server.nix (909B) - Raw
1 { 2 lib, 3 config, 4 myData, 5 ... 6 }: 7 let 8 cfg = config.mj.services.ssh8022.server; 9 in 10 { 11 options.mj.services.ssh8022.server = with lib.types; { 12 enable = lib.mkEnableOption "Enable ssh8022 server"; 13 keyfile = lib.mkOption { type = str; }; 14 openGlobalFirewall = lib.mkOption { 15 type = bool; 16 default = true; 17 }; 18 }; 19 20 config = lib.mkIf cfg.enable { 21 services = { 22 openssh.openFirewall = cfg.openGlobalFirewall; 23 24 spiped = { 25 enable = true; 26 config = { 27 ssh8022 = { 28 inherit (cfg) keyfile; 29 decrypt = true; 30 source = "[0.0.0.0]:8022"; 31 target = "127.0.0.1:22"; 32 }; 33 }; 34 }; 35 }; 36 networking.firewall.allowedTCPPorts = [ myData.ports.ssh8022 ]; 37 systemd.services."spiped@ssh8022" = { 38 wantedBy = [ "multi-user.target" ]; 39 overrideStrategy = "asDropin"; 40 }; 41 }; 42 }