machines/losurdo/networking/ssh.nix

   1 { pkgs, lib, config, machines, ... }:
   2 let
   3   inherit (config.security) gnupg;
   4   inherit (config.users) users;
   5 in
   6 {
   7 systemd.services.ssh-mermet-reverse = {
   8   after = [ "network-online.target" ];
   9   wantedBy = [ "multi-user.target" ];
  10   serviceConfig = {
  11     Type = "simple";
  12     ExecStart = ''${pkgs.openssh}/bin/ssh -v -g -N -T \
  13       -o ServerAliveInterval=10 \
  14       -o ExitOnForwardFailure=yes \
  15       -R *:10022:localhost:22 \
  16       ${machines.mermet.extraArgs.ipv4}
  17     '';
  18     Restart = "always";
  19     RestartSec = "5s";
  20   };
  21 };
  22 boot.initrd.network.ssh = {
  23   enable = true;
  24   port = 2222;
  25   authorizedKeys = users.root.openssh.authorizedKeys.keys;
  26   hostKeys = [ "/root/initrd/ssh.key" ];
  27 };
  28 services.upnpc.redirections = [
  29   { port = 22; externalPort = 10022; protocol = "TCP"; } # SSH
  30   { port = 2222; protocol = "TCP"; }  # SSH (boot)
  31   { port = 60000; protocol = "UDP"; } # Mosh
  32   { port = 60001; protocol = "UDP"; } # Mosh
  33   { port = 60002; protocol = "UDP"; } # Mosh
  34 ];
  35 }