motiejus/config
1
Fork 0
Code Packages Releases Activity

sshd8022: init

Browse Source
This commit is contained in:
Motiejus Jakštys
2024-08-24 21:14:47 +03:00
parent 9b637a59e9
commit 5aadaee1d0
4 changed files with 61 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
data.nix
View File

@@ -27,6 +27,7 @@ rec {
soju = 6697;
soju-ws = 6698;
matrix-synapse = 8008;
ssh8022 = 8022;
vaultwarden = 8222;
headscale = 8080;
hass = 8123;

15
flake.nix
View File

@@ -222,6 +222,11 @@
syncthing-key.file = ./secrets/vno1-gdrx/syncthing/key.pem.age;
syncthing-cert.file = ./secrets/vno1-gdrx/syncthing/cert.pem.age;
ssh8022 = {
file = ./secrets/ssh8022.age;
owner = "motiejus";
};
};
}
];
@@ -249,6 +254,11 @@
sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
datapool-passphrase.file = ./secrets/vno3-rp3b/datapool-passphrase.age;
ssh8022 = {
file = ./secrets/ssh8022.age;
owner = "motiejus";
};
};
}
];
@@ -273,6 +283,11 @@
motiejus-passwd-hash.file = ./secrets/motiejus_passwd_hash.age;
root-passwd-hash.file = ./secrets/root_passwd_hash.age;
sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
ssh8022 = {
file = ./secrets/ssh8022.age;
owner = "motiejus";
};
};
}
];

33
modules/base/sshd/default.nix
View File

@@ -1,11 +1,19 @@
{
config,
lib,
config,
pkgs,
myData,
...
}:
{
config = {
services.spiped = {
enable = true;
decrypt = true;
source = "*:8022";
target = "127.0.0.1:22";
keyFile = config.age.secrets.ssh8022.path;
};
services.openssh = {
enable = true;
settings = {
@@ -14,13 +22,20 @@
};
};
programs.mosh.enable = true;
programs.ssh.knownHosts =
let
sshAttrs = lib.genAttrs [
"extraHostNames"
"publicKey"
] (_: null);
in
lib.mapAttrs (_name: builtins.intersectAttrs sshAttrs) myData.hosts;
programs.ssh = {
knownHosts =
let
sshAttrs = lib.genAttrs [
"extraHostNames"
"publicKey"
] (_: null);
in
lib.mapAttrs (_name: builtins.intersectAttrs sshAttrs) myData.hosts;
extraConfig = ''
Host dl.jakstys.lt
ProxyCommand ${pkgs.spiped}/bin/spipe -t %h:8022 -k ${config.age.secrets.ssh8022.path}
'';
};
networking.firewall.allowedTCPPorts = [ myData.ports.ssh8022 ];
};
}

21
secrets/ssh8022.age Normal file
View File

@@ -0,0 +1,21 @@
age-encryption.org/v1
-> ssh-ed25519 2jMHjA LwcWJJsE+Bxp8jh8SEBWP9uvCzSZmoZS4ZMl9uJMPAI
fep9NQNMXRWMzr1aMxEoyBxDrtoEseiOYIASvbwqWzE
-> ssh-ed25519 lDWJbA gTK00r+NKJ8gH95x6S1hztsfXFRSFIRY9iE4JhXO2w0
gkzvdNWKhmivbvMBXcHjK45YS5LS/to6CxavhTvdMQ8
-> ssh-ed25519 CBqt6Q 4T7LQ/OiH9TCN32Ts6R27iQUua7CZI8mSzB0Ug8vXwY
wfNRUMgA4QhBaRk1NDHxowS5xw7mdDjYGqsqMEJhNCw
-> ssh-ed25519 fqSa6A h1xUFF4cbMu0WroXtf0SHQWGb/hiqgveE0yawoPjvy4
RJLxwdrgrfyzVYYpwAiI6VH0vx+pcL57JWZwL/FttEE
-> ssh-ed25519 9Chcgw lqtnkWmVgqjQHFDakzOaJMEIY0Y3bRXTzIilNFWmSSk
nOEDJ7rFyfs2Bmt6LDAJ2ebsGuTSA4ukqgJRnSPi8yw
-> X25519 mp/GibjENvRmB/LTqx9wxAr/Ud96Ay/xebYxuJc+9Fg
iEUgyYZRWGjYc9jXLbrwpMlRn80xo2QX3uKyrs3gUb8
-> X25519 ssEKm23YzhCwEru9uAvJusZgXhzLNMBpPyOfI2dMRRw
BmFN6tRXLGPnX9STBspq6lJRU3iWCdB8G05cS51VLX4
-> piv-p256 +y2G/w A6zPbX9nW+T1aGKpcsi8dqVR6/STS4Fk9fW/AxcppdJC
AVAi2EU7Vs/2pnIjP3MmMtZaKMHMlSz6fKfa7hdMrSw
-> piv-p256 jNqd3A AibOWW5KGacF2bXaHn95WyczuWWfAu+VJS48blfTfDD8
ir1xhw2j5DUMeff2rUxmqrMWSD6ueKP2BdxB4eKCtlQ
--- EidnuJylAMuaYDBsFOkNCsLNkoTtIxuBz49EK0k3mNo
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>fe<EFBFBD><EFBFBD>]uf<75>q5A<35><41><EFBFBD>iO">7Bپ9<D9BE><39>#<10><>[<5B><>*c<><63>Ի<EFBFBD><D4BB>C<EFBFBD>l<EFBFBD><6C><EFBFBD>y<EFBFBD><1D><>