDP backend and set credentials
grdctl --system rdp enable grdctl --system rdp enable
grdctl --system rdp set-credentials sovran "$PASSWORD" grdctl --system rdp set-credentials sovran "$PASSWORD"
echo "GNOME Remote Desktop RDP configured successfully"
''; '';
}; };
} }