changes
This commit is contained in:
commit
e28e53b6db
|
@ -56,7 +56,8 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
users.users.usr.openssh.authorizedKeys.keys = [
|
users.users.usr.openssh.authorizedKeys.keys = [
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbhM3wj0oqjR3pUaZgpfX4Xo4dlzvBTbQ48zHyg7Pwx usr"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbhM3wj0oqjR3pUaZgpfX4Xo4dlzvBTbQ48zHyg7Pwx usr" # x230t
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB2xUbQw9+RCPVw7qCFm4NNCP/MpS2BIArcwMv0KdKOI usr" # mlg
|
||||||
];
|
];
|
||||||
|
|
||||||
system.stateVersion = "23.11";
|
system.stateVersion = "23.11";
|
||||||
|
|
|
@ -2,8 +2,9 @@
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
# ./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
./nvidia.nix
|
./nvidia.nix
|
||||||
|
../../modules/ssh-phone-home.nix
|
||||||
../../modules/bootstrap.nix
|
../../modules/bootstrap.nix
|
||||||
../../modules/common.nix
|
../../modules/common.nix
|
||||||
../../modules/x11.nix
|
../../modules/x11.nix
|
||||||
|
@ -25,9 +26,20 @@
|
||||||
libreoffice
|
libreoffice
|
||||||
nomacs
|
nomacs
|
||||||
vscodium
|
vscodium
|
||||||
|
thunderbird
|
||||||
minetest
|
minetest
|
||||||
];
|
];
|
||||||
|
|
||||||
|
services.openssh.enable = true;
|
||||||
|
services.ssh-phone-home = {
|
||||||
|
enable = true;
|
||||||
|
localUser = "usr";
|
||||||
|
remoteHostname = "192.168.1.100";
|
||||||
|
remotePort = 22;
|
||||||
|
remoteUser = "usr";
|
||||||
|
bindPort = 2222;
|
||||||
|
};
|
||||||
|
|
||||||
boot.loader = {
|
boot.loader = {
|
||||||
efi = {
|
efi = {
|
||||||
canTouchEfiVariables = true;
|
canTouchEfiVariables = true;
|
||||||
|
@ -48,5 +60,9 @@
|
||||||
services.avahi.nssmdns = true; # enables the mDNS NSS plug-in
|
services.avahi.nssmdns = true; # enables the mDNS NSS plug-in
|
||||||
services.avahi.openFirewall = true; # opens the firewall for UDP port 5353
|
services.avahi.openFirewall = true; # opens the firewall for UDP port 5353
|
||||||
|
|
||||||
networking.hostName = "mlg";
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
networking = {
|
||||||
|
hostName = "mlg";
|
||||||
|
firewall.enable = true;
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,41 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# testing
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "vmd" "nvme" "usb_storage" "sd_mod" ];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
fileSystems."/" =
|
||||||
|
{ device = "/dev/disk/by-uuid/eada30c2-ffc5-4410-b1cf-fcea6a4040ff";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" =
|
||||||
|
{ device = "/dev/disk/by-uuid/5318-1A44";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices = [ ];
|
||||||
|
|
||||||
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.enp58s0.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.enp7s0.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||||
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
}
|
|
@ -0,0 +1,10 @@
|
||||||
|
{ lib, inputs, config, pkgs, home, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
../../home/x11.nix
|
||||||
|
../../home/chromium
|
||||||
|
];
|
||||||
|
|
||||||
|
home.stateVersion = "23.11";
|
||||||
|
}
|
|
@ -249,7 +249,8 @@ in {
|
||||||
|
|
||||||
users.users.ryan = {
|
users.users.ryan = {
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbhM3wj0oqjR3pUaZgpfX4Xo4dlzvBTbQ48zHyg7Pwx usr"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbhM3wj0oqjR3pUaZgpfX4Xo4dlzvBTbQ48zHyg7Pwx usr" # x230t
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGrpVDLQszFKoYbvYKRyVTTpehxR0BVU47SXkz39l2wK usr" # mainsail
|
||||||
];
|
];
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
extraGroups = [ "wheel" "docker" ];
|
extraGroups = [ "wheel" "docker" ];
|
||||||
|
@ -342,7 +343,7 @@ in {
|
||||||
locations."~ \\.git" = {
|
locations."~ \\.git" = {
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
client_max_body_size 0;
|
client_max_body_size 0;
|
||||||
|
|
||||||
include ${pkgs.nginx}/conf/fastcgi_params;
|
include ${pkgs.nginx}/conf/fastcgi_params;
|
||||||
fastcgi_param SCRIPT_FILENAME ${pkgs.git}/bin/git-http-backend;
|
fastcgi_param SCRIPT_FILENAME ${pkgs.git}/bin/git-http-backend;
|
||||||
fastcgi_param GIT_HTTP_EXPORT_ALL "";
|
fastcgi_param GIT_HTTP_EXPORT_ALL "";
|
||||||
|
|
|
@ -18,6 +18,11 @@
|
||||||
thunderbird
|
thunderbird
|
||||||
hue-cli
|
hue-cli
|
||||||
bluetuith
|
bluetuith
|
||||||
|
brave
|
||||||
|
vdirsyncer
|
||||||
|
isync
|
||||||
|
khal
|
||||||
|
todoman
|
||||||
];
|
];
|
||||||
|
|
||||||
hardware.bluetooth = {
|
hardware.bluetooth = {
|
||||||
|
|
|
@ -1,27 +0,0 @@
|
||||||
{
|
|
||||||
"nodes": {
|
|
||||||
"nixpkgs": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1703467016,
|
|
||||||
"narHash": "sha256-/5A/dNPhbQx/Oa2d+Get174eNI3LERQ7u6WTWOlR1eQ=",
|
|
||||||
"owner": "NixOS",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "d02d818f22c777aa4e854efc3242ec451e5d462a",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "NixOS",
|
|
||||||
"ref": "nixos-23.11",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"root": {
|
|
||||||
"inputs": {
|
|
||||||
"nixpkgs": "nixpkgs"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"root": "root",
|
|
||||||
"version": 7
|
|
||||||
}
|
|
|
@ -1,28 +0,0 @@
|
||||||
{
|
|
||||||
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
|
|
||||||
|
|
||||||
outputs =
|
|
||||||
{ nixpkgs, ... }:
|
|
||||||
let
|
|
||||||
inherit (nixpkgs) lib;
|
|
||||||
withSystem =
|
|
||||||
f:
|
|
||||||
lib.fold lib.recursiveUpdate { } (
|
|
||||||
map f [
|
|
||||||
"x86_64-linux"
|
|
||||||
]
|
|
||||||
);
|
|
||||||
mkPackages = pkgs: {
|
|
||||||
st = pkgs.callPackage ./st.nix { };
|
|
||||||
rebuild = pkgs.callPackage ./rebuild.nix { };
|
|
||||||
utils = pkgs.callPackage ./utils.nix { };
|
|
||||||
};
|
|
||||||
in
|
|
||||||
withSystem (
|
|
||||||
system: {
|
|
||||||
overlays.default = final: _: mkPackages final;
|
|
||||||
|
|
||||||
packages.${system} = mkPackages nixpkgs.legacyPackages.${system};
|
|
||||||
}
|
|
||||||
);
|
|
||||||
}
|
|
|
@ -5,6 +5,7 @@
|
||||||
, libxcb
|
, libxcb
|
||||||
# shell scripts stuff
|
# shell scripts stuff
|
||||||
, makeWrapper
|
, makeWrapper
|
||||||
|
, sshuttle
|
||||||
, sxhkd
|
, sxhkd
|
||||||
, bash
|
, bash
|
||||||
, feh
|
, feh
|
||||||
|
@ -24,7 +25,7 @@ stdenv.mkDerivation rec {
|
||||||
src = ./utils;
|
src = ./utils;
|
||||||
|
|
||||||
nativeBuildInputs = [ makeWrapper pkg-config libxcb ];
|
nativeBuildInputs = [ makeWrapper pkg-config libxcb ];
|
||||||
buildInputs = [ libxcb bash feh xrandr jq curl fzy ytfzf ffmpeg ];
|
buildInputs = [ libxcb bash feh xrandr jq curl fzy ytfzf ffmpeg sshuttle ];
|
||||||
|
|
||||||
buildPhase = ''
|
buildPhase = ''
|
||||||
ls
|
ls
|
||||||
|
@ -37,7 +38,7 @@ stdenv.mkDerivation rec {
|
||||||
for i in $(ls $src/sh); do
|
for i in $(ls $src/sh); do
|
||||||
cp $src/sh/$i $out/bin
|
cp $src/sh/$i $out/bin
|
||||||
ln -sf $out/bin/tmenu_run $out/bin/regenerate
|
ln -sf $out/bin/tmenu_run $out/bin/regenerate
|
||||||
wrapProgram $out/bin/$i --prefix PATH : ${lib.makeBinPath [ sxhkd bash feh xrandr jq figlet curl fzy ytfzf ffmpeg ]}
|
wrapProgram $out/bin/$i --prefix PATH : ${lib.makeBinPath [ sxhkd bash feh xrandr jq figlet curl fzy ytfzf ffmpeg sshuttle ]}
|
||||||
done
|
done
|
||||||
|
|
||||||
cp c/status/main $out/bin/statusbar
|
cp c/status/main $out/bin/statusbar
|
||||||
|
|
|
@ -27,6 +27,12 @@ case "$(hostname)" in
|
||||||
bspc monitor VGA-1 -d 1 3 5 7 9
|
bspc monitor VGA-1 -d 1 3 5 7 9
|
||||||
bspc monitor HDMI-1 -d 2 4 6 8 0
|
bspc monitor HDMI-1 -d 2 4 6 8 0
|
||||||
;;
|
;;
|
||||||
|
"mlg")
|
||||||
|
# holdover configuration for the time being
|
||||||
|
xrandr --output eDP-1 --brightness 0
|
||||||
|
xrandr --output DP-1 --primary
|
||||||
|
bspc monitor DP-1 -d 1 2 3 4 5 6 7 8 9
|
||||||
|
;;
|
||||||
"x230t")
|
"x230t")
|
||||||
echo "x230t"
|
echo "x230t"
|
||||||
case "$1" in
|
case "$1" in
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# a poor man's vpn
|
||||||
|
ip=$(dig +short beepboop.systems)
|
||||||
|
sshuttle --dns -r ryan@$ip:443 0/0
|
32
flake.lock
32
flake.lock
|
@ -25,11 +25,11 @@
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"dir": "pkgs/firefox-addons",
|
"dir": "pkgs/firefox-addons",
|
||||||
"lastModified": 1705709716,
|
"lastModified": 1706081037,
|
||||||
"narHash": "sha256-YJdWSN3ra0FsAQT5PXe7uXxMeAXxTR+SY/wVOO1c6Bs=",
|
"narHash": "sha256-R2dkUMLZa6qvRl4mXOG7bLHaGvoOYf5vIXWeyRDqML0=",
|
||||||
"owner": "rycee",
|
"owner": "rycee",
|
||||||
"repo": "nur-expressions",
|
"repo": "nur-expressions",
|
||||||
"rev": "d7ad3362283fced58410547650be31e37f9d0f41",
|
"rev": "5f23ef51cad74dbf30633366e52eb895c9c633d1",
|
||||||
"type": "gitlab"
|
"type": "gitlab"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -93,11 +93,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1705641746,
|
"lastModified": 1705916986,
|
||||||
"narHash": "sha256-D6c2aH8HQbWc7ZWSV0BUpFpd94ImFyCP8jFIsKQ4Slg=",
|
"narHash": "sha256-iBpfltu6QvN4xMpen6jGGEb6jOqmmVQKUrXdOJ32u8w=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "d2003f2223cbb8cd95134e4a0541beea215c1073",
|
"rev": "d7f206b723e42edb09d9d753020a84b3061a79d8",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -172,8 +172,7 @@
|
||||||
"firefox-addons": "firefox-addons",
|
"firefox-addons": "firefox-addons",
|
||||||
"home-manager": "home-manager",
|
"home-manager": "home-manager",
|
||||||
"nixpkgs": "nixpkgs",
|
"nixpkgs": "nixpkgs",
|
||||||
"simple-nixos-mailserver": "simple-nixos-mailserver",
|
"simple-nixos-mailserver": "simple-nixos-mailserver"
|
||||||
"utilpkg": "utilpkg"
|
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"simple-nixos-mailserver": {
|
"simple-nixos-mailserver": {
|
||||||
|
@ -201,23 +200,6 @@
|
||||||
"type": "gitlab"
|
"type": "gitlab"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"utilpkg": {
|
|
||||||
"inputs": {
|
|
||||||
"nixpkgs": [
|
|
||||||
"nixpkgs"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1,
|
|
||||||
"narHash": "sha256-iemuV19UU8TriqixcvwdRUTa8lIrxc3Krwt4bHpUUWE=",
|
|
||||||
"path": "/nix/store/wazyj2lnn6ksl5v386m7f64v3zf64r80-source/builds",
|
|
||||||
"type": "path"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"path": "/nix/store/wazyj2lnn6ksl5v386m7f64v3zf64r80-source/builds",
|
|
||||||
"type": "path"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"utils": {
|
"utils": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1605370193,
|
"lastModified": 1605370193,
|
||||||
|
|
20
flake.nix
20
flake.nix
|
@ -11,16 +11,12 @@
|
||||||
url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons";
|
url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
utilpkg = {
|
|
||||||
url = "./builds";
|
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
|
||||||
};
|
|
||||||
simple-nixos-mailserver = {
|
simple-nixos-mailserver = {
|
||||||
url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.11";
|
url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.11";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = { self, nixpkgs, home-manager, firefox-addons, simple-nixos-mailserver, utilpkg, ... }@inputs: {
|
outputs = { self, nixpkgs, home-manager, firefox-addons, simple-nixos-mailserver, ... }@inputs: {
|
||||||
nixosConfigurations = {
|
nixosConfigurations = {
|
||||||
netbox = nixpkgs.lib.nixosSystem {
|
netbox = nixpkgs.lib.nixosSystem {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
|
@ -49,6 +45,20 @@
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
mlg = nixpkgs.lib.nixosSystem {
|
||||||
|
system = "x86_64-linux";
|
||||||
|
specialArgs = { inherit inputs; };
|
||||||
|
modules = [
|
||||||
|
./boxes/mlg
|
||||||
|
|
||||||
|
home-manager.nixosModules.home-manager {
|
||||||
|
home-manager.useGlobalPkgs = true;
|
||||||
|
home-manager.useUserPackages = true;
|
||||||
|
home-manager.extraSpecialArgs = { inherit inputs; };
|
||||||
|
home-manager.users.usr = import ./boxes/mlg/home.nix;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
virtbox = nixpkgs.lib.nixosSystem {
|
virtbox = nixpkgs.lib.nixosSystem {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
specialArgs = { inherit inputs; };
|
specialArgs = { inherit inputs; };
|
||||||
|
|
|
@ -6,10 +6,9 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
# is it this? this throws a similar error; no attr st, etc.
|
(pkgs.callPackage ../builds/rebuild.nix {})
|
||||||
inputs.utilpkg.packages.x86_64-linux.st
|
(pkgs.callPackage ../builds/st.nix {})
|
||||||
inputs.utilpkg.packages.x86_64-linux.rebuild
|
(pkgs.callPackage ../builds/utils.nix {})
|
||||||
inputs.utilpkg.packages.x86_64-linux.utils
|
|
||||||
pkgs.man-pages
|
pkgs.man-pages
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,105 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
# with thanks to
|
||||||
|
# https://www.auntieneo.net/2014/12/14/reverse-ssh-tunnel-on-nixos-with-systemd/
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
inherit (pkgs) openssh;
|
||||||
|
cfg = config.services.ssh-phone-home;
|
||||||
|
in
|
||||||
|
|
||||||
|
{
|
||||||
|
|
||||||
|
###### interface
|
||||||
|
|
||||||
|
options = {
|
||||||
|
services.ssh-phone-home = {
|
||||||
|
enable = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = ''
|
||||||
|
Whether to enable a "phone home" reverse SSH proxy.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
persist = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = true;
|
||||||
|
description = ''
|
||||||
|
When this is set to true, the service will persistently attempt to
|
||||||
|
reconnect at intervals whenever the port forwarding operation fails.
|
||||||
|
This is the recommended behavior for reliable operation. If one finds
|
||||||
|
oneself in an environment where this kind of behavior might draw the
|
||||||
|
suspicion of a network administrator, it might be a good idea to
|
||||||
|
set this option to false (or not use <literal>ssh-phone-home</literal>
|
||||||
|
at all).
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
localUser = mkOption {
|
||||||
|
description = ''
|
||||||
|
Local user to connect as (i.e. the user with password-less SSH keys).
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
remoteHostname = mkOption {
|
||||||
|
description = ''
|
||||||
|
The remote host to connect to. This should be the host outside of the
|
||||||
|
firewall or NAT.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
remotePort = mkOption {
|
||||||
|
default = 22;
|
||||||
|
description = ''
|
||||||
|
The port on which to connect to the remote host via SSH protocol.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
remoteUser = mkOption {
|
||||||
|
description = ''
|
||||||
|
The username to connect to the remote host as.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
bindPort = mkOption {
|
||||||
|
default = 2222;
|
||||||
|
description = ''
|
||||||
|
The port to bind and listen to on the remote host.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
###### implementation
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
systemd.services.ssh-phone-home =
|
||||||
|
{
|
||||||
|
description = ''
|
||||||
|
Reverse SSH tunnel as a service
|
||||||
|
'';
|
||||||
|
|
||||||
|
# FIXME: This isn't triggered until a reboot, and probably won't work between suspends.
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
||||||
|
serviceConfig = with cfg; {
|
||||||
|
User = cfg.localUser;
|
||||||
|
} // (if cfg.persist then
|
||||||
|
{
|
||||||
|
# Restart every 10 seconds on failure
|
||||||
|
RestartSec = 10;
|
||||||
|
Restart = "on-failure";
|
||||||
|
}
|
||||||
|
else {}
|
||||||
|
);
|
||||||
|
|
||||||
|
script = with cfg; ''
|
||||||
|
${openssh}/bin/ssh -NTC -o ServerAliveInterval=30 -o ExitOnForwardFailure=yes -R ${toString bindPort}:localhost:22 -l ${remoteUser} -p ${toString remotePort} ${remoteHostname}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in New Issue