From d87edb6024132db442600c76b6db1f49a01ed0e2 Mon Sep 17 00:00:00 2001 From: sinanmohd Date: Sun, 11 Feb 2024 21:22:53 +0530 Subject: hosts/lia/sshfwd/mkFwdSrv: init --- hosts/lia/modules/sshfwd.nix | 47 +++++++++++++++++++++++++++----------------- 1 file changed, 29 insertions(+), 18 deletions(-) (limited to 'hosts/lia/modules') diff --git a/hosts/lia/modules/sshfwd.nix b/hosts/lia/modules/sshfwd.nix index f86238b..dac2d71 100644 --- a/hosts/lia/modules/sshfwd.nix +++ b/hosts/lia/modules/sshfwd.nix @@ -1,22 +1,33 @@ -{ pkgs, config, ... }: { - sops.secrets."sshfwd/kay" = {}; +{ pkgs, config, ... }: let + mkFwdSrv = { + local_port, + remote_port, + remote ? "sinanmohd.com", + key ? config.sops.secrets."sshfwd/${remote}".path, + }: { + "sshfwd-${toString local_port}-${remote}:${toString remote_port}" = { + description = "Forwarding port ${toString local_port} to ${remote}"; - environment.systemPackages = with pkgs; [ openssh ]; - systemd.services."sshfwd" = { - description = "Forwarding port 22 to the Internet"; - wantedBy = [ "multi-user.target" ]; - after = [ "network-online.target" ]; - wants = [ "network-online.target" ]; - # restart rather than stop+start this unit to prevent the - # network from dying during switch-to-configuration. - stopIfChanged = false; + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" ]; + wants = [ "network-online.target" ]; + # restart rather than stop+start this unit to prevent + # the ssh from dying during switch-to-configuration. + stopIfChanged = false; - path = [ pkgs.openssh ]; - script = '' - echo -n "Forwarding port 22" - exec ssh -N lia@sinanmohd.com \ - -R 0.0.0.0:2222:127.0.0.1:22 \ - -i ${config.sops.secrets."sshfwd/kay".path} - ''; + path = [ pkgs.openssh ]; + script = '' + echo -n "Forwarding port ${toString local_port}" + exec ssh -N lia@${remote} \ + -R 0.0.0.0:${toString remote_port}:127.0.0.1:${toString local_port} \ + -i ${key} + ''; + }; }; +in { + sops.secrets."sshfwd/sinanmohd.com" = {}; + + environment.systemPackages = with pkgs; [ openssh ]; + systemd.services + = mkFwdSrv { local_port = 22; remote_port = 2222; }; } -- cgit v1.2.3