chvp/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add SSH tunnel to a host

Browse source
This commit is contained in:
Charlotte Van Petegem 2021-09-23 15:22:02 +02:00
parent df51bc9eb8
commit 23d766c067
No known key found for this signature in database
GPG key ID: 019E764B7184435A
6 changed files with 41 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
modules/services/default.nix
View file

@ -10,5 +10,6 @@
./nextcloud
./nginx
./syncthing
./tunnel
];
}

23
modules/services/tunnel/default.nix Normal file
View file

@ -0,0 +1,23 @@
{ config, pkgs, lib, ... }:
{
options.chvp.services.tunnel.enable = lib.mkOption {
default = false;
example = true;
};
config = lib.mkIf config.chvp.services.tunnel.enable {
networking.firewall.trustedInterfaces = [ "br-mailcow" ];
systemd.services.tunnel = {
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
script = "${pkgs.openssh}/bin/ssh -i ${config.age.secrets."files/services/tunnel/key".path} -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes -o ControlPath=none -NT -p $SSH_PORT -L 0.0.0.0:9797:$CONN_HOST:$CONN_PORT $USER@$SSH_HOST";
serviceConfig = {
EnvironmentFile = config.age.secrets."files/services/tunnel/env".path;
};
};
age.secrets."files/services/tunnel/key".file = ../../../secrets/files/services/tunnel/key.age;
age.secrets."files/services/tunnel/env".file = ../../../secrets/files/services/tunnel/env.age;
};
}