From 919bdba7c45e8a889fb0dc3b93e96c2a51761ff9 Mon Sep 17 00:00:00 2001
From: naturallaw77 <advbuwxeew@use.startmail.com>
Date: Wed, 25 Mar 2026 13:06:23 -0500
Subject: [PATCH] retooled rdp.nix

---
 modules/rdp.nix | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/modules/rdp.nix b/modules/rdp.nix
index 72a0a93..e381f1b 100755
--- a/modules/rdp.nix
+++ b/modules/rdp.nix
@@ -19,10 +19,18 @@ lib.mkIf config.sovran_systemsOS.features.rdp {
     };
   };
 
+  systemd.tmpfiles.rules = [
+    "d /var/lib/gnome-remote-desktop 0750 gnome-remote-desktop gnome-remote-desktop -"
+    "d /var/lib/gnome-remote-desktop/.local 0750 gnome-remote-desktop gnome-remote-desktop -"
+    "d /var/lib/gnome-remote-desktop/.local/share 0750 gnome-remote-desktop gnome-remote-desktop -"
+    "d /var/lib/gnome-remote-desktop/.local/share/gnome-remote-desktop 0750 gnome-remote-desktop gnome-remote-desktop -"
+  ];
+
   systemd.services.gnome-remote-desktop-setup = {
     description = "Configure GNOME Remote Desktop RDP";
     wantedBy = [ "multi-user.target" ];
     before = [ "gnome-remote-desktop.service" ];
+    after = [ "systemd-tmpfiles-setup.service" ];
     serviceConfig = {
       Type = "oneshot";
       RemainAfterExit = true;
@@ -35,8 +43,8 @@ lib.mkIf config.sovran_systemsOS.features.rdp {
     script = ''
       # Generate a default password file if one doesn't exist
       if [ ! -f /var/lib/gnome-remote-desktop/rdp-password ]; then
-        mkdir -p /var/lib/gnome-remote-desktop
         openssl rand -base64 16 > /var/lib/gnome-remote-desktop/rdp-password
+        chown gnome-remote-desktop:gnome-remote-desktop /var/lib/gnome-remote-desktop/rdp-password
         chmod 600 /var/lib/gnome-remote-desktop/rdp-password
         echo "Generated new RDP password at /var/lib/gnome-remote-desktop/rdp-password"
       fi