rdp added systemd unit

2026-03-24 20:34:37 -05:00
parent 8bc1d6330a
commit 6e7e6a87ca
1 changed files with 24 additions and 38 deletions
--- a/modules/rdp.nix
+++ b/modules/rdp.nix
@@ -18,58 +18,44 @@ lib.mkIf cfg {
    "d /var/lib/gnome-remote-desktop 0700 gnome-remote-desktop gnome-remote-desktop -"
  ];

-  # 🔹 Single unified setup service
-  systemd.services.gnome-remote-desktop-setup = {
-    description = "GNOME Remote Desktop (TLS + RDP config)";
+ systemd.services.grd-cert = {
+  description = "GRD TLS cert";

  wantedBy = [ "multi-user.target" ];

-    # Run AFTER daemon is up, but don't fail if it isn't
-    after = [ "gnome-remote-desktop.service" ];
-    wants = [ "gnome-remote-desktop.service" ];
+  serviceConfig.Type = "oneshot";

-    serviceConfig = {
-      Type = "oneshot";
-      RemainAfterExit = true;
+  script = ''
+    CERT_DIR=/var/lib/gnome-remote-desktop
+
+    if [ ! -f "$CERT_DIR/rdp-tls.key" ]; then
+      ${pkgs.util-linux}/bin/runuser -u gnome-remote-desktop -- \
+        ${pkgs.freerdp}/bin/winpr-makecert -silent -rdp \
+        -path "$CERT_DIR" rdp-tls
+    fi
+  '';
 };

+  systemd.user.services.grd-setup = {
+    description = "GNOME Remote Desktop setup";
+
+    wantedBy = [ "default.target" ];
+    after = [ "graphical-session.target" ];
+
+    serviceConfig.Type = "oneshot";
+
    script = ''
      set -euo pipefail

      CERT_DIR=/var/lib/gnome-remote-desktop
-      KEY_FILE=$CERT_DIR/rdp-tls.key
-      CRT_FILE=$CERT_DIR/rdp-tls.crt

-      echo "[GRD] Ensuring TLS cert exists..."
-
-      if [ ! -f "$KEY_FILE" ]; then
-        ${pkgs.util-linux}/bin/runuser -u gnome-remote-desktop -- \
-          ${pkgs.freerdp}/bin/winpr-makecert -silent -rdp \
-          -path "$CERT_DIR" rdp-tls
-      fi
-
-      echo "[GRD] Waiting for daemon..."
-
-      # Wait for GRD to be responsive (prevents race condition)
-      for i in $(seq 1 10); do
-        if ${pkgs.gnome-remote-desktop}/bin/grdctl rdp show >/dev/null 2>&1; then
-          break
-        fi
-        sleep 1
-      done
-
-      echo "[GRD] Applying configuration..."
-
-      ${pkgs.gnome-remote-desktop}/bin/grdctl rdp set-tls-key "$KEY_FILE"
-      ${pkgs.gnome-remote-desktop}/bin/grdctl rdp set-tls-cert "$CRT_FILE"
+      ${pkgs.gnome-remote-desktop}/bin/grdctl rdp set-tls-key "$CERT_DIR/rdp-tls.key"
+      ${pkgs.gnome-remote-desktop}/bin/grdctl rdp set-tls-cert "$CERT_DIR/rdp-tls.crt"
      ${pkgs.gnome-remote-desktop}/bin/grdctl rdp enable

-      # Idempotent credential setup
      if ! ${pkgs.gnome-remote-desktop}/bin/grdctl rdp show | grep -q username; then
        ${pkgs.gnome-remote-desktop}/bin/grdctl rdp set-credentials "free" "a"
      fi
-
-      echo "[GRD] Setup complete"
    '';
  };