{ config, pkgs, ... }:

let
  net = import ../data/network.nix;
  serv = import ../data/services.nix;

  remoteListenHost = "0.0.0.0";
  remoteListenPort = 80;
  localHost = "localhost";
  localPort = 80;
  sshHost = net.services.remoteProxy.ip;
  sshPort = 22;
  sshUser = "root";
  sshKeyPath = serv.autossh.key_path;
  trustedHostsFile = serv.autossh.known_hosts;
in
{
  environment.systemPackages = with pkgs; [
    autossh
    moreutils
  ];

  systemd.services.autossh-tunnel = {
    description = "Autossh Reverse SSH Tunnel";
    after = [ "network.target" "network-online.target" ];
    wants = [ "network-online.target" ];
    
    serviceConfig = {
      Type = "simple";
      User = "root";
      Restart = "always";
      RestartSec = 10;
      
      ExecStart = ''
        ${pkgs.autossh}/bin/autossh \
          -N \
          -T \
          -M 0 \
          -o ServerAliveInterval=10 \
          -o ExitOnForwardFailure=yes \
          -o UserKnownHostsFile=${trustedHostsFile} \
          -R ${remoteListenHost}:${toString remoteListenPort}:${localHost}:${toString localPort} \
          -i ${sshKeyPath} \
          -p ${toString sshPort} \
          ${sshUser}@${sshHost} \
          2>&1 | ${pkgs.moreutils}/bin/ts '%Y-%m-%dT%H:%M:%S%z'
      '';
    };
    
    wantedBy = [ "multi-user.target" ];
  };
}