make copernicus accessable via netbox wg connection

boxes/copernicus/services/sshd.nix

@@ -7,6 +7,20 @@
       PermitRootLogin = "no";
       PasswordAuthentication = false;
     };
+    listenAddresses = [
+      {
+        addr = "192.168.1.201";
+        port = 2222;
+      }
+      {
+        addr = "10.100.0.2";
+        port = 2222;
+      }
+    ];
+  };
+
+  networking.firewall.interfaces.eno1 = {
+    allowedTCPPorts = [ 2222 ];
   };
 
   users.users.usr.openssh.authorizedKeys.keys = [

boxes/netbox/ssh.nix

@@ -1,4 +1,4 @@
-{ lib, config, pkgs, machines, ... }:
+{ pkgs, machines, ... }:
 
 {
   services.openssh = {
@@ -6,6 +6,7 @@
     ports = [55555];
     settings = {
       X11Forwarding = false;
+      AllowTcpForwarding = true;
       PermitRootLogin = "no";
       PasswordAuthentication = false;
     };
@@ -34,7 +35,6 @@
     login_ip="''${SSH_CLIENT%% *}"
     is_in_ignored=$(grep "$login_ip" /etc/ssh/ignored_ips -c)
     if [ "$is_in_ignored" -gt 0 ]; then
-      echo "Your login has been ignored based on your IP address."
       exit
     fi
     time=$(date "+%T%:z")

lappy-config/ssh/config

@@ -2,3 +2,13 @@ Host netbox
 	HostName beepboop.systems
 	User ryan
 	Port 443
+
+Host copernicus-proxy
+	HostName 10.100.0.2
+	User usr
+	Port 2222
+	ProxyJump netbox
+
+Host copernicus
+	User usr
+	Port 2222