{ config, ... }: { sops.secrets.guacamole_users.sopsFile = ../../secrets.yaml; satellite.nginx.at.guacamole.port = config.satellite.ports.guacamole; virtualisation.oci-containers.containers.guacamole = { image = "flcontainers/guacamole"; ports = [ "${toString config.satellite.nginx.at.guacamole.port}:8080" ]; volumes = [ "/etc/localtime:/etc/localtime" # "${config.sops.secrets.guacamole_users.path}:/etc/guacamole/user-mapping.xml" "/var/lib/guacamole:/config" ]; environment = { TZ = config.time.timeZone; }; }; # Allow ssh-ing using the provided key users.users.pilot.openssh.authorizedKeys.keyFiles = [ ./ed25519.pub ]; }