config/modules/services/ssh8022/default.nix

57 lines
1.3 KiB
Nix
Raw Normal View History

2024-08-24 22:00:37 +03:00
{
lib,
config,
pkgs,
myData,
...
}:
{
2024-08-25 11:07:35 +03:00
options.mj.services.ssh8022 = with lib.types; {
client = {
enable = lib.mkEnableOption "Enable ssh8022 client";
keyfile = lib.mkOption { type = str; };
};
server = {
enable = lib.mkEnableOption "Enable ssh8022 server";
keyfile = lib.mkOption { type = str; };
};
2024-08-24 22:00:37 +03:00
};
2024-08-25 11:07:35 +03:00
config = lib.mkMerge [
(
let
cfg = config.mj.services.ssh8022.client;
in
lib.mkIf cfg.enable {
programs.ssh.extraConfig = ''
2024-08-25 11:38:53 +03:00
Host dl.jakstys.lt fra1-b.jakstys.lt
2024-08-26 09:20:57 +03:00
ProxyCommand ${pkgs.spiped}/bin/spipe -t %h:8022 -k ${cfg.keyfile}
2024-08-25 11:07:35 +03:00
'';
}
)
(
let
cfg = config.mj.services.ssh8022.server;
in
lib.mkIf cfg.enable {
services.spiped = {
enable = true;
config = {
ssh8022 = {
inherit (cfg) keyfile;
decrypt = true;
2024-08-25 11:14:52 +03:00
source = "[0.0.0.0]:8022";
2024-08-25 11:07:35 +03:00
target = "127.0.0.1:22";
};
};
2024-08-24 22:00:37 +03:00
};
2024-08-25 11:07:35 +03:00
networking.firewall.allowedTCPPorts = [ myData.ports.ssh8022 ];
2024-08-26 09:16:52 +03:00
systemd.services."spiped@ssh8022" = {
wantedBy = [ "multi-user.target" ];
overrideStrategy = "asDropin";
};
2024-08-25 11:07:35 +03:00
}
)
];
2024-08-24 22:00:37 +03:00
}