]> Git — Sourcephile - sourcephile-nix.git/blob - hosts/losurdo/networking/ssh.nix
prosody: restarting is needed to reload TLS certificates
[sourcephile-nix.git] / hosts / losurdo / networking / ssh.nix
1 { pkgs, lib, config, hosts, ... }:
2 {
3 /* Wireguard is used instead
4 systemd.services.ssh-mermet-reverse = {
5 after = [ "network-online.target" ];
6 wantedBy = [ "multi-user.target" ];
7 serviceConfig = {
8 Type = "simple";
9 # Require services.openssh.gatewayPorts = "clientspecified";
10 # on the target.
11 ExecStart = ''${pkgs.openssh}/bin/ssh -v -g -N -T \
12 -o ServerAliveInterval=10 \
13 -o ExitOnForwardFailure=yes \
14 -R *:10022:localhost:22 \
15 ${hosts.mermet._module.args.ipv4}
16 '';
17 Restart = "always";
18 RestartSec = "5s";
19 };
20 };
21 */
22 boot.initrd.network.ssh = {
23 enable = true;
24 port = 2222;
25 authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
26 hostKeys = [ "/root/initrd/ssh.key" ];
27 extraConfig = ''
28 '';
29 };
30 services.openssh = {
31 openFirewall = true;
32 forwardX11 = true;
33 };
34 programs.ssh = {
35 extraConfig = ''
36 Compression = yes
37 '';
38 };
39 services.upnpc.redirections =
40 [
41 { description = "SSH";
42 externalPort = 22; protocol = "TCP"; duration = 30 * 60;
43 service.wantedBy = ["sshd.service"];
44 service.partOf = ["sshd.service"];
45 }
46 { description = "Mosh"; externalPort = 60000; protocol = "UDP"; duration = 30 * 60; service.wantedBy = ["sshd.service"]; }
47 { description = "Mosh"; externalPort = 60001; protocol = "UDP"; duration = 30 * 60; service.wantedBy = ["sshd.service"]; }
48 { description = "Mosh"; externalPort = 60002; protocol = "UDP"; duration = 30 * 60; service.wantedBy = ["sshd.service"]; }
49 { description = "Mosh"; externalPort = 60003; protocol = "UDP"; duration = 30 * 60; service.wantedBy = ["sshd.service"]; }
50 ] ++ [
51 { description = "SSH (boot)";
52 externalPort = 2222; protocol = "TCP"; duration = 0;
53 service.wantedBy = ["sshd.service"];
54 }
55 ];
56 }