Nix Podman Stacks
Search K

Appearance

guacamole

Example

User-Mapping XML

nix
{config, ...}: {
  userMappingXml = ''
    <user-mapping>
      <authorize username="example_user" password="{{ file.Read `${config.sops.secrets."guacamole_password".path}`}}">
        <connection name="Host SSH">
            <protocol>ssh</protocol>
            <param name="hostname">host.containers.internal</param>
            <param name="port">22</param>
            <param name="username">hostuser</param>
            <param name="private-key">{{ file.Read `${config.sops.secrets."guacamole/ssh_private_key".path}` }}</param>
            <param name="command">bash</param>
        </connection>
      </authorize>
    </user-mapping>
  '';
}

OIDC

nix
{config, ...}: {
  guacamole = {
    enable = true;

    db.passwordFile = config.sops.secrets."guacamole/db_password".path;
    oidc.enable = true;
  };
}

Stack Options

nps.stacks.guacamole.containers.guacamole

Alias of {option}services.podman.containers.guacamole.

Type
plaintext
submodule
Declaration
<nps/modules/guacamole>

nps.stacks.guacamole.containers.guacamole-db

Alias of {option}services.podman.containers.guacamole-db.

Type
plaintext
submodule
Declaration
<nps/modules/guacamole>

nps.stacks.guacamole.db.enable

Whether to use a DB for authentication. This is required when OIDC is enabled.

See https://guacamole.apache.org/doc/gug/jdbc-auth.html#database-authentication

Type
plaintext
boolean
Default
nix
false
Declaration
<nps/modules/guacamole>

nps.stacks.guacamole.db.passwordFile

The file containing the PostgreSQL password for the database.

Type
plaintext
absolute path
Declaration
<nps/modules/guacamole>

nps.stacks.guacamole.db.username

The PostgreSQL user to use for the database.

Type
plaintext
string
Default
nix
"guacamole"
Declaration
<nps/modules/guacamole>

nps.stacks.guacamole.enable

Whether to enable guacamole.

Type
plaintext
boolean
Default
nix
false
Example
nix
true
Declaration
<nps/modules/guacamole>

nps.stacks.guacamole.oidc.enable

Whether to enable OIDC login with Authelia. This will register an OIDC client in Authelia and setup the necessary configuration.

When OIDC is enabled, the db.passwordFile option has to be provided, as a DB setup is required for OIDC to work. Users from the user-mapping.xml won't be matched when logging in via OIDC.

For details, see:

Type
plaintext
boolean
Default
nix
false
Declaration
<nps/modules/guacamole>

nps.stacks.guacamole.userMappingXml

The user-mapping.xml. The final configuration file will be templated with gomplate, so secrets can be read from files or environment variables for example.

See https://guacamole.apache.org/doc/gug/configuring-guacamole.html#user-mapping-xml

Type
plaintext
null or string
Default
nix
null
Example
nix
<user-mapping>
  <authorize username="example_user" password="{{ file.Read `${config.sops.secrets."guacamole_password".path}`}}">
    <connection name="Host SSH">
        <protocol>ssh</protocol>
        <param name="hostname">host.containers.internal</param>
        <param name="port">22</param>
        <param name="username">hostuser</param>
        <param name="private-key">{{ file.Read `${config.sops.secrets."guacamole/ssh_private_key".path}` }}</param>
        <param name="command">bash</param>
    </connection>
  </authorize>
</user-mapping>
Declaration
<nps/modules/guacamole>