stupidcomputer/dot_testing
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Compare commits

base: stupidcomputer:21778be01c639f769b36d6d44c0ad059e71fb883
Branches Tags
stupidcomputer:master
stupidcomputer:temp_1
stupidcomputer:statusbar-experimental
stupidcomputer:statusbar-messaging
stupidcomputer:colors.nix
stupidcomputer:flakes_testing
stupidcomputer:utils_import
..
compare: stupidcomputer:9fe5e8992887ef08979848a305e74a2dbb72ef4d
Branches Tags
stupidcomputer:master
stupidcomputer:temp_1
stupidcomputer:statusbar-experimental
stupidcomputer:statusbar-messaging
stupidcomputer:colors.nix
stupidcomputer:flakes_testing
stupidcomputer:utils_import

No commits in common. "21778be01c639f769b36d6d44c0ad059e71fb883" and "9fe5e8992887ef08979848a305e74a2dbb72ef4d" have entirely different histories.
21778be01c ... 9fe5e89928

6 changed files with 5 additions and 132 deletions
Show Stats Expand all files Collapse all files

11
boxes/mlg/default.nix
View File

@ -4,7 +4,6 @@
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./nvidia.nix ./nvidia.nix
../../modules/ssh-phone-home.nix
../../modules/bootstrap.nix ../../modules/bootstrap.nix
../../modules/common.nix ../../modules/common.nix
../../modules/x11.nix ../../modules/x11.nix
@ -30,16 +29,6 @@
minetest minetest
]; ];
services.openssh.enable = true;
services.ssh-phone-home = {
enable = true;
localUser = "usr";
remoteHostname = "192.168.1.100";
remotePort = 22;
remoteUser = "usr";
bindPort = 2222;
};
boot.loader = { boot.loader = {
efi = { efi = {
canTouchEfiVariables = true; canTouchEfiVariables = true;

5
boxes/x230t/default.nix
View File

@ -18,11 +18,6 @@
thunderbird thunderbird
hue-cli hue-cli
bluetuith bluetuith
brave
vdirsyncer
isync
khal
todoman
]; ];
hardware.bluetooth = { hardware.bluetooth = {

5
builds/utils.nix
View File

@ -5,7 +5,6 @@
, libxcb , libxcb
# shell scripts stuff # shell scripts stuff
, makeWrapper , makeWrapper
, sshuttle
, sxhkd , sxhkd
, bash , bash
, feh , feh
@ -25,7 +24,7 @@ stdenv.mkDerivation rec {
src = ./utils; src = ./utils;
nativeBuildInputs = [ makeWrapper pkg-config libxcb ]; nativeBuildInputs = [ makeWrapper pkg-config libxcb ];
buildInputs = [ libxcb bash feh xrandr jq curl fzy ytfzf ffmpeg sshuttle ]; buildInputs = [ libxcb bash feh xrandr jq curl fzy ytfzf ffmpeg ];
buildPhase = '' buildPhase = ''
ls ls
@ -38,7 +37,7 @@ stdenv.mkDerivation rec {
for i in $(ls $src/sh); do for i in $(ls $src/sh); do
cp $src/sh/$i $out/bin cp $src/sh/$i $out/bin
ln -sf $out/bin/tmenu_run $out/bin/regenerate ln -sf $out/bin/tmenu_run $out/bin/regenerate
wrapProgram $out/bin/$i --prefix PATH : ${lib.makeBinPath [ sxhkd bash feh xrandr jq figlet curl fzy ytfzf ffmpeg sshuttle ]} wrapProgram $out/bin/$i --prefix PATH : ${lib.makeBinPath [ sxhkd bash feh xrandr jq figlet curl fzy ytfzf ffmpeg ]}
done done
cp c/status/main $out/bin/statusbar cp c/status/main $out/bin/statusbar

5
builds/utils/sh/vpn
View File

@ -1,5 +0,0 @@
#!/bin/sh
# a poor man's vpn
ip=$(dig +short beepboop.systems)
sshuttle --dns -r ryan@$ip:443 0/0

6
flake.lock generated
View File

@ -209,12 +209,12 @@
}, },
"locked": { "locked": {
"lastModified": 1, "lastModified": 1,
"narHash": "sha256-3icKqIEjS068WDJ+05sEvFDL6DsPB0GpKTc8Bm4F9Po=", "narHash": "sha256-uu/yGM8VTaGEAqSPHm4gJusVaPFH0wcf8BFMXgFlUPE=",
"path": "/nix/store/9797g0387xqz764w22ascnvn3bvm90kd-source/builds", "path": "/nix/store/hgkpghh249402niaihbsp9h3zdhiaivy-source/builds",
"type": "path" "type": "path"
}, },
"original": { "original": {
"path": "/nix/store/9797g0387xqz764w22ascnvn3bvm90kd-source/builds", "path": "/nix/store/hgkpghh249402niaihbsp9h3zdhiaivy-source/builds",
"type": "path" "type": "path"
} }
}, },

105
modules/ssh-phone-home.nix
View File

@ -1,105 +0,0 @@
{ config, lib, pkgs, ... }:
# with thanks to
# https://www.auntieneo.net/2014/12/14/reverse-ssh-tunnel-on-nixos-with-systemd/
with lib;
let
inherit (pkgs) openssh;
cfg = config.services.ssh-phone-home;
in
{
###### interface
options = {
services.ssh-phone-home = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable a "phone home" reverse SSH proxy.
'';
};
persist = mkOption {
type = types.bool;
default = true;
description = ''
When this is set to true, the service will persistently attempt to
reconnect at intervals whenever the port forwarding operation fails.
This is the recommended behavior for reliable operation. If one finds
oneself in an environment where this kind of behavior might draw the
suspicion of a network administrator, it might be a good idea to
set this option to false (or not use <literal>ssh-phone-home</literal>
at all).
'';
};
localUser = mkOption {
description = ''
Local user to connect as (i.e. the user with password-less SSH keys).
'';
};
remoteHostname = mkOption {
description = ''
The remote host to connect to. This should be the host outside of the
firewall or NAT.
'';
};
remotePort = mkOption {
default = 22;
description = ''
The port on which to connect to the remote host via SSH protocol.
'';
};
remoteUser = mkOption {
description = ''
The username to connect to the remote host as.
'';
};
bindPort = mkOption {
default = 2222;
description = ''
The port to bind and listen to on the remote host.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
systemd.services.ssh-phone-home =
{
description = ''
Reverse SSH tunnel as a service
'';
# FIXME: This isn't triggered until a reboot, and probably won't work between suspends.
wantedBy = [ "multi-user.target" ];
serviceConfig = with cfg; {
User = cfg.localUser;
} // (if cfg.persist then
{
# Restart every 10 seconds on failure
RestartSec = 10;
Restart = "on-failure";
}
else {}
);
script = with cfg; ''
${openssh}/bin/ssh -NTC -o ServerAliveInterval=30 -o ExitOnForwardFailure=yes -R ${toString bindPort}:localhost:22 -l ${remoteUser} -p ${toString remotePort} ${remoteHostname}
'';
};
};
}