sshuttle, cleanup
This commit is contained in:
parent
fa78f6c4eb
commit
0b434f509b
@ -19,7 +19,6 @@
|
||||
|
||||
../../profiles/domeneshop-dyndns
|
||||
../../profiles/remote-builders.nix
|
||||
#../../profiles/code-remote
|
||||
#../../profiles/autossh-reverse-tunnels
|
||||
];
|
||||
services.domeneshop-updater.targets = [ config.networking.fqdn ];
|
||||
|
@ -19,7 +19,6 @@
|
||||
../../profiles/shell.nix
|
||||
|
||||
../../profiles/domeneshop-dyndns
|
||||
#../../profiles/code-remote
|
||||
../../profiles/remote-builders.nix
|
||||
#../../profiles/autossh-reverse-tunnels
|
||||
];
|
||||
|
@ -33,14 +33,15 @@ let
|
||||
isThis = fqdn == config.networking.fqdn;
|
||||
in mkIf (!isThis) ( lib.mkMerge [
|
||||
# out
|
||||
(lib.mkIf (isBuilder && thisHostIsConsumer) {
|
||||
(lib.mkIf (thisHostIsConsumer && isBuilder) {
|
||||
|
||||
nix.buildMachines = [ buildMachine ];
|
||||
|
||||
})
|
||||
# out or jump
|
||||
(lib.mkIf (host.ssh ? listenPublicKey && thisHostIsConsumer) {
|
||||
(lib.mkIf (thisHostIsConsumer && host.ssh ? listenPublicKey) {
|
||||
programs.ssh.knownHosts.${fqdn}.publicKey = host.ssh.listenPublicKey;
|
||||
# TODO: use nix.buildMachines.*.publicHostKey ?
|
||||
|
||||
# timeouts are great when remote is unresponsive. nix doesn't care
|
||||
programs.ssh.extraConfig = ''
|
||||
@ -48,12 +49,12 @@ let
|
||||
ConnectTimeout 3
|
||||
Port ${builtins.toString host.ssh.listenPort}
|
||||
${lib.optionalString (host.ssh ? proxyJump) ''
|
||||
ProxyJump ${host.ssh.proxyJump}
|
||||
ProxyJump ${jump.ssh.listenUser}@${host.ssh.proxyJump}:${builtins.toString jump.ssh.listenPort}
|
||||
''}
|
||||
'';
|
||||
})
|
||||
# in
|
||||
(mkIf (isConsumer && (thisHostIsBuilder || thisHostIsHopHost) ) {
|
||||
(mkIf ((thisHostIsBuilder || thisHostIsHopHost) && isConsumer) {
|
||||
|
||||
nix.settings.allowed-users = [ thisHost.ssh.listenUser ];
|
||||
nix.settings.trusted-users = [ thisHost.ssh.listenUser ];
|
||||
|
3
todos.md
3
todos.md
@ -17,7 +17,8 @@
|
||||
* [ ] switch to systemd networkd
|
||||
* [x] Setup some remote-development and deploy flow
|
||||
* [ ] zfs, declarative pools?
|
||||
* [ ] figure out how to reuse system flake lock while deplying, leave the night job to upgrade
|
||||
* [ ] zfs, fix export
|
||||
* [ ] figure out how to reuse system flake lock while deploying, leave the night job to upgrade
|
||||
* [ ] some tunneling for NFS hosts
|
||||
* [ ] https://nix-community.org/community-builder/
|
||||
# ricing
|
||||
|
@ -32,6 +32,11 @@
|
||||
#nix-shell -p atom --run "atom $(printf "%q " "$@") --no-sandbox"
|
||||
nix run nixpkgs#atom -- --disable-gpu --in-process-gpu --no-sandbox "$@"
|
||||
}
|
||||
|
||||
function vpn {
|
||||
ip="$(dig +short -x a $1 | tail -n 1)"
|
||||
( set -x; sshuttle 0.0.0.0/0 --disable-ipv6 --dns -r "$1" -x $ip -x 127.0.0.1 -x 172.0.0.0/8 )
|
||||
}
|
||||
'';
|
||||
|
||||
home.packages = with pkgs; [
|
||||
@ -76,12 +81,13 @@
|
||||
cachix
|
||||
#nix-template
|
||||
nix-output-monitor
|
||||
nixpkgs-review
|
||||
unstable.nixpkgs-review
|
||||
unstable.nixpkgs-hammering
|
||||
unstable.nix-update
|
||||
unstable.nix-init
|
||||
unstable.deadnix
|
||||
unstable.statix
|
||||
(pkgs.nixfmt-rfc-style or unstable.nixfmt-rfc-style or null)
|
||||
nurl
|
||||
manix
|
||||
#comma # collides with nix-index-database
|
||||
|
@ -7,5 +7,6 @@
|
||||
./profiles/mpv.nix
|
||||
./profiles/desktop.nix
|
||||
./profiles/salert.nix
|
||||
./profiles/sshuttle.nix
|
||||
];
|
||||
}
|
||||
|
@ -90,7 +90,7 @@
|
||||
curl
|
||||
wget
|
||||
|
||||
sshuttle
|
||||
wakeonlan
|
||||
|
||||
#tldr
|
||||
entr
|
||||
|
@ -5,9 +5,6 @@
|
||||
if test -f ~/.ssh/config; then
|
||||
complete -W "$(cat ~/.ssh/config | grep "^Host " | cut -d" " -f2- | grep -v '\*')" ssh
|
||||
complete -W "$(cat ~/.ssh/config | grep "^Host " | cut -d" " -f2- | grep -v '\*')" rssh
|
||||
complete -W "$(cat ~/.ssh/config | grep "^Host " | cut -d" " -f2- | grep -v '\*')" vpn
|
||||
complete -W "$(cat ~/.ssh/config | grep "^Host " | cut -d" " -f2- | grep -v '\*')" lvpn
|
||||
complete -W "$(cat ~/.ssh/config | grep "^Host " | cut -d" " -f2- | grep -v '\*')" dvpn
|
||||
complete -W "$(cat ~/.ssh/config | grep "^Host " | cut -d" " -f2- | grep -v '\*')" scp
|
||||
complete -W "$(cat ~/.ssh/config | grep "^Host " | cut -d" " -f2- | grep -v '\*')" remote-init
|
||||
complete -W "$(cat ~/.ssh/config | grep "^Host " | cut -d" " -f2- | grep -v '\*')" remote-add
|
||||
|
21
users/pbsds/home/profiles/sshuttle.nix
Normal file
21
users/pbsds/home/profiles/sshuttle.nix
Normal file
@ -0,0 +1,21 @@
|
||||
# https://nix-community.github.io/home-manager/options.html
|
||||
{ pkgs, config, ... }:
|
||||
{
|
||||
home.packages = with pkgs; [
|
||||
sshuttle
|
||||
];
|
||||
|
||||
programs.bash.initExtra = ''
|
||||
function vpn (
|
||||
ip="$(dig +short -x a $1 | tail -n 1)"
|
||||
set -x
|
||||
sshuttle 0.0.0.0/0 --disable-ipv6 --dns -r "$1" -x $ip -x 127.0.0.1 -x 172.0.0.0/8
|
||||
)
|
||||
|
||||
if test -f ~/.ssh/config; then
|
||||
complete -W "$(cat ~/.ssh/config | grep "^Host " | cut -d" " -f2- | grep -v '\*')" vpn
|
||||
complete -W "$(cat ~/.ssh/config | grep "^Host " | cut -d" " -f2- | grep -v '\*')" lvpn
|
||||
complete -W "$(cat ~/.ssh/config | grep "^Host " | cut -d" " -f2- | grep -v '\*')" dvpn
|
||||
fi
|
||||
'';
|
||||
}
|
Loading…
Reference in New Issue
Block a user