feat(ubuntu): opt-in xrdp remote desktop (XFCE default, LAN-scoped)#8
Open
ns408 wants to merge 6 commits into
Open
feat(ubuntu): opt-in xrdp remote desktop (XFCE default, LAN-scoped)#8ns408 wants to merge 6 commits into
ns408 wants to merge 6 commits into
Conversation
Provide LAN-scoped graphical remote access for Ubuntu without weakening the default install. Kept out of bootstrap.sh so the RDP listener only exists when explicitly requested, and restricted to the local subnet via ufw (allowing SSH before enabling, to avoid remote lockout).
XFCE installed alongside an existing GNOME caused session crashes. Support DESKTOP=gnome|xfce|auto (default to existing GNOME), configure an Xorg GNOME session for xrdp, and add a polkit override that silences the 24.04 colord authentication popups that destabilise remote sessions.
On old/integrated GPUs xorgxrdp's glamor EGL shaders fail to compile, breaking the framebuffer path and producing a black screen. Force software rendering (DRMDevice/DRI3 off) for broad compatibility; document that GPU-less hosts must use XFCE since GNOME Shell cannot run on software GL.
XFCE is the reliable desktop over RDP (no GL compositing); GNOME Shell crashes on software-rendered GL. Make XFCE the default and require DESKTOP=gnome to opt in.
XFCE-over-xrdp starts no Secret Service, so Chromium/Electron apps warn the OS keyring is unavailable and fall back to plaintext storage. Install gnome-keyring and hook pam_gnome_keyring into xrdp-sesman (XFCE only, idempotent) so the keyring unlocks with the login password.
When ~/.xsession is missing or drifts, Ubuntu xrdp falls back to the system x-session-manager (GNOME), which black-screens on GPU-less hosts. Pin it to xfce4-session in the XFCE path so the fallback can never silently select GNOME.
ns408
force-pushed
the
feat/ubuntu-remote-desktop
branch
from
6a1a13b to
e42d832
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
install/ubuntu/install-remote-desktop.sh. Not run bybootstrap.sh; default profiles stay minimal-surface.xrdp, then LAN-scopes port 3389 via ufw (allows SSH first so it can't lock you out). Auto-detects the subnet; override withSUBNET=<cidr>.DESKTOP=gnome.Why
ns-bootstrap shipped no graphical remote access. This adds it without weakening the default install: the RDP listener only exists when the script is explicitly run, and it is firewalled to the LAN.
Field testing (Ubuntu 24.04, ASUS, old Intel + NVidia)
Test plan
shellcheck install/ubuntu/install-remote-desktop.sh— clean.bash install/ubuntu/install-remote-desktop.sh(defaults to XFCE), then:systemctl is-active xrdp→ activess -tlnp | grep 3389→ listeningsudo ufw status→ SSH allowed +3389/tcp ALLOW <subnet>grep -nE 'DRMDevice|DRI3' /etc/X11/xrdp/xorg.conf→""and"0"