config/profiles/autossh-reverse-tunnels/default.nix

43 lines
1.9 KiB
Nix

{ config, pkgs, lib, ... }:
lib.mkIf (!config.virtualisation.isVmVariant)
{
# AutoSSH reverse tunnels
# TODO: add noximilien to this list, deselect is using hostname
services.autossh.sessions = let
mkSshSession = {user, name, host, rport, monitoringPort}: {
user = user; # local user
name = "ssh-reverse-tunnel-${name}-${toString rport}";
monitoringPort = monitoringPort;
extraArguments = lib.concatStringsSep " " [
"-N" # no remote command
"-o ServerAliveInterval=10" # check if still alive
"-o ServerAliveCountMax=3" # check if still alive
"-o ExitOnForwardFailure=yes" # reverse tunnel critical
"-R ${toString rport}:127.0.0.1:22" # reverse tunnel
host
];
};
in [
#(mkSshSession {user="root"; name="p7rpi"; host="pi@p7.pbsds.net"; rport=10023; monitoringPort=20000; }) # no mutual signature algorithm
#(mkSshSession {user="root"; name="pbuntu"; host="pbsds@pbuntu.pbsds.net -p 23"; rport=10023; monitoringPort=20002; })
(mkSshSession {user="root"; name="hildring"; host="pederbs@hildring.pvv.ntnu.no"; rport=25775; monitoringPort=20004; })
];
programs.ssh.knownHosts = {
# fetch with `ssh-keyscan`
"[pbuntu.pbsds.net]:23".publicKey
= "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFiAq96DANRP90fBTknL9VagN0HB8O+S6qD17iC8caE3uZ6Wq5a3gpCr/s0T/Cbf8exNYn3zpdLUUUSngN6gMeA=";
"p7.pbsds.net".publicKey
= "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMn1GtMCK2T3LoSfwer0VKCTDO2DHYcf7L41YmWda4fObMZk1VJtjV7wn7EsYkpbHUwkeZCd9DcOb7aYwr0OHLU=";
"hildring.pvv.ntnu.no".publicKey
= "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGurF7rdnrDP/VgIK2Tx38of+bX/QGCGL+alrWnZ1Ca5llGneMulUt1RB9xZzNLHiaWIE+HOP0i4spEaeZhilfU=";
};
#programs.ssh.extraConfig = ''
#'';
}