feat: add dynamic pÃort forwarding definitions

2026-03-14 14:22:25 +01:00 · 2026-03-14 14:22:25 +01:00 · 5855d2384d
commit 5855d2384d
parent d00f120d9d
2 changed files with 14 additions and 5 deletions
--- a/data/services.nix
+++ b/data/services.nix
@ -23,6 +23,16 @@ rec {
  autossh = {
    key_path = "/etc/auto-ssh_secrets/key";
    known_hosts = "/etc/auto-ssh_secrets/known_hosts";
+    forwards = [{
+      remote = 80;
+      localAddress = "localhost";
+      localPort = 80;
+    }
+    {
+      remote = 443;
+      localAddress = "localhost";
+      localPort = 443;
+    }];
  };
 }

--- a/services/autossh.nix
+++ b/services/autossh.nix
@ -4,10 +4,9 @@ let
  net = import ../data/network.nix;
  serv = import ../data/services.nix;

-  remoteListenHost = "0.0.0.0";
-  remoteListenPort = 80;
-  localHost = "localhost";
-  localPort = 80;
+  forwardStrings = map (port: "-R ${toString port.remote}:${port.localAddress}:${toString port.localPort}") serv.autossh.forwards;
+  forwardString = builtins.concatStringsSep " " forwardStrings;
+
  sshHost = net.services.remoteProxy.ip;
  sshPort = 22;
  sshUser = "root";
@ -39,7 +38,7 @@ in
          -o ServerAliveInterval=10 \
          -o ExitOnForwardFailure=yes \
          -o UserKnownHostsFile=${trustedHostsFile} \
-          -R ${toString remoteListenPort}:${localHost}:${toString localPort} \
+          ${forwardString} \
          -i ${sshKeyPath} \
          -p ${toString sshPort} \
          ${sshUser}@${sshHost}