ssh8022

2024-08-24 22:00:37 +03:00 · 2024-08-24 22:00:37 +03:00 · c4da312209
parent 5aadaee1d0
commit c4da312209
5 changed files with 38 additions and 13 deletions
--- a/hosts/fwminex/configuration.nix
+++ b/hosts/fwminex/configuration.nix
@ -364,6 +364,7 @@ in

    services = {
      sshguard.enable = true;
+      ssh8022.enable = true;
      gitea.enable = true;
      hass.enable = true;
      syncthing-relay.enable = true;
--- a/hosts/mtworx/configuration.nix
+++ b/hosts/mtworx/configuration.nix
@ -81,6 +81,8 @@ in

    services = {
      sshguard.enable = false;
+      ssh8022.enable = true;
+
      tailscale = {
        enable = true;
        verboseLogs = true;
--- a/modules/base/sshd/default.nix
+++ b/modules/base/sshd/default.nix
@ -1,19 +1,11 @@
 {
  lib,
  config,
-  pkgs,
  myData,
  ...
 }:
 {
  config = {
-    services.spiped = {
-      enable = true;
-      decrypt = true;
-      source = "*:8022";
-      target = "127.0.0.1:22";
-      keyFile = config.age.secrets.ssh8022.path;
-    };
    services.openssh = {
      enable = true;
      settings = {
@ -31,11 +23,6 @@
          ] (_: null);
        in
        lib.mapAttrs (_name: builtins.intersectAttrs sshAttrs) myData.hosts;
-      extraConfig = ''
-        Host dl.jakstys.lt
-        ProxyCommand ${pkgs.spiped}/bin/spipe -t %h:8022 -k ${config.age.secrets.ssh8022.path}
-      '';
    };
-    networking.firewall.allowedTCPPorts = [ myData.ports.ssh8022 ];
  };
 }
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@ -18,6 +18,7 @@
    ./photoprism
    ./postfix
    ./remote-builder
+    ./ssh8022
    ./sshguard
    ./syncthing
    ./syncthing-relay
--- a/modules/services/ssh8022/default.nix
+++ b/modules/services/ssh8022/default.nix
@ -0,0 +1,34 @@
+{
+  lib,
+  config,
+  pkgs,
+  myData,
+  ...
+}:
+let
+  cfg = config.mj.services.ssh8022;
+in
+{
+  options.mj.services.ssh8022 = {
+    enable = lib.mkEnableOption "Enable ssh8022";
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.spiped = {
+      enable = true;
+      config = {
+        ssh8022 = {
+          decrypt = true;
+          source = "*:8022";
+          target = "127.0.0.1:22";
+          keyfile = config.age.secrets.ssh8022.path;
+        };
+      };
+    };
+    programs.ssh.extraConfig = ''
+      Host dl.jakstys.lt
+      ProxyCommand ${pkgs.spiped}/bin/spipe -t %h:8022 -k ${config.age.secrets.ssh8022.path}
+    '';
+    networking.firewall.allowedTCPPorts = [ myData.ports.ssh8022 ];
+  };
+}