2023-10-31 11:22:35 -04:00
|
|
|
{ config, lib, pkgs, nixpkgs-unstable, ... }: {
|
|
|
|
services.guacamole-server.enable = true;
|
|
|
|
services.guacamole-server.package = pkgs.unstable.guacamole-server;
|
|
|
|
services.guacamole-server.port = 4822;
|
|
|
|
|
|
|
|
# Configure Database Authentication
|
|
|
|
environment.etc = let
|
|
|
|
dbauth-src = pkgs.fetchurl {
|
|
|
|
url = "https://dlcdn.apache.org/guacamole/1.5.3/binary/guacamole-auth-jdbc-1.5.3.tar.gz";
|
|
|
|
hash = "sha256-7Tuncc5Io4oOVvApkTuAUSSdvr/dMv/tvOLfDbEyJH8=";
|
|
|
|
};
|
|
|
|
dbauth = pkgs.stdenv.mkDerivation {
|
|
|
|
name = "jdbc";
|
|
|
|
version = "1.5.3";
|
|
|
|
src = dbauth-src;
|
|
|
|
installPhase = ''
|
|
|
|
mkdir $out
|
|
|
|
cp -r * $out
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
in {
|
|
|
|
"guacamole/extensions/postgresql.jar" = {
|
|
|
|
source = "${dbauth}/postgresql/guacamole-auth-jdbc-postgresql-1.5.3.jar";
|
|
|
|
};
|
|
|
|
"guacamole/lib/postgresql.jar" = {
|
|
|
|
source = pkgs.fetchurl {
|
|
|
|
url = "https://jdbc.postgresql.org/download/postgresql-42.6.0.jar";
|
|
|
|
hash = "sha256-uBfGekDJQkn9WdTmhuMyftDT0/rkJrINoPHnVlLPxGE=";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
# User user perms for psql login
|
|
|
|
users = {
|
|
|
|
users.guacamole = {
|
|
|
|
isSystemUser = true;
|
|
|
|
group = "guacamole";
|
|
|
|
};
|
|
|
|
groups.guacamole = {};
|
|
|
|
};
|
|
|
|
systemd.services.guacamole-server.serviceConfig = {
|
|
|
|
User = "guacamole";
|
|
|
|
Group = "guacamole";
|
|
|
|
DynamicUser = pkgs.lib.mkForce false;
|
|
|
|
};
|
|
|
|
|
|
|
|
# TODO: Write description that autoruns schemas in dbauth/postgresql/schemas
|
|
|
|
services.postgresql = {
|
|
|
|
enable = true;
|
|
|
|
port = 5432;
|
|
|
|
ensureDatabases = [
|
|
|
|
"guacamole"
|
|
|
|
];
|
|
|
|
ensureUsers = [{
|
|
|
|
name = "guacamole";
|
2024-01-16 11:22:24 -05:00
|
|
|
# Ensures guacamole user owns a db called guacamole
|
|
|
|
ensureDBOwnership = true;
|
2023-10-31 11:22:35 -04:00
|
|
|
ensureClauses = {
|
|
|
|
createdb = true;
|
|
|
|
};
|
|
|
|
}];
|
|
|
|
};
|
|
|
|
|
|
|
|
services.guacamole-client.enable = true;
|
|
|
|
services.guacamole-client.enableWebserver = true;
|
|
|
|
services.guacamole-client.package = pkgs.unstable.guacamole-client;
|
|
|
|
services.guacamole-client.settings = {
|
|
|
|
guacd-hostname = "localhost";
|
|
|
|
guacd-port = 4822;
|
|
|
|
|
|
|
|
# Postgresql Auth Settings:
|
|
|
|
postgresql-hostname = "localhost";
|
|
|
|
postgresql-database = "guacamole";
|
|
|
|
postgresql-username = "guacamole";
|
|
|
|
# Password is superfluous: only can be used through guacamole user.
|
|
|
|
postgresql-password = "";
|
|
|
|
};
|
|
|
|
services.caddy.virtualHosts = {
|
|
|
|
"remote.ws.kcnhub.com" = {
|
|
|
|
# Proxy to default tomcat port ( 8080 )
|
|
|
|
extraConfig = ''
|
|
|
|
rewrite * /guacamole{uri}
|
|
|
|
reverse_proxy 127.0.0.1:8080
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|