feat: add port offset handling for auto SSH devices

2026-04-04 19:45:40 +02:00 · 2026-04-04 19:45:40 +02:00 · 3385709208
commit 3385709208
parent 2c1316a0a6
3 changed files with 34 additions and 9 deletions
--- a/intermediate/remote.nix
+++ b/intermediate/remote.nix
@ -19,22 +19,31 @@ let
  getRemotePortMap = device:
    autoSshValidation.getRemotePortMap device;

-  resolveRemotePort = remotePortMap: endpoint:
+  getPortOffset = device:
+    autoSshValidation.getPortOffset device;
+
+  ensurePortRange = context: port:
+    if builtins.isInt port && port >= 1 && port <= 65535 then
+      port
+    else
+      throw "${context} must be in range 1..65535.";
+
+  resolveRemotePort = remotePortMap: portOffset: endpoint:
    let
      localPort =
        if endpoint ? port then
-          endpoint.port
+          ensurePortRange "Endpoint port '${toString endpoint.port}'" endpoint.port
        else
          throw "Endpoint is missing required field: port.";
      overrides = lib.filter (entry: entry.localPort == localPort) remotePortMap;
    in
      if overrides != [] then
-        (builtins.head overrides).remotePort
+        ensurePortRange "remotePortMap remotePort '${toString (builtins.head overrides).remotePort}'" (builtins.head overrides).remotePort
      else
-        localPort;
+        ensurePortRange "Computed remote port (local ${toString localPort} + offset ${toString portOffset})" (localPort + portOffset);

-  mapEndpointToForward = remotePortMap: endpoint: {
-    remote = resolveRemotePort remotePortMap endpoint;
+  mapEndpointToForward = remotePortMap: portOffset: endpoint: {
+    remote = resolveRemotePort remotePortMap portOffset endpoint;
    localAddress = "localhost";
    localPort = endpoint.port;
  };
@ -50,6 +59,7 @@ let
        else
          throw "Auto SSH device is missing required field: domain.";
      remotePortMap = getRemotePortMap device;
+      portOffset = getPortOffset device;
      matchedEndpoints =
        lib.filter (endpoint:
          if endpoint.force_ssl && endpoint.port == 80 then
@ -61,8 +71,8 @@ let
        ) endpoints;
      forwards = lib.concatMap (endpoint:
        let
-          baseForward = mapEndpointToForward remotePortMap endpoint;
-          httpRedirectForward = mapEndpointToForward remotePortMap (endpointForHttpRedirect endpoint);
+          baseForward = mapEndpointToForward remotePortMap portOffset endpoint;
+          httpRedirectForward = mapEndpointToForward remotePortMap portOffset (endpointForHttpRedirect endpoint);
        in
          if endpoint.force_ssl then
            [ baseForward httpRedirectForward ]