repo: ./nixos -> ./os

1 files changed, 53 insertions, 0 deletions

diff --git a/os/lia/modules/sshfwd.nix b/os/lia/modules/sshfwd.nix
new file mode 100644
index 0000000..3c7c006
--- /dev/null
+++ b/os/lia/modules/sshfwd.nix
@@ -0,0 +1,53 @@
+{ pkgs, config, ... }: let
+  mkFwdSrv = {
+    local_port,
+    remote_port,
+    remote_user,
+    remote ? "sinanmohd.com",
+    ssh_port ? 22,
+    key ? config.sops.secrets."sshfwd/${remote}".path,
+  }: {
+    "sshfwd-${toString local_port}-${remote}:${toString remote_port}" = {
+      description = "Forwarding port ${toString local_port} to ${remote}";
+
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network-online.target" ];
+      wants = [ "network-online.target" ];
+      # restart rather than stop+start this unit to prevent
+      # the ssh from dying during switch-to-configuration.
+      stopIfChanged = false;
+
+      serviceConfig = {
+        ExecStart = ''
+          ${pkgs.openssh}/bin/ssh -N ${remote_user}@${remote} -p ${toString ssh_port} \
+              -R '[::]:${toString remote_port}:127.0.0.1:${toString local_port}' \
+              -o ServerAliveInterval=15 \
+              -o ExitOnForwardFailure=yes \
+              -i ${key}
+        '';
+
+        RestartSec = 3;
+        Restart = "always";
+      };
+
+    };
+  };
+in {
+  sops.secrets."sshfwd/sinanmohd.com" = {};
+  sops.secrets."sshfwd/lia.sinanmohd.com" = {};
+
+  environment.systemPackages = with pkgs; [ openssh ];
+  systemd.services
+    = (mkFwdSrv {
+        local_port = 22;
+        remote_user = "lia";
+        remote_port = 2222;
+      }) //
+      (mkFwdSrv {
+        local_port = 22;
+        remote_port = 22;
+        ssh_port = 23;
+        remote_user = "root";
+        remote = "lia.sinanmohd.com";
+      });
+}