machines/losurdo/networking/ssh.nix

   1 { pkgs, lib, config, machines, ... }:
   2 let
   3   inherit (config.security) gnupg;
   4   inherit (config.users) users;
   5 in
   6 {
   7 systemd.services.ssh-mermet-reverse = {
   8   after = [ "network-online.target" ];
   9   wantedBy = [ "multi-user.target" ];
  10   serviceConfig = {
  11     Type = "simple";
  12     # Require services.openssh.gatewayPorts = "clientspecified";
  13     # on the target.
  14     ExecStart = ''${pkgs.openssh}/bin/ssh -v -g -N -T \
  15       -o ServerAliveInterval=10 \
  16       -o ExitOnForwardFailure=yes \
  17       -R *:10022:localhost:22 \
  18       ${machines.mermet.extraArgs.ipv4}
  19     '';
  20     Restart = "always";
  21     RestartSec = "5s";
  22   };
  23 };
  24 boot.initrd.network.ssh = {
  25   enable = true;
  26   port = 2222;
  27   authorizedKeys = users.root.openssh.authorizedKeys.keys;
  28   hostKeys = [ "/root/initrd/ssh.key" ];
  29 };
  30 programs.ssh = {
  31   extraConfig = ''
  32     Compression = yes
  33   '';
  34 };
  35 services.upnpc.redirections = [
  36   { port = 22; protocol = "TCP"; } # SSH
  37   { port = 2222; protocol = "TCP"; }  # SSH (boot)
  38   { port = 60000; protocol = "UDP"; } # Mosh
  39   { port = 60001; protocol = "UDP"; } # Mosh
  40   { port = 60002; protocol = "UDP"; } # Mosh
  41   { port = 60003; protocol = "UDP"; } # Mosh
  42 ];
  43 }