diff --git a/main.tf b/main.tf
index fa177d6..6b0e987 100644
--- a/main.tf
+++ b/main.tf
@@ -16,6 +16,10 @@ terraform {
       source = "telmate/proxmox"
       version = "~> 2.9.8"
     }
+    guacamole = {
+      source = "techBeck03/guacamole"
+      version = "~> 1.4.1"
+    }
   }
   backend "kubernetes" {
     secret_suffix    = "tfstate"
@@ -40,6 +44,14 @@ provider "keycloak" {
   url = "https://keycloak.${var.domain_suffix}"
 }
 
+provider "guacamole" {
+  url = "https://guac.${var.domain_suffix}/"
+  # token = var.guacamole_token
+  # data_source = var.guacamole_datasource
+  username = "guacadmin"
+  password = "guacadmin"
+}
+
 provider "proxmox" {
   pm_api_url = var.proxmox_api_url
   pm_api_token_id = var.proxmox_token_id
@@ -72,6 +84,8 @@ resource "helm_release" "keycloak" {
       auth:
         password: ${var.postgres_password}
     proxy: edge
+    metrics:
+      enabled: true
     EOT
   ]
 }
@@ -83,6 +97,35 @@ resource "keycloak_realm" "realm" {
   default_signature_algorithm = "RS256"
 }
 
+resource "keycloak_user" "initial_keycloak_user" {
+  realm_id   = keycloak_realm.realm.id
+  username   = var.keycloak_user.username
+  enabled    = true
+
+  email      = var.keycloak_user.email
+  first_name = var.keycloak_user.firstname
+  last_name  = var.keycloak_user.lastname
+
+  initial_password {
+    value     = var.keycloak_user.password
+    temporary = false
+  }
+}
+
+resource "keycloak_group" "admin_group" {
+  realm_id   = keycloak_realm.realm.id
+  name = "Admins"
+}
+
+resource "keycloak_user_groups" "initial_user_in_admin_group" {
+  exhaustive = false
+  realm_id = keycloak_realm.realm.id
+  user_id = keycloak_user.initial_keycloak_user.id
+  group_ids = [
+    keycloak_group.admin_group.id
+  ]
+}
+
 resource "keycloak_openid_client" "gitea_client" {
   realm_id            = keycloak_realm.realm.id
   client_id           = "gitea"
@@ -540,3 +583,20 @@ resource "proxmox_vm_qemu" "vyos_router" {
   ${var.ssh_key}
   EOF
 }
+
+resource "guacamole_connection_group" "routers" {
+  parent_identifier = "ROOT"
+  name = "Routers"
+  type = "organizational"
+}
+
+resource "guacamole_connection_ssh" "vyos_vms" {
+  for_each = { for x in proxmox_vm_qemu.vyos_router: x.name => x }
+  name = each.value.name
+  parent_identifier = guacamole_connection_group.routers.identifier
+  parameters {
+    hostname = each.value.default_ipv4_address
+    username = "vyos"
+    private_key = var.ssh_private_key
+  }
+}
diff --git a/vars.tf b/vars.tf
index 6fa91c1..6a041b4 100644
--- a/vars.tf
+++ b/vars.tf
@@ -55,7 +55,7 @@ variable "proxmox_api_url" {
 }
 
 variable "guacamole_datasource" {
-  default = "mysql"
+  default = "postgresql"
 }
 
 variable "guac_namespace" {