51 lines
1.2 KiB
Nix
51 lines
1.2 KiB
Nix
{ config, pkgs, ... }:
|
|
|
|
let
|
|
net = import ../data/network.nix;
|
|
serv = import ../data/services.nix;
|
|
|
|
remoteListenHost = "0.0.0.0";
|
|
remoteListenPort = 80;
|
|
localHost = "localhost";
|
|
localPort = 80;
|
|
sshHost = net.services.remoteProxy.ip;
|
|
sshPort = 22;
|
|
sshUser = "root";
|
|
sshKeyPath = serv.autossh.key_path;
|
|
trustedHostsFile = serv.autossh.known_hosts;
|
|
in
|
|
{
|
|
environment.systemPackages = with pkgs; [
|
|
autossh
|
|
moreutils
|
|
];
|
|
|
|
systemd.services.autossh-tunnel = {
|
|
description = "Autossh Reverse SSH Tunnel";
|
|
after = [ "network.target" "network-online.target" ];
|
|
wants = [ "network-online.target" ];
|
|
|
|
serviceConfig = {
|
|
Type = "simple";
|
|
User = "root";
|
|
Restart = "always";
|
|
RestartSec = 10;
|
|
|
|
ExecStart = ''
|
|
${pkgs.autossh}/bin/autossh \
|
|
-N \
|
|
-T \
|
|
-M 0 \
|
|
-o ServerAliveInterval=10 \
|
|
-o ExitOnForwardFailure=yes \
|
|
-o UserKnownHostsFile=${trustedHostsFile} \
|
|
-R ${remoteListenHost}:${toString remoteListenPort}:${localHost}:${toString localPort} \
|
|
-i ${sshKeyPath} \
|
|
-p ${toString sshPort} \
|
|
${sshUser}@${sshHost}
|
|
'';
|
|
};
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
|
};
|
|
}
|