Guacamole on NixOS setup
Introduction
Guacamole on NixOS allows you to access your desktop environment and terminal via a web browser, supporting protocols like VNC, RDP, and SSH.
Setup
-
Add the RDP settings to
configuration.nix
/etc/nixos/configuration.nix # To edit use your text editor application, for example Nanoservices.xserver.enable = true;services.xserver.displayManager.sddm.enable = true;services.xserver.desktopManager.plasma5.enable = true;services.xrdp.enable = true;services.xrdp.defaultWindowManager = "startplasma-x11";services.xrdp.openFirewall = true; -
Then add the Guacamole settings
/etc/nixos/configuration.nix # To edit use your text editor application, for example Nanoservices.guacamole-server = {enable = true;host = "127.0.0.1";userMappingXml = ./guacamole/user-mapping.xml;# package = pkgs.unstable.guacamole-server; # Optional, use only when you want to use the unstable channel};services.guacamole-client = {enable = true;enableWebserver = true;settings = {guacd-port = 4822;guacd-hostname = "127.0.0.1";};# package = pkgs.unstable.guacamole-client; # Optional, use only when you want to use the unstable channel};In this case I am using the Guacamole package from the default channel. But you can also use a newer version from the unstable channel (if available).
-
Switch NixOS configuration
Now you can switch to the new NixOS configuration. Run the following command:
# Open your terminal applicationsudo nix-collect-garbage # Optional: clean upsudo nixos-rebuild switch -
Create the
user-mapping.xml
You need to enter the user information with which you can log in to Guacamole. And also the connections you want to use to connect to NixOS.
# Open your terminal applicationecho -n <password> | openssl dgst -sha256# Or use:# echo -n <password> > file.txt# sha256sum file.txtInstructions:
- Required Replace
<password>
with your password, which will be used to log in to Guacamole
Remember the result (the hash after
=
). - Required Replace
-
Create the
guacamole
folder# Open your terminal applicationsudo mkdir -p /etc/nixos/guacamole -
Add the following to
/etc/nixos/guacamole/user-mapping.xml
/etc/nixos/guacamole/user-mapping.xml # To edit use your text editor application, for example Nano<?xml version="1.0" encoding="UTF-8"?><user-mapping><!-- User using SHA-256 to hash the password --><authorizeusername="<username>"password="<sha256 hash>"encoding="sha256"><connection name="NixOS Server SSH"><protocol>ssh</protocol><param name="hostname">127.0.0.1</param><param name="port">22</param></connection><connection name="NixOS Server RDP"><protocol>rdp</protocol><param name="hostname">127.0.0.1</param><param name="port">3389</param><param name="ignore-cert">true</param></connection></authorize></user-mapping># IMPORTANT: Please read the instructions belowInstructions:
- Required Replace
<username>
with your username, which will be used to log in to Guacamole - Required Replace
<sha256 hash>
with the sha256 hash generated earlier (step 4)
- Required Replace
-
Check the results
Now you can browse to Cockpit by opening a web browser and going to:
http://localhost:8080/guacamole
. Replace localhost with the relevant IP address or FQDN if needed, and adjust the port if you changed it earlier.Then log in with your username and password. The result:
No comments found for this note.
Join the discussion for this note on Github. Comments appear on this page instantly.