sshd8022: init

2024-08-24 21:14:47 +03:00
parent 9b637a59e9
commit 5aadaee1d0
4 changed files with 61 additions and 9 deletions
--- a/modules/base/sshd/default.nix
+++ b/modules/base/sshd/default.nix
@@ -1,11 +1,19 @@
 {
-  config,
  lib,
+  config,
+  pkgs,
  myData,
  ...
 }:
 {
  config = {
+    services.spiped = {
+      enable = true;
+      decrypt = true;
+      source = "*:8022";
+      target = "127.0.0.1:22";
+      keyFile = config.age.secrets.ssh8022.path;
+    };
    services.openssh = {
      enable = true;
      settings = {
@@ -14,13 +22,20 @@
      };
    };
    programs.mosh.enable = true;
-    programs.ssh.knownHosts =
-      let
-        sshAttrs = lib.genAttrs [
-          "extraHostNames"
-          "publicKey"
-        ] (_: null);
-      in
-      lib.mapAttrs (_name: builtins.intersectAttrs sshAttrs) myData.hosts;
+    programs.ssh = {
+      knownHosts =
+        let
+          sshAttrs = lib.genAttrs [
+            "extraHostNames"
+            "publicKey"
+          ] (_: null);
+        in
+        lib.mapAttrs (_name: builtins.intersectAttrs sshAttrs) myData.hosts;
+      extraConfig = ''
+        Host dl.jakstys.lt
+        ProxyCommand ${pkgs.spiped}/bin/spipe -t %h:8022 -k ${config.age.secrets.ssh8022.path}
+      '';
+    };
+    networking.firewall.allowedTCPPorts = [ myData.ports.ssh8022 ];
  };
 }