From 08c8b7d09cd4c5f190fc9e78f02411e39c39ce5c Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 8 Apr 2026 14:33:44 +0000 Subject: [PATCH 1/2] Initial plan From 5ab402110066387013d405a10f0fb3c47f3ff99b Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 8 Apr 2026 14:46:52 +0000 Subject: [PATCH 2/2] Fix RDP frozen screen: add session-level GNOME Remote Desktop configuration Agent-Logs-Url: https://github.com/naturallaw777/staging_alpha/sessions/e099592f-2d1e-4894-a91c-b4ef9b4a5244 Co-authored-by: naturallaw777 <99053422+naturallaw777@users.noreply.github.com> --- modules/rdp.nix | 48 +++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 45 insertions(+), 3 deletions(-) diff --git a/modules/rdp.nix b/modules/rdp.nix index 1813c9b..ddab334 100755 --- a/modules/rdp.nix +++ b/modules/rdp.nix @@ -1,5 +1,33 @@ { config, lib, pkgs, ... }: +let + rdp-session-setup-script = pkgs.writeShellScript "rdp-session-setup.sh" '' + export PATH="${lib.makeBinPath [ pkgs.gnome-remote-desktop pkgs.coreutils ]}:$PATH" + + # Wait for the system-level setup to have generated credentials + for i in $(seq 1 30); do + [ -f /var/lib/gnome-remote-desktop/rdp-password ] && break + echo "Waiting for RDP credentials... ($i/30)" + sleep 1 + done + + PASSWORD=$(cat /var/lib/gnome-remote-desktop/rdp-password 2>/dev/null || echo "") + if [ -z "$PASSWORD" ]; then + echo "ERROR: RDP password file not found or empty after waiting; session-level RDP setup aborted" >&2 + exit 1 + fi + + TLS_DIR="/var/lib/gnome-remote-desktop/tls" + + # Configure session-level RDP (no --system flag) + grdctl rdp set-tls-cert "$TLS_DIR/rdp-tls.crt" || { echo "ERROR: grdctl rdp set-tls-cert failed" >&2; exit 1; } + grdctl rdp set-tls-key "$TLS_DIR/rdp-tls.key" || { echo "ERROR: grdctl rdp set-tls-key failed" >&2; exit 1; } + grdctl rdp set-credentials sovran "$PASSWORD" || { echo "ERROR: grdctl rdp set-credentials failed" >&2; exit 1; } + grdctl rdp enable || { echo "ERROR: grdctl rdp enable failed" >&2; exit 1; } + echo "Session-level RDP configured successfully" + ''; +in + lib.mkIf config.sovran_systemsOS.features.rdp { users.users.gnome-remote-desktop = { @@ -10,6 +38,9 @@ lib.mkIf config.sovran_systemsOS.features.rdp { }; users.groups.gnome-remote-desktop = {}; + # Give the 'free' user read access to RDP credential files + users.users.free.extraGroups = [ "gnome-remote-desktop" ]; + # Enable the GNOME Remote Desktop service at the system level services.gnome.gnome-remote-desktop.enable = true; @@ -70,7 +101,7 @@ lib.mkIf config.sovran_systemsOS.features.rdp { # Always fix ownership and permissions (handles re-enable after disable) chown -R gnome-remote-desktop:gnome-remote-desktop "$TLS_DIR" - chmod 600 "$TLS_DIR/rdp-tls.key" + chmod 640 "$TLS_DIR/rdp-tls.key" chmod 644 "$TLS_DIR/rdp-tls.crt" # Configure TLS certificate @@ -82,14 +113,14 @@ lib.mkIf config.sovran_systemsOS.features.rdp { if [ ! -f /var/lib/gnome-remote-desktop/rdp-password ]; then PASSWORD=$(openssl rand -base64 16) echo "$PASSWORD" > /var/lib/gnome-remote-desktop/rdp-password - chmod 600 /var/lib/gnome-remote-desktop/rdp-password + chmod 640 /var/lib/gnome-remote-desktop/rdp-password else PASSWORD=$(cat /var/lib/gnome-remote-desktop/rdp-password) fi # Write username to a separate file for the hub echo "sovran" > /var/lib/gnome-remote-desktop/rdp-username - chmod 600 /var/lib/gnome-remote-desktop/rdp-username + chmod 640 /var/lib/gnome-remote-desktop/rdp-username # Get current IP address LOCAL_IP=$(hostname -I | awk '{print $1}') @@ -118,4 +149,15 @@ lib.mkIf config.sovran_systemsOS.features.rdp { echo "GNOME Remote Desktop RDP configured successfully" ''; }; + + # Autostart session-level RDP configuration when the 'free' user's GNOME session starts + environment.etc."xdg/autostart/sovran-rdp-session-setup.desktop".text = '' + [Desktop Entry] + Type=Application + Name=Sovran RDP Session Setup + Exec=${rdp-session-setup-script} + Terminal=false + X-GNOME-Autostart-enabled=true + NoDisplay=true + ''; } \ No newline at end of file