pederbs/config
2
2
Fork 0
Code Issues Pull Requests Releases Activity

sshuttle, cleanup

Browse Source
This commit is contained in:
Peder Bergebakken Sundt
2024-07-31 01:57:47 +02:00
parent fa78f6c4eb
commit 0b434f509b
9 changed files with 37 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
profiles/remote-builders.nix
+5 -4
View File
@@ -33,14 +33,15 @@ let
isThis = fqdn == config.networking.fqdn;
in mkIf (!isThis) ( lib.mkMerge [
# out
(lib.mkIf (isBuilder && thisHostIsConsumer) {
(lib.mkIf (thisHostIsConsumer && isBuilder) {
nix.buildMachines = [ buildMachine ];
})
# out or jump
(lib.mkIf (host.ssh ? listenPublicKey && thisHostIsConsumer) {
(lib.mkIf (thisHostIsConsumer && host.ssh ? listenPublicKey) {
programs.ssh.knownHosts.${fqdn}.publicKey = host.ssh.listenPublicKey;
# TODO: use nix.buildMachines.*.publicHostKey ?
# timeouts are great when remote is unresponsive. nix doesn't care
programs.ssh.extraConfig = ''
@@ -48,12 +49,12 @@ let
ConnectTimeout 3
Port ${builtins.toString host.ssh.listenPort}
${lib.optionalString (host.ssh ? proxyJump) ''
ProxyJump ${host.ssh.proxyJump}
ProxyJump ${jump.ssh.listenUser}@${host.ssh.proxyJump}:${builtins.toString jump.ssh.listenPort}
''}
'';
})
# in
(mkIf (isConsumer && (thisHostIsBuilder || thisHostIsHopHost) ) {
(mkIf ((thisHostIsBuilder || thisHostIsHopHost) && isConsumer) {
nix.settings.allowed-users = [ thisHost.ssh.listenUser ];
nix.settings.trusted-users = [ thisHost.ssh.listenUser ];