{ config, lib, pkgs, nixpkgs-unstable, ... }: { services.guacamole-server.enable = true; services.guacamole-server.package = pkgs.unstable.guacamole-server; services.guacamole-server.port = 4822; # Configure Database Authentication environment.etc = let dbauth-src = pkgs.fetchurl { url = "https://dlcdn.apache.org/guacamole/1.5.3/binary/guacamole-auth-jdbc-1.5.3.tar.gz"; hash = "sha256-7Tuncc5Io4oOVvApkTuAUSSdvr/dMv/tvOLfDbEyJH8="; }; dbauth = pkgs.stdenv.mkDerivation { name = "jdbc"; version = "1.5.3"; src = dbauth-src; installPhase = '' mkdir $out cp -r * $out ''; }; in { "guacamole/extensions/postgresql.jar" = { source = "${dbauth}/postgresql/guacamole-auth-jdbc-postgresql-1.5.3.jar"; }; "guacamole/lib/postgresql.jar" = { source = pkgs.fetchurl { url = "https://jdbc.postgresql.org/download/postgresql-42.6.0.jar"; hash = "sha256-uBfGekDJQkn9WdTmhuMyftDT0/rkJrINoPHnVlLPxGE="; }; }; }; # User user perms for psql login users = { users.guacamole = { isSystemUser = true; group = "guacamole"; }; groups.guacamole = {}; }; systemd.services.guacamole-server.serviceConfig = { User = "guacamole"; Group = "guacamole"; DynamicUser = pkgs.lib.mkForce false; }; # TODO: Write description that autoruns schemas in dbauth/postgresql/schemas services.postgresql = { enable = true; port = 5432; ensureDatabases = [ "guacamole" ]; ensureUsers = [{ name = "guacamole"; # Ensures guacamole user owns a db called guacamole ensureDBOwnership = true; ensureClauses = { createdb = true; }; }]; }; services.guacamole-client.enable = true; services.guacamole-client.enableWebserver = true; services.guacamole-client.package = pkgs.unstable.guacamole-client; services.guacamole-client.settings = { guacd-hostname = "localhost"; guacd-port = 4822; # Postgresql Auth Settings: postgresql-hostname = "localhost"; postgresql-database = "guacamole"; postgresql-username = "guacamole"; # Password is superfluous: only can be used through guacamole user. postgresql-password = ""; }; services.caddy.virtualHosts = { "remote.ws.kcnhub.com" = { # Proxy to default tomcat port ( 8080 ) extraConfig = '' rewrite * /guacamole{uri} reverse_proxy 127.0.0.1:8080 ''; }; }; }