From b77fb2ed704e27e47cda50889d27a8f6fd9e4608 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 8 Apr 2026 18:18:04 +0000 Subject: [PATCH] Fix RDP Session Already Running by using user-session screen sharing Agent-Logs-Url: https://github.com/naturallaw777/staging_alpha/sessions/ab7b63b5-2a0a-4933-9fb2-36ac793e9f1a Co-authored-by: naturallaw777 <99053422+naturallaw777@users.noreply.github.com> --- modules/rdp.nix | 56 +++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 50 insertions(+), 6 deletions(-) diff --git a/modules/rdp.nix b/modules/rdp.nix index 61f7c81..2c998ca 100755 --- a/modules/rdp.nix +++ b/modules/rdp.nix @@ -82,14 +82,16 @@ lib.mkIf config.sovran_systemsOS.features.rdp { if [ ! -f /var/lib/gnome-remote-desktop/rdp-password ]; then PASSWORD=$(openssl rand -base64 16) echo "$PASSWORD" > /var/lib/gnome-remote-desktop/rdp-password - chmod 600 /var/lib/gnome-remote-desktop/rdp-password else PASSWORD=$(cat /var/lib/gnome-remote-desktop/rdp-password) fi + chown root:gnome-remote-desktop /var/lib/gnome-remote-desktop/rdp-password + chmod 640 /var/lib/gnome-remote-desktop/rdp-password # Write username to a separate file for the hub echo "sovran" > /var/lib/gnome-remote-desktop/rdp-username - chmod 600 /var/lib/gnome-remote-desktop/rdp-username + chown root:gnome-remote-desktop /var/lib/gnome-remote-desktop/rdp-username + chmod 640 /var/lib/gnome-remote-desktop/rdp-username # Get current IP address LOCAL_IP=$(hostname -I | awk '{print $1}') @@ -111,12 +113,54 @@ lib.mkIf config.sovran_systemsOS.features.rdp { chmod 600 "$CRED_FILE" - # Enable RDP backend and set credentials - grdctl --system rdp enable - grdctl --system rdp set-credentials sovran "$PASSWORD" - grdctl --system rdp disable-view-only || true + # Disable the system-level RDP endpoint so connections go through the user session + grdctl --system rdp disable || true echo "GNOME Remote Desktop RDP configured successfully" ''; }; + + # User-level service that enables RDP screen sharing within the free user's graphical session. + # This avoids the GDM "Session Already Running" conflict caused by the system-level RDP endpoint. + systemd.user.services.gnome-remote-desktop-session = { + description = "Enable GNOME Remote Desktop screen sharing for user session"; + wantedBy = [ "graphical-session.target" ]; + after = [ "graphical-session.target" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + path = [ + pkgs.gnome-remote-desktop + ]; + script = '' + # Read the password generated by the system-level setup service. + # Wait for the password file to be available (system service may still be running). + for i in $(seq 1 30); do + [ -f /var/lib/gnome-remote-desktop/rdp-password ] && break + sleep 1 + done + + if [ ! -f /var/lib/gnome-remote-desktop/rdp-password ]; then + echo "ERROR: Timed out waiting for RDP password file" + exit 1 + fi + + PASSWORD=$(cat /var/lib/gnome-remote-desktop/rdp-password 2>/dev/null || echo "") + if [ -z "$PASSWORD" ]; then + echo "ERROR: RDP password file is empty" + exit 1 + fi + + # Enable RDP in the user session (screen sharing mode — takes over existing desktop) + grdctl rdp enable + grdctl rdp set-credentials sovran "$PASSWORD" + grdctl rdp disable-view-only || true + + echo "GNOME Remote Desktop user-session screen sharing enabled" + ''; + }; + + # Add free user to gnome-remote-desktop group so the user-level service can read credential files + users.users.free.extraGroups = [ "gnome-remote-desktop" ]; }