Infra/pi
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: add dynamic pÃort forwarding definitions

Browse source
This commit is contained in:
Katharina Heidenreich 2026-03-14 14:22:25 +01:00
parent d00f120d9d
commit 5855d2384d
2 changed files with 14 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

10
data/services.nix
View file

@ -23,6 +23,16 @@ rec {
autossh = { autossh = {
key_path = "/etc/auto-ssh_secrets/key"; key_path = "/etc/auto-ssh_secrets/key";
known_hosts = "/etc/auto-ssh_secrets/known_hosts"; known_hosts = "/etc/auto-ssh_secrets/known_hosts";
forwards = [{
remote = 80;
localAddress = "localhost";
localPort = 80;
}
{
remote = 443;
localAddress = "localhost";
localPort = 443;
}];
}; };
} }

9
services/autossh.nix
View file

@ -4,10 +4,9 @@ let
net = import ../data/network.nix; net = import ../data/network.nix;
serv = import ../data/services.nix; serv = import ../data/services.nix;
remoteListenHost = "0.0.0.0"; forwardStrings = map (port: "-R ${toString port.remote}:${port.localAddress}:${toString port.localPort}") serv.autossh.forwards;
remoteListenPort = 80; forwardString = builtins.concatStringsSep " " forwardStrings;
localHost = "localhost";
localPort = 80;
sshHost = net.services.remoteProxy.ip; sshHost = net.services.remoteProxy.ip;
sshPort = 22; sshPort = 22;
sshUser = "root"; sshUser = "root";
@ -39,7 +38,7 @@ in
-o ServerAliveInterval=10 \ -o ServerAliveInterval=10 \
-o ExitOnForwardFailure=yes \ -o ExitOnForwardFailure=yes \
-o UserKnownHostsFile=${trustedHostsFile} \ -o UserKnownHostsFile=${trustedHostsFile} \
-R ${toString remoteListenPort}:${localHost}:${toString localPort} \ ${forwardString} \
-i ${sshKeyPath} \ -i ${sshKeyPath} \
-p ${toString sshPort} \ -p ${toString sshPort} \
${sshUser}@${sshHost} ${sshUser}@${sshHost}