WS-KCNHUB/machines/kcnhub/servers/guac.nix

88 lines
2.5 KiB
Nix
Raw Normal View History

2023-10-31 11:22:35 -04:00
{ config, lib, pkgs, nixpkgs-unstable, ... }: {
services.guacamole-server.enable = true;
services.guacamole-server.package = pkgs.unstable.guacamole-server;
services.guacamole-server.port = 4822;
# Configure Database Authentication
environment.etc = let
dbauth-src = pkgs.fetchurl {
url = "https://dlcdn.apache.org/guacamole/1.5.3/binary/guacamole-auth-jdbc-1.5.3.tar.gz";
hash = "sha256-7Tuncc5Io4oOVvApkTuAUSSdvr/dMv/tvOLfDbEyJH8=";
};
dbauth = pkgs.stdenv.mkDerivation {
name = "jdbc";
version = "1.5.3";
src = dbauth-src;
installPhase = ''
mkdir $out
cp -r * $out
'';
};
in {
"guacamole/extensions/postgresql.jar" = {
source = "${dbauth}/postgresql/guacamole-auth-jdbc-postgresql-1.5.3.jar";
};
"guacamole/lib/postgresql.jar" = {
source = pkgs.fetchurl {
url = "https://jdbc.postgresql.org/download/postgresql-42.6.0.jar";
hash = "sha256-uBfGekDJQkn9WdTmhuMyftDT0/rkJrINoPHnVlLPxGE=";
};
};
};
# User user perms for psql login
users = {
users.guacamole = {
isSystemUser = true;
group = "guacamole";
};
groups.guacamole = {};
};
systemd.services.guacamole-server.serviceConfig = {
User = "guacamole";
Group = "guacamole";
DynamicUser = pkgs.lib.mkForce false;
};
# TODO: Write description that autoruns schemas in dbauth/postgresql/schemas
services.postgresql = {
enable = true;
port = 5432;
ensureDatabases = [
"guacamole"
];
ensureUsers = [{
name = "guacamole";
2024-01-16 11:22:24 -05:00
# Ensures guacamole user owns a db called guacamole
ensureDBOwnership = true;
2023-10-31 11:22:35 -04:00
ensureClauses = {
createdb = true;
};
}];
};
services.guacamole-client.enable = true;
services.guacamole-client.enableWebserver = true;
services.guacamole-client.package = pkgs.unstable.guacamole-client;
services.guacamole-client.settings = {
guacd-hostname = "localhost";
guacd-port = 4822;
# Postgresql Auth Settings:
postgresql-hostname = "localhost";
postgresql-database = "guacamole";
postgresql-username = "guacamole";
# Password is superfluous: only can be used through guacamole user.
postgresql-password = "";
};
services.caddy.virtualHosts = {
"remote.ws.kcnhub.com" = {
# Proxy to default tomcat port ( 8080 )
extraConfig = ''
rewrite * /guacamole{uri}
reverse_proxy 127.0.0.1:8080
'';
};
};
}