From 6b2190a91894572efa5c32a6b392749a8acddf51 Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@subzero.xyz>
Date: Wed, 3 Dec 2025 16:52:23 +0100
Subject: [PATCH] =?UTF-8?q?=E2=80=A2=20feat(nix):=20configure=20gnome-remo?=
 =?UTF-8?q?te-desktop=20firewall=20rules=20and=20systemd=20target?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

  - Added systemd service configuration to enable gnome-remote-desktop on graphical.target
  - Conditionally enable firewall rules for RDP ports (3389) only when gnome-remote-desktop is enabled
  - Maintains consistent service configuration with existing xrdp and firewall setup patterns
---
 modules/nixos/services/gui/default.nix | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/modules/nixos/services/gui/default.nix b/modules/nixos/services/gui/default.nix
index d8aae1d..8d0dd55 100644
--- a/modules/nixos/services/gui/default.nix
+++ b/modules/nixos/services/gui/default.nix
@@ -216,7 +216,14 @@ in
     services.xrdp.openFirewall = true;
 
     services.gnome.gnome-remote-desktop.enable = lib.mkDefault true;
-    networking.firewall.allowedTCPPorts = [ 3389 ];
-    networking.firewall.allowedUDPPorts = [ 3389 ];
+
+    systemd.services."gnome-remote-desktop".wantedBy =
+      mkIf config.services.gnome.gnome-remote-desktop.enable
+        [ "graphical.target" ];
+
+    networking.firewall = mkIf config.services.gnome.gnome-remote-desktop.enable {
+      allowedTCPPorts = [ 3389 ];
+      allowedUDPPorts = [ 3389 ];
+    };
   };
 }