]> Git — Sourcephile - sourcephile-nix.git/blob - hosts/losurdo/ssh.nix
reuse: update
[sourcephile-nix.git] / hosts / losurdo / ssh.nix
1 { pkgs, lib, config, hosts, ... }:
2 {
3 systemd.services.ssh-mermet-reverse = {
4 after = [ "network-online.target" ];
5 wantedBy = [ "multi-user.target" ];
6 serviceConfig = {
7 Type = "simple";
8 # Require services.openssh.gatewayPorts = "clientspecified";
9 # on the target.
10 ExecStart = ''${pkgs.openssh}/bin/ssh -v -g -N -T \
11 -o ServerAliveInterval=10 \
12 -o ExitOnForwardFailure=yes \
13 -R *:10022:localhost:22 \
14 ${hosts.mermet._module.args.ipv4}
15 '';
16 Restart = "always";
17 RestartSec = "5s";
18 };
19 };
20 boot.initrd.network.ssh = {
21 enable = true;
22 port = 2222;
23 authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
24 hostKeys = [ "/root/initrd/ssh.key" ];
25 extraConfig = ''
26 '';
27 };
28 services.openssh = {
29 openFirewall = true;
30 forwardX11 = true;
31 };
32 programs.ssh = {
33 extraConfig = ''
34 Compression = yes
35 '';
36 };
37 services.upnpc.redirections =
38 [
39 { description = "SSH";
40 externalPort = 22; protocol = "TCP"; duration = 30 * 60;
41 service.wantedBy = ["sshd.service"];
42 service.partOf = ["sshd.service"];
43 }
44 { description = "Mosh"; externalPort = 60000; protocol = "UDP"; duration = 30 * 60; service.wantedBy = ["sshd.service"]; }
45 { description = "Mosh"; externalPort = 60001; protocol = "UDP"; duration = 30 * 60; service.wantedBy = ["sshd.service"]; }
46 { description = "Mosh"; externalPort = 60002; protocol = "UDP"; duration = 30 * 60; service.wantedBy = ["sshd.service"]; }
47 { description = "Mosh"; externalPort = 60003; protocol = "UDP"; duration = 30 * 60; service.wantedBy = ["sshd.service"]; }
48 ] ++ [
49 { description = "SSH (boot)";
50 externalPort = 2222; protocol = "TCP"; duration = 0;
51 service.wantedBy = ["sshd.service"];
52 }
53 ];
54 }