config/profiles/autossh-reverse-tunnels/default.nix

{ config, pkgs, lib, ... }:
{
  # AutoSSH reverse tunnels

  # TODO: add noximilien to this list, deselect is using hostname

  services.autossh.sessions = let
    mkSshSession = {user, name, host, rport, monitoringPort}: {
      user = user; # local user
      name = "ssh-reverse-tunnel-${name}-${toString rport}";
      monitoringPort = monitoringPort;
      extraArguments = lib.concatStringsSep " " [
        "-N" # no remote command
        "-o ServerAliveInterval=10" # check if still alive
        "-o ServerAliveCountMax=3" # check if still alive
        "-o ExitOnForwardFailure=yes" # reverse tunnel critical
        "-R ${toString rport}:127.0.0.1:22" # reverse tunnel
        host
      ];
    };
  in [
    #(mkSshSession {user="root"; name="p7rpi";    host="pi@p7.pbsds.net";              rport=10023; monitoringPort=20000; }) # no mutual signature algorithm
    (mkSshSession {user="root"; name="pbuntu";   host="pbsds@pbuntu.pbsds.net -p 23"; rport=10023; monitoringPort=20002; })
    (mkSshSession {user="root"; name="hildring"; host="pederbs@hildring.pvv.ntnu.no"; rport=25775; monitoringPort=20004; })
  ];

  programs.ssh.knownHosts = {
    # fetch with `ssh-keyscan`
    "[pbuntu.pbsds.net]:23".publicKey
       = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFiAq96DANRP90fBTknL9VagN0HB8O+S6qD17iC8caE3uZ6Wq5a3gpCr/s0T/Cbf8exNYn3zpdLUUUSngN6gMeA=";
    "p7.pbsds.net".publicKey
       = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMn1GtMCK2T3LoSfwer0VKCTDO2DHYcf7L41YmWda4fObMZk1VJtjV7wn7EsYkpbHUwkeZCd9DcOb7aYwr0OHLU=";
    "hildring.pvv.ntnu.no".publicKey
       = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGurF7rdnrDP/VgIK2Tx38of+bX/QGCGL+alrWnZ1Ca5llGneMulUt1RB9xZzNLHiaWIE+HOP0i4spEaeZhilfU=";
  };
  #programs.ssh.extraConfig = ''
  #'';

}
Initial commit 2023-02-24 21:36:30 +01:00			`{ config, pkgs, lib, ... }:`
			`{`
			`# AutoSSH reverse tunnels`

further catogorize profile/web, add python-docs 2023-02-26 02:46:35 +01:00			`# TODO: add noximilien to this list, deselect is using hostname`

Initial commit 2023-02-24 21:36:30 +01:00			`services.autossh.sessions = let`
			`mkSshSession = {user, name, host, rport, monitoringPort}: {`
			`user = user; # local user`
			`name = "ssh-reverse-tunnel-${name}-${toString rport}";`
			`monitoringPort = monitoringPort;`
			`extraArguments = lib.concatStringsSep " " [`
			`"-N" # no remote command`
			`"-o ServerAliveInterval=10" # check if still alive`
			`"-o ServerAliveCountMax=3" # check if still alive`
			`"-o ExitOnForwardFailure=yes" # reverse tunnel critical`
			`"-R ${toString rport}:127.0.0.1:22" # reverse tunnel`
			`host`
			`];`
			`};`
			`in [`
			`#(mkSshSession {user="root"; name="p7rpi"; host="pi@p7.pbsds.net"; rport=10023; monitoringPort=20000; }) # no mutual signature algorithm`
			`(mkSshSession {user="root"; name="pbuntu"; host="pbsds@pbuntu.pbsds.net -p 23"; rport=10023; monitoringPort=20002; })`
			`(mkSshSession {user="root"; name="hildring"; host="pederbs@hildring.pvv.ntnu.no"; rport=25775; monitoringPort=20004; })`
			`];`

			`programs.ssh.knownHosts = {`
			# fetch with `ssh-keyscan`
			`"[pbuntu.pbsds.net]:23".publicKey`
			`= "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFiAq96DANRP90fBTknL9VagN0HB8O+S6qD17iC8caE3uZ6Wq5a3gpCr/s0T/Cbf8exNYn3zpdLUUUSngN6gMeA=";`
			`"p7.pbsds.net".publicKey`
			`= "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMn1GtMCK2T3LoSfwer0VKCTDO2DHYcf7L41YmWda4fObMZk1VJtjV7wn7EsYkpbHUwkeZCd9DcOb7aYwr0OHLU=";`
			`"hildring.pvv.ntnu.no".publicKey`
			`= "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGurF7rdnrDP/VgIK2Tx38of+bX/QGCGL+alrWnZ1Ca5llGneMulUt1RB9xZzNLHiaWIE+HOP0i4spEaeZhilfU=";`
			`};`
			`#programs.ssh.extraConfig = ''`
			`#'';`

			`}`