motiejus/config
1
Fork 0
Code Packages Releases Activity

ssh8022

Browse Source
This commit is contained in:
Motiejus Jakštys 2024-08-24 22:00:37 +03:00
parent 5aadaee1d0
commit c4da312209
5 changed files with 38 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/fwminex/configuration.nix
View File

@ -364,6 +364,7 @@ in
services = { services = {
sshguard.enable = true; sshguard.enable = true;
ssh8022.enable = true;
gitea.enable = true; gitea.enable = true;
hass.enable = true; hass.enable = true;
syncthing-relay.enable = true; syncthing-relay.enable = true;

2
hosts/mtworx/configuration.nix
View File

@ -81,6 +81,8 @@ in
services = { services = {
sshguard.enable = false; sshguard.enable = false;
ssh8022.enable = true;
tailscale = { tailscale = {
enable = true; enable = true;
verboseLogs = true; verboseLogs = true;

13
modules/base/sshd/default.nix
View File

@ -1,19 +1,11 @@
{ {
lib, lib,
config, config,
pkgs,
myData, myData,
... ...
}: }:
{ {
config = { config = {
services.spiped = {
enable = true;
decrypt = true;
source = "*:8022";
target = "127.0.0.1:22";
keyFile = config.age.secrets.ssh8022.path;
};
services.openssh = { services.openssh = {
enable = true; enable = true;
settings = { settings = {
@ -31,11 +23,6 @@
] (_: null); ] (_: null);
in in
lib.mapAttrs (_name: builtins.intersectAttrs sshAttrs) myData.hosts; lib.mapAttrs (_name: builtins.intersectAttrs sshAttrs) myData.hosts;
extraConfig = ''
Host dl.jakstys.lt
ProxyCommand ${pkgs.spiped}/bin/spipe -t %h:8022 -k ${config.age.secrets.ssh8022.path}
'';
}; };
networking.firewall.allowedTCPPorts = [ myData.ports.ssh8022 ];
}; };
} }

1
modules/services/default.nix
View File

@ -18,6 +18,7 @@
./photoprism ./photoprism
./postfix ./postfix
./remote-builder ./remote-builder
./ssh8022
./sshguard ./sshguard
./syncthing ./syncthing
./syncthing-relay ./syncthing-relay

34
modules/services/ssh8022/default.nix Normal file
View File

@ -0,0 +1,34 @@
{
lib,
config,
pkgs,
myData,
...
}:
let
cfg = config.mj.services.ssh8022;
in
{
options.mj.services.ssh8022 = {
enable = lib.mkEnableOption "Enable ssh8022";
};
config = lib.mkIf cfg.enable {
services.spiped = {
enable = true;
config = {
ssh8022 = {
decrypt = true;
source = "*:8022";
target = "127.0.0.1:22";
keyfile = config.age.secrets.ssh8022.path;
};
};
};
programs.ssh.extraConfig = ''
Host dl.jakstys.lt
ProxyCommand ${pkgs.spiped}/bin/spipe -t %h:8022 -k ${config.age.secrets.ssh8022.path}
'';
networking.firewall.allowedTCPPorts = [ myData.ports.ssh8022 ];
};
}