do not create non-deterministic file (rsakeys.ini) in nixstore

1 files changed, 6 insertions, 3 deletions

diff --git a/nixos/modules/services/networking/xrdp.nix b/nixos/modules/services/networking/xrdp.nix
index 5923e436d648..bf59130ce5b9 100644
--- a/nixos/modules/services/networking/xrdp.nix
+++ b/nixos/modules/services/networking/xrdp.nix
@@ -9,16 +9,15 @@ let
 
     cp ${cfg.package}/etc/xrdp/{km-*,xrdp,sesman,xrdp_keyboard}.ini $out
 
-    ${cfg.package}/bin/xrdp-keygen xrdp $out/rsakeys.ini
-
     cat > $out/startwm.sh <<EOF
     #!/bin/sh
     . /etc/profile
     ${cfg.defaultWindowManager}
     EOF
     chmod +x $out/startwm.sh
-    
+
     substituteInPlace $out/xrdp.ini \
+      --replace "#rsakeys_ini=" "rsakeys_ini=/var/run/xrdp/rsakeys.ini" \
       --replace "certificate=" "certificate=${cfg.sslCert}" \
       --replace "key_file=" "key_file=${cfg.sslKey}" \
       --replace LogFile=xrdp.log LogFile=/dev/null \
@@ -117,6 +116,10 @@ in
             chown root:xrdp ${cfg.sslKey} ${cfg.sslCert}
             chmod 440 ${cfg.sslKey} ${cfg.sslCert}
           fi
+          if [ ! -s /var/run/xrdp/rsakeys.ini ]; then
+            mkdir -p /var/run/xrdp
+            ${cfg.package}/bin/xrdp-keygen xrdp /var/run/xrdp/rsakeys.ini
+          fi
         '';
         serviceConfig = {
           User = "xrdp";