1
Fork 0
satellite/hosts/nixos/lapetus/services/guacamole/default.nix

23 lines
691 B
Nix

{ config, ... }:
{
sops.secrets.guacamole_users.sopsFile = ../../secrets.yaml;
satellite.nginx.at.guacamole.port = config.satellite.ports.guacamole;
virtualisation.oci-containers.containers.guacamole = {
image = "flcontainers/guacamole";
ports = [ "${toString config.satellite.nginx.at.guacamole.port}:8080" ];
volumes = [
"/etc/localtime:/etc/localtime"
# "${config.sops.secrets.guacamole_users.path}:/etc/guacamole/user-mapping.xml"
"/var/lib/guacamole:/config"
];
environment = {
TZ = config.time.timeZone;
};
};
# Allow ssh-ing using the provided key
users.users.pilot.openssh.authorizedKeys.keyFiles = [ ./ed25519.pub ];
}