sshd8022: init
This commit is contained in:
parent
9b637a59e9
commit
5aadaee1d0
1
data.nix
1
data.nix
|
@ -27,6 +27,7 @@ rec {
|
|||
soju = 6697;
|
||||
soju-ws = 6698;
|
||||
matrix-synapse = 8008;
|
||||
ssh8022 = 8022;
|
||||
vaultwarden = 8222;
|
||||
headscale = 8080;
|
||||
hass = 8123;
|
||||
|
|
15
flake.nix
15
flake.nix
|
@ -222,6 +222,11 @@
|
|||
|
||||
syncthing-key.file = ./secrets/vno1-gdrx/syncthing/key.pem.age;
|
||||
syncthing-cert.file = ./secrets/vno1-gdrx/syncthing/cert.pem.age;
|
||||
|
||||
ssh8022 = {
|
||||
file = ./secrets/ssh8022.age;
|
||||
owner = "motiejus";
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
|
@ -249,6 +254,11 @@
|
|||
sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
|
||||
|
||||
datapool-passphrase.file = ./secrets/vno3-rp3b/datapool-passphrase.age;
|
||||
|
||||
ssh8022 = {
|
||||
file = ./secrets/ssh8022.age;
|
||||
owner = "motiejus";
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
|
@ -273,6 +283,11 @@
|
|||
motiejus-passwd-hash.file = ./secrets/motiejus_passwd_hash.age;
|
||||
root-passwd-hash.file = ./secrets/root_passwd_hash.age;
|
||||
sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
|
||||
|
||||
ssh8022 = {
|
||||
file = ./secrets/ssh8022.age;
|
||||
owner = "motiejus";
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
|
|
|
@ -1,11 +1,19 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
myData,
|
||||
...
|
||||
}:
|
||||
{
|
||||
config = {
|
||||
services.spiped = {
|
||||
enable = true;
|
||||
decrypt = true;
|
||||
source = "*:8022";
|
||||
target = "127.0.0.1:22";
|
||||
keyFile = config.age.secrets.ssh8022.path;
|
||||
};
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
settings = {
|
||||
|
@ -14,13 +22,20 @@
|
|||
};
|
||||
};
|
||||
programs.mosh.enable = true;
|
||||
programs.ssh.knownHosts =
|
||||
let
|
||||
sshAttrs = lib.genAttrs [
|
||||
"extraHostNames"
|
||||
"publicKey"
|
||||
] (_: null);
|
||||
in
|
||||
lib.mapAttrs (_name: builtins.intersectAttrs sshAttrs) myData.hosts;
|
||||
programs.ssh = {
|
||||
knownHosts =
|
||||
let
|
||||
sshAttrs = lib.genAttrs [
|
||||
"extraHostNames"
|
||||
"publicKey"
|
||||
] (_: null);
|
||||
in
|
||||
lib.mapAttrs (_name: builtins.intersectAttrs sshAttrs) myData.hosts;
|
||||
extraConfig = ''
|
||||
Host dl.jakstys.lt
|
||||
ProxyCommand ${pkgs.spiped}/bin/spipe -t %h:8022 -k ${config.age.secrets.ssh8022.path}
|
||||
'';
|
||||
};
|
||||
networking.firewall.allowedTCPPorts = [ myData.ports.ssh8022 ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -0,0 +1,21 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 2jMHjA LwcWJJsE+Bxp8jh8SEBWP9uvCzSZmoZS4ZMl9uJMPAI
|
||||
fep9NQNMXRWMzr1aMxEoyBxDrtoEseiOYIASvbwqWzE
|
||||
-> ssh-ed25519 lDWJbA gTK00r+NKJ8gH95x6S1hztsfXFRSFIRY9iE4JhXO2w0
|
||||
gkzvdNWKhmivbvMBXcHjK45YS5LS/to6CxavhTvdMQ8
|
||||
-> ssh-ed25519 CBqt6Q 4T7LQ/OiH9TCN32Ts6R27iQUua7CZI8mSzB0Ug8vXwY
|
||||
wfNRUMgA4QhBaRk1NDHxowS5xw7mdDjYGqsqMEJhNCw
|
||||
-> ssh-ed25519 fqSa6A h1xUFF4cbMu0WroXtf0SHQWGb/hiqgveE0yawoPjvy4
|
||||
RJLxwdrgrfyzVYYpwAiI6VH0vx+pcL57JWZwL/FttEE
|
||||
-> ssh-ed25519 9Chcgw lqtnkWmVgqjQHFDakzOaJMEIY0Y3bRXTzIilNFWmSSk
|
||||
nOEDJ7rFyfs2Bmt6LDAJ2ebsGuTSA4ukqgJRnSPi8yw
|
||||
-> X25519 mp/GibjENvRmB/LTqx9wxAr/Ud96Ay/xebYxuJc+9Fg
|
||||
iEUgyYZRWGjYc9jXLbrwpMlRn80xo2QX3uKyrs3gUb8
|
||||
-> X25519 ssEKm23YzhCwEru9uAvJusZgXhzLNMBpPyOfI2dMRRw
|
||||
BmFN6tRXLGPnX9STBspq6lJRU3iWCdB8G05cS51VLX4
|
||||
-> piv-p256 +y2G/w A6zPbX9nW+T1aGKpcsi8dqVR6/STS4Fk9fW/AxcppdJC
|
||||
AVAi2EU7Vs/2pnIjP3MmMtZaKMHMlSz6fKfa7hdMrSw
|
||||
-> piv-p256 jNqd3A AibOWW5KGacF2bXaHn95WyczuWWfAu+VJS48blfTfDD8
|
||||
ir1xhw2j5DUMeff2rUxmqrMWSD6ueKP2BdxB4eKCtlQ
|
||||
--- EidnuJylAMuaYDBsFOkNCsLNkoTtIxuBz49EK0k3mNo
|
||||
÷˜Š‚“‚fe<EFBFBD>0ÛšË]ufÃq5AýÙéiO">7BÙ¾9®‹#É×[Œ™*cŸ÷Ô»è´CÁl‰û<E280B0>yŠ¦ó
|
Loading…
Reference in New Issue