ssh8022: split client and server

2024-08-25 11:07:35 +03:00
parent ebdcd832e4
commit 21e84bb162
4 changed files with 60 additions and 48 deletions
--- a/modules/services/ssh8022/default.nix
+++ b/modules/services/ssh8022/default.nix
@@ -5,30 +5,48 @@
  myData,
  ...
 }:
-let
-  cfg = config.mj.services.ssh8022;
-in
 {
-  options.mj.services.ssh8022 = {
-    enable = lib.mkEnableOption "Enable ssh8022";
+  options.mj.services.ssh8022 = with lib.types; {
+    client = {
+      enable = lib.mkEnableOption "Enable ssh8022 client";
+      keyfile = lib.mkOption { type = str; };
+    };
+    server = {
+      enable = lib.mkEnableOption "Enable ssh8022 server";
+      keyfile = lib.mkOption { type = str; };
+    };
  };

-  config = lib.mkIf cfg.enable {
-    services.spiped = {
-      enable = true;
-      config = {
-        ssh8022 = {
-          decrypt = true;
-          source = "*:8022";
-          target = "127.0.0.1:22";
-          keyfile = config.age.secrets.ssh8022.path;
+  config = lib.mkMerge [
+    (
+      let
+        cfg = config.mj.services.ssh8022.client;
+      in
+      lib.mkIf cfg.enable {
+        programs.ssh.extraConfig = ''
+          Host dl.jakstys.lt
+          ProxyCommand ${pkgs.spiped}/bin/spipe -t %h:8022 -k ${cfg.keyfile}
+        '';
+      }
+    )
+    (
+      let
+        cfg = config.mj.services.ssh8022.server;
+      in
+      lib.mkIf cfg.enable {
+        services.spiped = {
+          enable = true;
+          config = {
+            ssh8022 = {
+              inherit (cfg) keyfile;
+              decrypt = true;
+              source = "*:8022";
+              target = "127.0.0.1:22";
+            };
+          };
        };
-      };
-    };
-    programs.ssh.extraConfig = ''
-      Host dl.jakstys.lt
-      ProxyCommand ${pkgs.spiped}/bin/spipe -t %h:8022 -k ${config.age.secrets.ssh8022.path}
-    '';
-    networking.firewall.allowedTCPPorts = [ myData.ports.ssh8022 ];
-  };
+        networking.firewall.allowedTCPPorts = [ myData.ports.ssh8022 ];
+      }
+    )
+  ];
 }