From d87edb6024132db442600c76b6db1f49a01ed0e2 Mon Sep 17 00:00:00 2001
From: sinanmohd <sinan@sinanmohd.com>
Date: Sun, 11 Feb 2024 21:22:53 +0530
Subject: hosts/lia/sshfwd/mkFwdSrv: init

---
 hosts/lia/modules/sshfwd.nix | 47 +++++++++++++++++++++++++++-----------------
 hosts/lia/secrets.yaml       |  6 +++---
 2 files changed, 32 insertions(+), 21 deletions(-)

(limited to 'hosts')

diff --git a/hosts/lia/modules/sshfwd.nix b/hosts/lia/modules/sshfwd.nix
index f86238b..dac2d71 100644
--- a/hosts/lia/modules/sshfwd.nix
+++ b/hosts/lia/modules/sshfwd.nix
@@ -1,22 +1,33 @@
-{ pkgs, config, ... }: {
-  sops.secrets."sshfwd/kay" = {};
+{ pkgs, config, ... }: let
+  mkFwdSrv = {
+    local_port,
+    remote_port,
+    remote ? "sinanmohd.com",
+    key ? config.sops.secrets."sshfwd/${remote}".path,
+  }: {
+    "sshfwd-${toString local_port}-${remote}:${toString remote_port}" = {
+      description = "Forwarding port ${toString local_port} to ${remote}";
 
-  environment.systemPackages = with pkgs; [ openssh ];
-  systemd.services."sshfwd" = {
-    description = "Forwarding port 22 to the Internet";
-    wantedBy = [ "multi-user.target" ];
-    after = [ "network-online.target" ];
-    wants = [ "network-online.target" ];
-    # restart rather than stop+start this unit to prevent the
-    # network from dying during switch-to-configuration.
-    stopIfChanged = false;
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network-online.target" ];
+      wants = [ "network-online.target" ];
+      # restart rather than stop+start this unit to prevent
+      # the ssh from dying during switch-to-configuration.
+      stopIfChanged = false;
 
-    path = [ pkgs.openssh ];
-    script = ''
-      echo -n "Forwarding port 22"
-      exec ssh -N lia@sinanmohd.com \
-          -R 0.0.0.0:2222:127.0.0.1:22 \
-          -i ${config.sops.secrets."sshfwd/kay".path}
-    '';
+      path = [ pkgs.openssh ];
+      script = ''
+        echo -n "Forwarding port ${toString local_port}"
+        exec ssh -N lia@${remote} \
+            -R 0.0.0.0:${toString remote_port}:127.0.0.1:${toString local_port} \
+            -i ${key}
+      '';
+    };
   };
+in {
+  sops.secrets."sshfwd/sinanmohd.com" = {};
+
+  environment.systemPackages = with pkgs; [ openssh ];
+  systemd.services
+    = mkFwdSrv { local_port = 22; remote_port = 2222; };
 }
diff --git a/hosts/lia/secrets.yaml b/hosts/lia/secrets.yaml
index 4438faf..facb577 100644
--- a/hosts/lia/secrets.yaml
+++ b/hosts/lia/secrets.yaml
@@ -1,5 +1,5 @@
 sshfwd:
-    kay: ENC[AES256_GCM,data:XXWpIKypbAaB6rMTi/+GWzJ7lGQ7rKOjPqsFxfKQBvCLpy8NJEKHPnV2OzGwl/if2g6VVmk9TpuhOZk1MlZtM7X0mczu3YTqBHub2iVbuCxV8XbupOiYbz9afDx8YFo7jHPCfd+yn28T8OgHB2vfcvV5ShtgiEghjl8eobgxKZyzQ6Wikh+9cRQolEIEva+wUIJI/qp0vpC3ihn3xfUPJcFsOolfx0fZ5zGOtCBFCTgzvxwWCVtioH1qoEtlQ8Smeo+eJb2hzgouAYD7OOwebG3+xPv8zUxFBM6D23WzKW5PHArO25mkk9Ho0jCv3YHqY7TvurYbm+69sTe/cIo7TZin9Qb/JR8vlaNnpnKnZ2J2nmLZDGvqqbif3loYUVcpbsqWSPNBnpXGmWm/ATE7qt3G+pl+GwRxceLk63ZGJ4XHKuY6j6cgdoxvT13Gs+tzE8vcZphixWsKV7hd/YzI1FWETcEsxhrMhhCKV7bt9M7UlRBU5jRZGSgepNF0YjvjO58y6fMCZdSyRhKoRDm7AqYmzM+TNaOH/ge/4GRTQcw1eno2Ilcffk4P6yZ+zlcotncyaUcn2WLNrhiU,iv:Hy2AKc6IaEzR8rn5qjfBmkmplKhk30cdhgnMAfP0M20=,tag:b0GOdA8hrHwTl4ps4lFhhw==,type:str]
+    sinanmohd.com: ENC[AES256_GCM,data:ZB2qbUA4+AcYlIY6IaPf9aUdMV0ltdKveqVSNS2Nhq8h6kWheqWiaXgIK6vuN7oDHKomgVXWaVdxTf6OFvFQHCHMMqtm0KfvSJW+cdORpfZkEZuji5Ob/yQiNllyS8oAw9iT5YdyifLi7XkfD+dHbt+XWLQCMFPirJ8Lz6ynTYxV+N7Pu7yOhfCzPDYfqexW7Ymrjk0PI32OVgo+sE0obnASGW645dP4ydKOZM5xx9NGr/Oao2W5C61qdr2gUCoYQKZXkfItGRfCuWuCeh0ZmbxumS6Q1WeWUW09SY5NN24025TBoZgE+UdJIXuczAQy5wzpXYsDWwBXNod4gAhe76YgLydlYBpBHe6xN6OBgCewHkjCGkirHawmbYxkmJ40L6/lMFPjRmMV7yhj94Vsyx7NAW1H8yKVE/9typXUrIyxbxAOGrwy0TjlGYogAcZ7YYZ+ipmkqNlQ1pliA2Kha+2ZzPG0hV8NKhydNr0cz5ylfL4cQaAXxxg6YHOUYL0DGbfMXMpZKTt47TJcY72RWDaUr2RsmhJ+k2vNBDY3I01n9syWnlk80h2bs1ILJ5Ad3PP8Em8yGaXJLM+3,iv:VoDyy+h3UHL0YJPJ7rbgLTZZzIPCJTD8yBPXNxWjHqo=,tag:zGQXrE066SDMCwgZpC9/Pg==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -24,8 +24,8 @@ sops:
             RG9hL2hlYjdaYTVJWVFlSE4xN1poUHcKe4BPaVEyc3W1hyu0jOQcEdZ1kl2aQLgZ
             fHDs4kDeCcfJI/s5Cb/YD3cIp7HB6FBoe7LHiNiJbyJGR0wJecLqxg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-02-11T15:31:57Z"
-    mac: ENC[AES256_GCM,data:Z4ZJhpBrvd2R5xrnJ/C2C/SOsUepqSy2hrVzPnFi+nfIidHi5gV7oCh1ASR/uFrOZGilcUCuqOpi1tGDJiw+oYQTOhA8Gq92t6s3cVq63GRGwD0XhqWm8/1kULq6b4jyK9lN94sTDHHQVAYzzglOiaTgbBs6xLS/VpUSiJRK2QE=,iv:8OlSGg3YqoN1SKZGaXvD9u4dq0OYEBAKMLEUmByXD3I=,tag:3FJOS3mZLCc3D48m8yXBSg==,type:str]
+    lastmodified: "2024-02-11T15:56:54Z"
+    mac: ENC[AES256_GCM,data:H7GBDYCB/T7tM8hGOL0RMbS5NH2eNC4SJvoZUNS9WWx7gu60bn1qIkDda9aInZxZsN1ocNQDefG548pC598EsNTIeoqGWkXVdScFSXx4R+5mSmMHV5KgoPP8z+vUQ81gXsgh51hSCVUfhKshL6TccfFB4/u4kjGp2UcAAVAAEtQ=,iv:MBoCdOapNr36PeNt5GND40tcSHC1aa66JG36dPCDN+A=,tag:GDBXs2wlSAj3Bf+/XkO/2A==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1
-- 
cgit v1.2.3