gkleen@sif: systemd-based ssh socks proxy

author: Gregor Kleen <gkleen@yggdrasil.li> 2021-12-08 15:23:37 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2021-12-08 15:23:37 +0100
commit: a2962229c6a81ac23a685d243fa43d83957b4fc4 (patch)
tree: da76b91033b595d202ef76eee81d15adc1a0f1db /accounts/gkleen@sif/systemd.nix
parent: f7bfa8f38cba7da1fb54bcf9e778b4dafeea967e (diff)
download: nixos-a2962229c6a81ac23a685d243fa43d83957b4fc4.tar
nixos-a2962229c6a81ac23a685d243fa43d83957b4fc4.tar.gz
nixos-a2962229c6a81ac23a685d243fa43d83957b4fc4.tar.bz2
nixos-a2962229c6a81ac23a685d243fa43d83957b4fc4.tar.xz
nixos-a2962229c6a81ac23a685d243fa43d83957b4fc4.zip
1 files changed, 62 insertions, 24 deletions
diff --git a/accounts/gkleen@sif/systemd.nix b/accounts/gkleen@sif/systemd.nix
index 56965b74..4ebecb93 100644
--- a/accounts/gkleen@sif/systemd.nix
+++ b/accounts/gkleen@sif/systemd.nix
@@ -2,6 +2,36 @@
 let
  xmobar = import ./xmobar pkgs.haskellPackages;
  cfg = config.home-manager.users.${userName};
+  autossh-socks-script = pkgs.writeScript "autossh" ''
+    #!${pkgs.zsh}/bin/zsh -xe
+    host="''${1%:*}"
+    port="''${1#*:}"
+    typeset -a cmd
+    cmd=()
+    if [[ -n "''${SSHPASS_SECRET}" ]]; then
+      cmd+=(${pkgs.sshpassSecret}/bin/sshpass-secret)
+      cmd+=("''${(@s/:/)SSHPASS_SECRET}")
+      cmd+=(--)
+    fi
+    cmd+=(${pkgs.openssh}/bin/ssh -vvN -D localhost:''${port} "''${host}")
+    ( exec -a "''${cmd[1]}" -- ''${cmd} ) &
+    pid=$!
+    ${pkgs.systemd}/bin/systemd-notify --pid="''${pid}"
+    while ! ${pkgs.netcat-openbsd.nc}/bin/nc -z -v localhost ''${port}; do
+      ${pkgs.coreutils}/bin/sleep 0.1
+    done
+    ${pkgs.systemd}/bin/systemd-notify --ready
+    wait "''${pid}"
+  '';
 in {
  services = {
    sync-keepass = {
@@ -16,30 +46,6 @@ in {
        After = ["graphical-session-pre.target"];
      };
    };
-    # trayer = {
-    #   Service = {
-    #     Type = "simple";
-    #     WorkingDirectory = "~";
-    #     ExecStart = "${pkgs.trayer}/bin/trayer --edge top --align right --SetDockType true --SetPartialStrut true --expand true --width 8 --tint 0x000000 --alpha 0 --transparent true --height 32 --monitor primary";
-    #     Restart = "always";
-    #   };
-    #   Install = {
-    #     WantedBy = ["graphical-session.target"];
-    #   };
-    # };
-    # xmobar = {
-    #   Service = {
-    #     Type = "simple";
-    #     WorkingDirectory = "~";
-    #     ExecStart = "${xmobar}/bin/xmobar";
-    #     Restart = "always";
-    #     Environment = "PATH=${pkgs.worktime}/bin:${pkgs.openssh}/bin";
-    #   };
-    #   Install = {
-    #     WantedBy = ["graphical-session.target"];
-    #   };
-    # };
    taffybar = {
      Service = {
        Environment = with pkgs; "PATH=${worktime}/bin:${systemd}/bin";
@@ -61,6 +67,38 @@ in {
        Restart = "always";
      };
    };
+    "autossh-socks@proxy.mathw0h:8119" = {
+      Service = {
+        Type = "notify";
+        NotifyAccess = "all";
+        WorkingDirectory = "~";
+        Restart = "always";
+        ExecStart = "${autossh-socks-script} \"%I\"";
+        Environment = [ "SSHPASS_SECRET=gkleen@mathw0g.math.lmu.de" ];
+      };
+      Unit = {
+        StopWhenUnneeded = true;
+      };
+    };
+    "proxy-to-autossh-socks@8118" = {
+      Unit = {
+        Requires = ["autossh-socks@proxy.mathw0h:8119.service" "proxy-to-autossh-socks@8118.socket"];
+        After = ["autossh-socks@proxy.mathw0h:8119.service" "proxy-to-autossh-socks@8118.socket"];
+      };
+      Service = {
+        ExecStart = "${pkgs.systemd}/lib/systemd/systemd-socket-proxyd --exit-idle-time=10s localhost:8119";
+      };
+    };
+  };
+  sockets = {
+    "proxy-to-autossh-socks@8118" = {
+      Socket = {
+        ListenStream = "%I";
+      };
+      Install = {
+        WantedBy = ["default.target"];
+      };
+    };
  };
  timers = {
    sync-keepass = {
author	Gregor Kleen <gkleen@yggdrasil.li>	2021-12-08 15:23:37 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2021-12-08 15:23:37 +0100
commit	a2962229c6a81ac23a685d243fa43d83957b4fc4 (patch)
tree	da76b91033b595d202ef76eee81d15adc1a0f1db /accounts/gkleen@sif/systemd.nix
parent	f7bfa8f38cba7da1fb54bcf9e778b4dafeea967e (diff)
download	nixos-a2962229c6a81ac23a685d243fa43d83957b4fc4.tar nixos-a2962229c6a81ac23a685d243fa43d83957b4fc4.tar.gz nixos-a2962229c6a81ac23a685d243fa43d83957b4fc4.tar.bz2 nixos-a2962229c6a81ac23a685d243fa43d83957b4fc4.tar.xz nixos-a2962229c6a81ac23a685d243fa43d83957b4fc4.zip

diff --git a/accounts/gkleen@sif/systemd.nix b/accounts/gkleen@sif/systemd.nix index 56965b74..4ebecb93 100644 --- a/accounts/gkleen@sif/systemd.nix +++ b/accounts/gkleen@sif/systemd.nix
@@ -2,6 +2,36 @@
2	let	2	let
3	xmobar = import ./xmobar pkgs.haskellPackages;	3	xmobar = import ./xmobar pkgs.haskellPackages;
4	cfg = config.home-manager.users.${userName};	4	cfg = config.home-manager.users.${userName};
		5
		6	autossh-socks-script = pkgs.writeScript "autossh" ''
		7	#!${pkgs.zsh}/bin/zsh -xe
		8
		9	host="''${1%:*}"
		10	port="''${1#*:}"
		11
		12	typeset -a cmd
		13	cmd=()
		14
		15	if [[ -n "''${SSHPASS_SECRET}" ]]; then
		16	cmd+=(${pkgs.sshpassSecret}/bin/sshpass-secret)
		17	cmd+=("''${(@s/:/)SSHPASS_SECRET}")
		18	cmd+=(--)
		19	fi
		20
		21	cmd+=(${pkgs.openssh}/bin/ssh -vvN -D localhost:''${port} "''${host}")
		22
		23	( exec -a "''${cmd[1]}" -- ''${cmd} ) &
		24	pid=$!
		25	${pkgs.systemd}/bin/systemd-notify --pid="''${pid}"
		26
		27	while ! ${pkgs.netcat-openbsd.nc}/bin/nc -z -v localhost ''${port}; do
		28	${pkgs.coreutils}/bin/sleep 0.1
		29	done
		30
		31	${pkgs.systemd}/bin/systemd-notify --ready
		32
		33	wait "''${pid}"
		34	'';
5	in {	35	in {
6	services = {	36	services = {
7	sync-keepass = {	37	sync-keepass = {
@@ -16,30 +46,6 @@ in {
16	After = ["graphical-session-pre.target"];	46	After = ["graphical-session-pre.target"];
17	};	47	};
18	};	48	};
19	# trayer = {
20	# Service = {
21	# Type = "simple";
22	# WorkingDirectory = "~";
23	# ExecStart = "${pkgs.trayer}/bin/trayer --edge top --align right --SetDockType true --SetPartialStrut true --expand true --width 8 --tint 0x000000 --alpha 0 --transparent true --height 32 --monitor primary";
24	# Restart = "always";
25	# };
26	# Install = {
27	# WantedBy = ["graphical-session.target"];
28	# };
29	# };
30	# xmobar = {
31	# Service = {
32	# Type = "simple";
33	# WorkingDirectory = "~";
34	# ExecStart = "${xmobar}/bin/xmobar";
35	# Restart = "always";
36	# Environment = "PATH=${pkgs.worktime}/bin:${pkgs.openssh}/bin";
37
38	# };
39	# Install = {
40	# WantedBy = ["graphical-session.target"];
41	# };
42	# };
43	taffybar = {	49	taffybar = {
44	Service = {	50	Service = {
45	Environment = with pkgs; "PATH=${worktime}/bin:${systemd}/bin";	51	Environment = with pkgs; "PATH=${worktime}/bin:${systemd}/bin";
@@ -61,6 +67,38 @@ in {
61	Restart = "always";	67	Restart = "always";
62	};	68	};
63	};	69	};
		70	"autossh-socks@proxy.mathw0h:8119" = {
		71	Service = {
		72	Type = "notify";
		73	NotifyAccess = "all";
		74	WorkingDirectory = "~";
		75	Restart = "always";
		76	ExecStart = "${autossh-socks-script} \"%I\"";
		77	Environment = [ "SSHPASS_SECRET=gkleen@mathw0g.math.lmu.de" ];
		78	};
		79	Unit = {
		80	StopWhenUnneeded = true;
		81	};
		82	};
		83	"proxy-to-autossh-socks@8118" = {
		84	Unit = {
		85	Requires = ["autossh-socks@proxy.mathw0h:8119.service" "proxy-to-autossh-socks@8118.socket"];
		86	After = ["autossh-socks@proxy.mathw0h:8119.service" "proxy-to-autossh-socks@8118.socket"];
		87	};
		88	Service = {
		89	ExecStart = "${pkgs.systemd}/lib/systemd/systemd-socket-proxyd --exit-idle-time=10s localhost:8119";
		90	};
		91	};
		92	};
		93	sockets = {
		94	"proxy-to-autossh-socks@8118" = {
		95	Socket = {
		96	ListenStream = "%I";
		97	};
		98	Install = {
		99	WantedBy = ["default.target"];
		100	};
		101	};
64	};	102	};
65	timers = {	103	timers = {
66	sync-keepass = {	104	sync-keepass = {