{ config, pkgs, lib, ... }: lib.mkIf (!config.virtualisation.isVmVariant) { # AutoSSH reverse tunnels # TODO: add noximilien to this list, deselect is using hostname services.autossh.sessions = let mkSshSession = {user, name, host, rport, monitoringPort}: { user = user; # local user name = "ssh-reverse-tunnel-${name}-${toString rport}"; monitoringPort = monitoringPort; extraArguments = lib.concatStringsSep " " [ "-N" # no remote command "-o ServerAliveInterval=10" # check if still alive "-o ServerAliveCountMax=3" # check if still alive "-o ExitOnForwardFailure=yes" # reverse tunnel critical "-R ${toString rport}:127.0.0.1:22" # reverse tunnel host ]; }; in [ #(mkSshSession {user="root"; name="p7rpi"; host="pi@p7.pbsds.net"; rport=10023; monitoringPort=20000; }) # no mutual signature algorithm #(mkSshSession {user="root"; name="pbuntu"; host="pbsds@pbuntu.pbsds.net -p 23"; rport=10023; monitoringPort=20002; }) (mkSshSession {user="root"; name="hildring"; host="pederbs@hildring.pvv.ntnu.no"; rport=25775; monitoringPort=20004; }) ]; programs.ssh.knownHosts = { # fetch with `ssh-keyscan` "[pbuntu.pbsds.net]:23".publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFiAq96DANRP90fBTknL9VagN0HB8O+S6qD17iC8caE3uZ6Wq5a3gpCr/s0T/Cbf8exNYn3zpdLUUUSngN6gMeA="; "p7.pbsds.net".publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMn1GtMCK2T3LoSfwer0VKCTDO2DHYcf7L41YmWda4fObMZk1VJtjV7wn7EsYkpbHUwkeZCd9DcOb7aYwr0OHLU="; "hildring.pvv.ntnu.no".publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGurF7rdnrDP/VgIK2Tx38of+bX/QGCGL+alrWnZ1Ca5llGneMulUt1RB9xZzNLHiaWIE+HOP0i4spEaeZhilfU="; }; #programs.ssh.extraConfig = '' #''; }