blob: b7e8d17d5b0198cebc8e2f83d3c31e779c388dcc (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
{ pkgs, config, ... }:
let
mkFwdSrv =
{
local_port,
remote_port,
remote_user,
remote ? "sinanmohd.com",
ssh_port ? 22,
key ? config.sops.secrets."sshfwd/${remote}".path,
}:
{
"sshfwd-${toString local_port}-${remote}:${toString remote_port}" = {
description = "Forwarding port ${toString local_port} to ${remote}";
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
# restart rather than stop+start this unit to prevent
# the ssh from dying during switch-to-configuration.
stopIfChanged = false;
serviceConfig = {
ExecStart = ''
${pkgs.openssh}/bin/ssh -N ${remote_user}@${remote} -p ${toString ssh_port} \
-R '[::]:${toString remote_port}:127.0.0.1:${toString local_port}' \
-o ServerAliveInterval=15 \
-o ExitOnForwardFailure=yes \
-i ${key}
'';
RestartSec = 3;
Restart = "always";
};
};
};
in
{
sops.secrets."sshfwd/sinanmohd.com" = { };
sops.secrets."sshfwd/lia.sinanmohd.com" = { };
environment.systemPackages = with pkgs; [ openssh ];
systemd.services =
(mkFwdSrv {
local_port = 22;
remote_user = "lia";
remote_port = 2222;
})
// (mkFwdSrv {
local_port = 22;
remote_port = 22;
ssh_port = 23;
remote_user = "root";
remote = "lia.sinanmohd.com";
});
}
|
