sshd8022: init
This commit is contained in:
parent
9b637a59e9
commit
5aadaee1d0
1
data.nix
1
data.nix
@ -27,6 +27,7 @@ rec {
|
|||||||
soju = 6697;
|
soju = 6697;
|
||||||
soju-ws = 6698;
|
soju-ws = 6698;
|
||||||
matrix-synapse = 8008;
|
matrix-synapse = 8008;
|
||||||
|
ssh8022 = 8022;
|
||||||
vaultwarden = 8222;
|
vaultwarden = 8222;
|
||||||
headscale = 8080;
|
headscale = 8080;
|
||||||
hass = 8123;
|
hass = 8123;
|
||||||
|
15
flake.nix
15
flake.nix
@ -222,6 +222,11 @@
|
|||||||
|
|
||||||
syncthing-key.file = ./secrets/vno1-gdrx/syncthing/key.pem.age;
|
syncthing-key.file = ./secrets/vno1-gdrx/syncthing/key.pem.age;
|
||||||
syncthing-cert.file = ./secrets/vno1-gdrx/syncthing/cert.pem.age;
|
syncthing-cert.file = ./secrets/vno1-gdrx/syncthing/cert.pem.age;
|
||||||
|
|
||||||
|
ssh8022 = {
|
||||||
|
file = ./secrets/ssh8022.age;
|
||||||
|
owner = "motiejus";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
@ -249,6 +254,11 @@
|
|||||||
sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
|
sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
|
||||||
|
|
||||||
datapool-passphrase.file = ./secrets/vno3-rp3b/datapool-passphrase.age;
|
datapool-passphrase.file = ./secrets/vno3-rp3b/datapool-passphrase.age;
|
||||||
|
|
||||||
|
ssh8022 = {
|
||||||
|
file = ./secrets/ssh8022.age;
|
||||||
|
owner = "motiejus";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
@ -273,6 +283,11 @@
|
|||||||
motiejus-passwd-hash.file = ./secrets/motiejus_passwd_hash.age;
|
motiejus-passwd-hash.file = ./secrets/motiejus_passwd_hash.age;
|
||||||
root-passwd-hash.file = ./secrets/root_passwd_hash.age;
|
root-passwd-hash.file = ./secrets/root_passwd_hash.age;
|
||||||
sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
|
sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
|
||||||
|
|
||||||
|
ssh8022 = {
|
||||||
|
file = ./secrets/ssh8022.age;
|
||||||
|
owner = "motiejus";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
@ -1,11 +1,19 @@
|
|||||||
{
|
{
|
||||||
config,
|
|
||||||
lib,
|
lib,
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
myData,
|
myData,
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
{
|
{
|
||||||
config = {
|
config = {
|
||||||
|
services.spiped = {
|
||||||
|
enable = true;
|
||||||
|
decrypt = true;
|
||||||
|
source = "*:8022";
|
||||||
|
target = "127.0.0.1:22";
|
||||||
|
keyFile = config.age.secrets.ssh8022.path;
|
||||||
|
};
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
settings = {
|
settings = {
|
||||||
@ -14,13 +22,20 @@
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
programs.mosh.enable = true;
|
programs.mosh.enable = true;
|
||||||
programs.ssh.knownHosts =
|
programs.ssh = {
|
||||||
let
|
knownHosts =
|
||||||
sshAttrs = lib.genAttrs [
|
let
|
||||||
"extraHostNames"
|
sshAttrs = lib.genAttrs [
|
||||||
"publicKey"
|
"extraHostNames"
|
||||||
] (_: null);
|
"publicKey"
|
||||||
in
|
] (_: null);
|
||||||
lib.mapAttrs (_name: builtins.intersectAttrs sshAttrs) myData.hosts;
|
in
|
||||||
|
lib.mapAttrs (_name: builtins.intersectAttrs sshAttrs) myData.hosts;
|
||||||
|
extraConfig = ''
|
||||||
|
Host dl.jakstys.lt
|
||||||
|
ProxyCommand ${pkgs.spiped}/bin/spipe -t %h:8022 -k ${config.age.secrets.ssh8022.path}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
networking.firewall.allowedTCPPorts = [ myData.ports.ssh8022 ];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
21
secrets/ssh8022.age
Normal file
21
secrets/ssh8022.age
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 2jMHjA LwcWJJsE+Bxp8jh8SEBWP9uvCzSZmoZS4ZMl9uJMPAI
|
||||||
|
fep9NQNMXRWMzr1aMxEoyBxDrtoEseiOYIASvbwqWzE
|
||||||
|
-> ssh-ed25519 lDWJbA gTK00r+NKJ8gH95x6S1hztsfXFRSFIRY9iE4JhXO2w0
|
||||||
|
gkzvdNWKhmivbvMBXcHjK45YS5LS/to6CxavhTvdMQ8
|
||||||
|
-> ssh-ed25519 CBqt6Q 4T7LQ/OiH9TCN32Ts6R27iQUua7CZI8mSzB0Ug8vXwY
|
||||||
|
wfNRUMgA4QhBaRk1NDHxowS5xw7mdDjYGqsqMEJhNCw
|
||||||
|
-> ssh-ed25519 fqSa6A h1xUFF4cbMu0WroXtf0SHQWGb/hiqgveE0yawoPjvy4
|
||||||
|
RJLxwdrgrfyzVYYpwAiI6VH0vx+pcL57JWZwL/FttEE
|
||||||
|
-> ssh-ed25519 9Chcgw lqtnkWmVgqjQHFDakzOaJMEIY0Y3bRXTzIilNFWmSSk
|
||||||
|
nOEDJ7rFyfs2Bmt6LDAJ2ebsGuTSA4ukqgJRnSPi8yw
|
||||||
|
-> X25519 mp/GibjENvRmB/LTqx9wxAr/Ud96Ay/xebYxuJc+9Fg
|
||||||
|
iEUgyYZRWGjYc9jXLbrwpMlRn80xo2QX3uKyrs3gUb8
|
||||||
|
-> X25519 ssEKm23YzhCwEru9uAvJusZgXhzLNMBpPyOfI2dMRRw
|
||||||
|
BmFN6tRXLGPnX9STBspq6lJRU3iWCdB8G05cS51VLX4
|
||||||
|
-> piv-p256 +y2G/w A6zPbX9nW+T1aGKpcsi8dqVR6/STS4Fk9fW/AxcppdJC
|
||||||
|
AVAi2EU7Vs/2pnIjP3MmMtZaKMHMlSz6fKfa7hdMrSw
|
||||||
|
-> piv-p256 jNqd3A AibOWW5KGacF2bXaHn95WyczuWWfAu+VJS48blfTfDD8
|
||||||
|
ir1xhw2j5DUMeff2rUxmqrMWSD6ueKP2BdxB4eKCtlQ
|
||||||
|
--- EidnuJylAMuaYDBsFOkNCsLNkoTtIxuBz49EK0k3mNo
|
||||||
|
÷˜Š‚“‚fe<EFBFBD>0ÛšË]ufÃq5AýÙéiO">7BÙ¾9®‹#É×[Œ™*cŸ÷Ô»è´CÁl‰û<E280B0>yŠ¦ó
|
Loading…
Reference in New Issue
Block a user