updated rdp.nix

modules/rdp.nix

@@ -1,6 +1,6 @@
 { config, pkgs, lib, ... }:
 
-  lib.mkIf config.sovran_systemsOS.features.rdp {
+lib.mkIf config.sovran_systemsOS.features.rdp {
 
   services.gnome.gnome-remote-desktop.enable = true;
 
@@ -9,8 +9,43 @@
   environment.systemPackages = with pkgs; [
     freerdp
   ];
+
+  # gnome-remote-desktop ships a system service that needs to be explicitly enabled
+  systemd.services.gnome-remote-desktop = {
+    wantedBy = [ "graphical.target" ];
+    after = [ "graphical.target" ];
+    serviceConfig = {
+      Restart = "on-failure";
+      RestartSec = 5;
+    };
+  };
+
+  # Configure RDP credentials and enable RDP mode on first boot
+  systemd.services.gnome-remote-desktop-setup = {
+    description = "Configure GNOME Remote Desktop RDP";
+    wantedBy = [ "multi-user.target" ];
+    before = [ "gnome-remote-desktop.service" ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+    };
+    path = [ pkgs.gnome-remote-desktop ];
+    script = ''
+      # Enable RDP backend
+      grdctl --system rdp enable
+
+      # Disable requiring a prompt/handshake for unattended access
+      grdctl --system rdp set-credentials sovran "$(cat /var/lib/gnome-remote-desktop/rdp-password 2>/dev/null || echo 'changeme')"
+
+      # Generate a default password file if one doesn't exist
+      if [ ! -f /var/lib/gnome-remote-desktop/rdp-password ]; then
+        mkdir -p /var/lib/gnome-remote-desktop
+        ${pkgs.openssl}/bin/openssl rand -base64 16 > /var/lib/gnome-remote-desktop/rdp-password
+        chmod 600 /var/lib/gnome-remote-desktop/rdp-password
+        echo "Generated new RDP password at /var/lib/gnome-remote-desktop/rdp-password"
+      fi
+
+      grdctl --system rdp set-credentials sovran "$(cat /var/lib/gnome-remote-desktop/rdp-password)"
+    '';
+  };
 }
-
-
-
-