summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorsinanmohd <sinan@sinanmohd.com>2024-02-11 21:22:53 +0530
committersinanmohd <sinan@sinanmohd.com>2024-02-12 07:51:19 +0530
commitd87edb6024132db442600c76b6db1f49a01ed0e2 (patch)
tree4bfa7e733729806135ce9914f17f60447133921d
parent7bb35b9e407422312c171802c7f5e583f353ba28 (diff)
hosts/lia/sshfwd/mkFwdSrv: init
-rw-r--r--hosts/lia/modules/sshfwd.nix47
-rw-r--r--hosts/lia/secrets.yaml6
2 files changed, 32 insertions, 21 deletions
diff --git a/hosts/lia/modules/sshfwd.nix b/hosts/lia/modules/sshfwd.nix
index f86238b..dac2d71 100644
--- a/hosts/lia/modules/sshfwd.nix
+++ b/hosts/lia/modules/sshfwd.nix
@@ -1,22 +1,33 @@
-{ pkgs, config, ... }: {
- sops.secrets."sshfwd/kay" = {};
+{ pkgs, config, ... }: let
+ mkFwdSrv = {
+ local_port,
+ remote_port,
+ remote ? "sinanmohd.com",
+ key ? config.sops.secrets."sshfwd/${remote}".path,
+ }: {
+ "sshfwd-${toString local_port}-${remote}:${toString remote_port}" = {
+ description = "Forwarding port ${toString local_port} to ${remote}";
- environment.systemPackages = with pkgs; [ openssh ];
- systemd.services."sshfwd" = {
- description = "Forwarding port 22 to the Internet";
- wantedBy = [ "multi-user.target" ];
- after = [ "network-online.target" ];
- wants = [ "network-online.target" ];
- # restart rather than stop+start this unit to prevent the
- # network from dying during switch-to-configuration.
- stopIfChanged = false;
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network-online.target" ];
+ wants = [ "network-online.target" ];
+ # restart rather than stop+start this unit to prevent
+ # the ssh from dying during switch-to-configuration.
+ stopIfChanged = false;
- path = [ pkgs.openssh ];
- script = ''
- echo -n "Forwarding port 22"
- exec ssh -N lia@sinanmohd.com \
- -R 0.0.0.0:2222:127.0.0.1:22 \
- -i ${config.sops.secrets."sshfwd/kay".path}
- '';
+ path = [ pkgs.openssh ];
+ script = ''
+ echo -n "Forwarding port ${toString local_port}"
+ exec ssh -N lia@${remote} \
+ -R 0.0.0.0:${toString remote_port}:127.0.0.1:${toString local_port} \
+ -i ${key}
+ '';
+ };
};
+in {
+ sops.secrets."sshfwd/sinanmohd.com" = {};
+
+ environment.systemPackages = with pkgs; [ openssh ];
+ systemd.services
+ = mkFwdSrv { local_port = 22; remote_port = 2222; };
}
diff --git a/hosts/lia/secrets.yaml b/hosts/lia/secrets.yaml
index 4438faf..facb577 100644
--- a/hosts/lia/secrets.yaml
+++ b/hosts/lia/secrets.yaml
@@ -1,5 +1,5 @@
sshfwd:
- kay: ENC[AES256_GCM,data:XXWpIKypbAaB6rMTi/+GWzJ7lGQ7rKOjPqsFxfKQBvCLpy8NJEKHPnV2OzGwl/if2g6VVmk9TpuhOZk1MlZtM7X0mczu3YTqBHub2iVbuCxV8XbupOiYbz9afDx8YFo7jHPCfd+yn28T8OgHB2vfcvV5ShtgiEghjl8eobgxKZyzQ6Wikh+9cRQolEIEva+wUIJI/qp0vpC3ihn3xfUPJcFsOolfx0fZ5zGOtCBFCTgzvxwWCVtioH1qoEtlQ8Smeo+eJb2hzgouAYD7OOwebG3+xPv8zUxFBM6D23WzKW5PHArO25mkk9Ho0jCv3YHqY7TvurYbm+69sTe/cIo7TZin9Qb/JR8vlaNnpnKnZ2J2nmLZDGvqqbif3loYUVcpbsqWSPNBnpXGmWm/ATE7qt3G+pl+GwRxceLk63ZGJ4XHKuY6j6cgdoxvT13Gs+tzE8vcZphixWsKV7hd/YzI1FWETcEsxhrMhhCKV7bt9M7UlRBU5jRZGSgepNF0YjvjO58y6fMCZdSyRhKoRDm7AqYmzM+TNaOH/ge/4GRTQcw1eno2Ilcffk4P6yZ+zlcotncyaUcn2WLNrhiU,iv:Hy2AKc6IaEzR8rn5qjfBmkmplKhk30cdhgnMAfP0M20=,tag:b0GOdA8hrHwTl4ps4lFhhw==,type:str]
+ sinanmohd.com: ENC[AES256_GCM,data:ZB2qbUA4+AcYlIY6IaPf9aUdMV0ltdKveqVSNS2Nhq8h6kWheqWiaXgIK6vuN7oDHKomgVXWaVdxTf6OFvFQHCHMMqtm0KfvSJW+cdORpfZkEZuji5Ob/yQiNllyS8oAw9iT5YdyifLi7XkfD+dHbt+XWLQCMFPirJ8Lz6ynTYxV+N7Pu7yOhfCzPDYfqexW7Ymrjk0PI32OVgo+sE0obnASGW645dP4ydKOZM5xx9NGr/Oao2W5C61qdr2gUCoYQKZXkfItGRfCuWuCeh0ZmbxumS6Q1WeWUW09SY5NN24025TBoZgE+UdJIXuczAQy5wzpXYsDWwBXNod4gAhe76YgLydlYBpBHe6xN6OBgCewHkjCGkirHawmbYxkmJ40L6/lMFPjRmMV7yhj94Vsyx7NAW1H8yKVE/9typXUrIyxbxAOGrwy0TjlGYogAcZ7YYZ+ipmkqNlQ1pliA2Kha+2ZzPG0hV8NKhydNr0cz5ylfL4cQaAXxxg6YHOUYL0DGbfMXMpZKTt47TJcY72RWDaUr2RsmhJ+k2vNBDY3I01n9syWnlk80h2bs1ILJ5Ad3PP8Em8yGaXJLM+3,iv:VoDyy+h3UHL0YJPJ7rbgLTZZzIPCJTD8yBPXNxWjHqo=,tag:zGQXrE066SDMCwgZpC9/Pg==,type:str]
sops:
kms: []
gcp_kms: []
@@ -24,8 +24,8 @@ sops:
RG9hL2hlYjdaYTVJWVFlSE4xN1poUHcKe4BPaVEyc3W1hyu0jOQcEdZ1kl2aQLgZ
fHDs4kDeCcfJI/s5Cb/YD3cIp7HB6FBoe7LHiNiJbyJGR0wJecLqxg==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2024-02-11T15:31:57Z"
- mac: ENC[AES256_GCM,data:Z4ZJhpBrvd2R5xrnJ/C2C/SOsUepqSy2hrVzPnFi+nfIidHi5gV7oCh1ASR/uFrOZGilcUCuqOpi1tGDJiw+oYQTOhA8Gq92t6s3cVq63GRGwD0XhqWm8/1kULq6b4jyK9lN94sTDHHQVAYzzglOiaTgbBs6xLS/VpUSiJRK2QE=,iv:8OlSGg3YqoN1SKZGaXvD9u4dq0OYEBAKMLEUmByXD3I=,tag:3FJOS3mZLCc3D48m8yXBSg==,type:str]
+ lastmodified: "2024-02-11T15:56:54Z"
+ mac: ENC[AES256_GCM,data:H7GBDYCB/T7tM8hGOL0RMbS5NH2eNC4SJvoZUNS9WWx7gu60bn1qIkDda9aInZxZsN1ocNQDefG548pC598EsNTIeoqGWkXVdScFSXx4R+5mSmMHV5KgoPP8z+vUQ81gXsgh51hSCVUfhKshL6TccfFB4/u4kjGp2UcAAVAAEtQ=,iv:MBoCdOapNr36PeNt5GND40tcSHC1aa66JG36dPCDN+A=,tag:GDBXs2wlSAj3Bf+/XkO/2A==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1