WS-KCNHUB/machines/kcnhub/servers/guac.nix

{ config, lib, pkgs, nixpkgs-unstable, ... }: {
  imports = [
    "${nixpkgs-unstable}/nixos/modules/services/web-apps/guacamole-server.nix"
    "${nixpkgs-unstable}/nixos/modules/services/web-apps/guacamole-client.nix"
  ];

  services.guacamole-server.enable = true;
  services.guacamole-server.package = pkgs.unstable.guacamole-server;
  services.guacamole-server.port = 4822;

  # Configure Database Authentication
  environment.etc = let
    dbauth-src = pkgs.fetchurl {
      url = "https://dlcdn.apache.org/guacamole/1.5.3/binary/guacamole-auth-jdbc-1.5.3.tar.gz";
      hash = "sha256-7Tuncc5Io4oOVvApkTuAUSSdvr/dMv/tvOLfDbEyJH8=";
    };
    dbauth = pkgs.stdenv.mkDerivation {
      name = "jdbc";
      version = "1.5.3";
      src = dbauth-src;
      installPhase = ''
        mkdir $out
        cp -r * $out
      '';
    };
  in {
    "guacamole/extensions/postgresql.jar" = {
      source = "${dbauth}/postgresql/guacamole-auth-jdbc-postgresql-1.5.3.jar";
    };
    "guacamole/lib/postgresql.jar" = {
      source = pkgs.fetchurl {
        url = "https://jdbc.postgresql.org/download/postgresql-42.6.0.jar";
        hash = "sha256-uBfGekDJQkn9WdTmhuMyftDT0/rkJrINoPHnVlLPxGE=";
      };
    };
  };

  # User user perms for psql login
  users = {
    users.guacamole = {
      isSystemUser = true;
      group = "guacamole";
    };
    groups.guacamole = {};
  };
  systemd.services.guacamole-server.serviceConfig = {
    User = "guacamole";
    Group = "guacamole";
    DynamicUser = pkgs.lib.mkForce false;
  };
  
  # TODO: Write description that autoruns schemas in dbauth/postgresql/schemas
  services.postgresql = {
    enable = true;
    port = 5432;
    ensureDatabases = [
      "guacamole"
    ];
    ensureUsers = [{
      name = "guacamole";
      ensurePermissions = {
        "DATABASE \"guacamole\"" = "ALL PRIVILEGES";
      };
      ensureClauses = {
        createdb = true;
      };
    }];
  };
  
  services.guacamole-client.enable = true;
  services.guacamole-client.enableWebserver = true;
  services.guacamole-client.package = pkgs.unstable.guacamole-client;
  services.guacamole-client.settings = {
    guacd-hostname = "localhost";
    guacd-port = 4822;

    # Postgresql Auth Settings:
    postgresql-hostname = "localhost";
    postgresql-database = "guacamole";
    postgresql-username = "guacamole";
    # Password is superfluous: only can be used through guacamole user.
    postgresql-password = "";
  };
  services.caddy.virtualHosts = {
    "remote.ws.kcnhub.com" = {
      # Proxy to default tomcat port ( 8080 )
      extraConfig = ''
        rewrite * /guacamole{uri}
        reverse_proxy 127.0.0.1:8080
      '';           
    };
  };
}
Reorganize Services (Xpra -> Guac) 2023-10-31 11:22:35 -04:00			`{ config, lib, pkgs, nixpkgs-unstable, ... }: {`
			`imports = [`
			`"${nixpkgs-unstable}/nixos/modules/services/web-apps/guacamole-server.nix"`
			`"${nixpkgs-unstable}/nixos/modules/services/web-apps/guacamole-client.nix"`
			`];`

			`services.guacamole-server.enable = true;`
			`services.guacamole-server.package = pkgs.unstable.guacamole-server;`
			`services.guacamole-server.port = 4822;`

			`# Configure Database Authentication`
			`environment.etc = let`
			`dbauth-src = pkgs.fetchurl {`
			`url = "https://dlcdn.apache.org/guacamole/1.5.3/binary/guacamole-auth-jdbc-1.5.3.tar.gz";`
			`hash = "sha256-7Tuncc5Io4oOVvApkTuAUSSdvr/dMv/tvOLfDbEyJH8=";`
			`};`
			`dbauth = pkgs.stdenv.mkDerivation {`
			`name = "jdbc";`
			`version = "1.5.3";`
			`src = dbauth-src;`
			`installPhase = ''`
			`mkdir $out`
			`cp -r * $out`
			`'';`
			`};`
			`in {`
			`"guacamole/extensions/postgresql.jar" = {`
			`source = "${dbauth}/postgresql/guacamole-auth-jdbc-postgresql-1.5.3.jar";`
			`};`
			`"guacamole/lib/postgresql.jar" = {`
			`source = pkgs.fetchurl {`
			`url = "https://jdbc.postgresql.org/download/postgresql-42.6.0.jar";`
			`hash = "sha256-uBfGekDJQkn9WdTmhuMyftDT0/rkJrINoPHnVlLPxGE=";`
			`};`
			`};`
			`};`

			`# User user perms for psql login`
			`users = {`
			`users.guacamole = {`
			`isSystemUser = true;`
			`group = "guacamole";`
			`};`
			`groups.guacamole = {};`
			`};`
			`systemd.services.guacamole-server.serviceConfig = {`
			`User = "guacamole";`
			`Group = "guacamole";`
			`DynamicUser = pkgs.lib.mkForce false;`
			`};`

			`# TODO: Write description that autoruns schemas in dbauth/postgresql/schemas`
			`services.postgresql = {`
			`enable = true;`
			`port = 5432;`
			`ensureDatabases = [`
			`"guacamole"`
			`];`
			`ensureUsers = [{`
			`name = "guacamole";`
			`ensurePermissions = {`
			`"DATABASE \"guacamole\"" = "ALL PRIVILEGES";`
			`};`
			`ensureClauses = {`
			`createdb = true;`
			`};`
			`}];`
			`};`

			`services.guacamole-client.enable = true;`
			`services.guacamole-client.enableWebserver = true;`
			`services.guacamole-client.package = pkgs.unstable.guacamole-client;`
			`services.guacamole-client.settings = {`
			`guacd-hostname = "localhost";`
			`guacd-port = 4822;`

			`# Postgresql Auth Settings:`
			`postgresql-hostname = "localhost";`
			`postgresql-database = "guacamole";`
			`postgresql-username = "guacamole";`
			`# Password is superfluous: only can be used through guacamole user.`
			`postgresql-password = "";`
			`};`
			`services.caddy.virtualHosts = {`
			`"remote.ws.kcnhub.com" = {`
			`# Proxy to default tomcat port ( 8080 )`
			`extraConfig = ''`
			`rewrite * /guacamole{uri}`
			`reverse_proxy 127.0.0.1:8080`
			`'';`
			`};`
			`};`
			`}`