...

3 files changed, 25 insertions, 23 deletions

diff --git a/accounts/gkleen@sif/default.nix b/accounts/gkleen@sif/default.nix
index 1254b6db..a30fb35c 100644
--- a/accounts/gkleen@sif/default.nix
+++ b/accounts/gkleen@sif/default.nix
@@ -86,7 +86,7 @@ in {
 
       programs = {
         ssh = {
-          matchBlocks = import ./ssh-hosts.nix { inherit pkgs; }; # customUtils.nixImport { dir = ./ssh-hosts; };
+          matchBlocks = import ./ssh-hosts.nix inputs; # customUtils.nixImport { dir = ./ssh-hosts; };
           extraConfig = ''
             Match host uniworx3.ifi.lmu.de,uniworx4.ifi.lmu.de,uniworx5.ifi.lmu.de,uni2workgw.ifi.lmu.de,blackbeard.tcs.ifi.lmu.de,gitlab2.rz.ifi.lmu.de,oregon.tcs.ifi.lmu.de !exec "nc -z -w 1 %h %p &>/dev/null"
               ProxyJump remote.cip.ifi.lmu.de
diff --git a/accounts/gkleen@sif/ssh-hosts.nix b/accounts/gkleen@sif/ssh-hosts.nix
index 4ca9e052..871b7350 100644
--- a/accounts/gkleen@sif/ssh-hosts.nix
+++ b/accounts/gkleen@sif/ssh-hosts.nix
@@ -1,5 +1,7 @@
-{ pkgs, ... }:
-{
+{ lib, pkgs, ... }:
+let
+  autosshProxy = port: "${lib.getExe pkgs.socat} - SOCKS4A:127.0.0.1:%h:%p,socksport=${toString port}";
+in {
   "git.ymir" =
     { hostname = "ymir.yggdrasil.li";
       user = "gitolite";
@@ -290,15 +292,15 @@
     };
   "mathw0d" =
     { hostname = "mathw0d.mathinst.loc";
-      proxyJump = "mathw0h";
+      proxyCommand = autosshProxy 8122;
     };
   "mathw0e" =
     { hostname = "mathw0e.mathinst.loc";
-      proxyJump = "mathw0h";
+      proxyCommand = autosshProxy 8122;
     };
   "mathw0f" =
     { hostname = "mathw0f.mathinst.loc";
-      proxyJump = "mathw0h";
+      proxyCommand = autosshProxy 8122;
     };
   "mathw0g" =
     { hostname = "mathw0g.mathinst.loc";
@@ -381,31 +383,31 @@
     };
   "tts-www01" =
     { hostname = "tts-www01.mathinst.loc";
-      proxyJump = "mathw0h";
+      proxyCommand = autosshProxy 8122;
       user = "root";
     };
   "vpn-wg01" =
     { hostname = "vpn-wg01.mathinst.loc";
-      proxyJump = "mathw0h";
+      proxyCommand = autosshProxy 8122;
       user = "root";
     };
   "repo-apt01" =
     { hostname = "repo-apt01.mathinst.loc";
-      proxyJump = "mathw0h";
+      proxyCommand = autosshProxy 8122;
       user = "root";
     };
   "ldap-lmumr01" =
     { hostname = "ldap-lmumr01.mathinst.loc";
-      proxyJump = "mathw0h";
+      proxyCommand = autosshProxy 8122;
       user = "root";
     };
   "mail-mi01" =
     { hostname = "mail-mi01.mathinst.loc";
-      proxyJump = "mathw0h";
+      proxyCommand = autosshProxy 8122;
     };
   "mail-www02" =
     { hostname = "mail-www02.mathinst.loc";
-      proxyJump = "mathw0h";
+      proxyCommand = autosshProxy 8122;
     };
   "dpl-fai01" =
     { hostname = "dpl-fai01.mathinst.loc";
@@ -413,7 +415,7 @@
     };
   "math05" =
     { hostname = "math05.mathinst.loc";
-      proxyJump = "mathw0h";
+      proxyCommand = autosshProxy 8122;
       extraOptions.KexAlgorithms = "+diffie-hellman-group1-sha1";
     };
   "switch01" =
@@ -439,20 +441,20 @@
     };
   "www-mi01" =
     { hostname = "www-mi01.mathinst.loc";
-      proxyJump = "mathw0h";
+      proxyCommand = autosshProxy 8122;
     };
   "cip04" =
     { hostname = "cip04.cipmath.loc";
-      proxyJump = "mathw0h";
+      proxyCommand = autosshProxy 8122;
     };
   "mgmt-cls01" =
     { user = "root";
       hostname = "mgmt-cls01.cipmath.loc";
-      proxyJump = "ssh.math.lmu.de";
+      proxyCommand = autosshProxy 8118;
     };
   "mgmt01" =
     { hostname = "mgmt01.mathinst.loc";
-      proxyJump = "mathw0h";
+      proxyCommand = autosshProxy 8122;
       user = "root";
     };
   "ssh-lb01" =
@@ -471,17 +473,17 @@
   "rdlx02" = { hostname = "rdlx02.mathinst.loc"; proxyJump = "mgmt01"; };
   "math0d" =
     { hostname = "math0d.mathinst.loc";
-      proxyJump = "mathw0h";
+      proxyCommand = autosshProxy 8122;
     };
   "dhcp01" =
     { hostname = "dhcp01.mathinst.loc";
       user = "root";
-      proxyJump = "mathw0h";
+      proxyCommand = autosshProxy 8122;
     };
   "dhcp02" =
     { hostname = "dhcp02.mathinst.loc";
       user = "root";
-      proxyJump = "mathw0h";
+      proxyCommand = autosshProxy 8122;
     };
   "cc-gpu-l01" =
     { hostname = "cc-gpu-l01.mathinst.loc";
diff --git a/accounts/gkleen@sif/systemd.nix b/accounts/gkleen@sif/systemd.nix
index 14669a1e..886f6da1 100644
--- a/accounts/gkleen@sif/systemd.nix
+++ b/accounts/gkleen@sif/systemd.nix
@@ -20,7 +20,7 @@ let
       cmd+=(--)
     fi
 
-    cmd+=(${lib.getExe' pkgs.openssh "ssh"} -vN -D localhost:''${port} "''${host}")
+    cmd+=(${lib.getExe' pkgs.openssh "ssh"} -vN -D 127.0.0.1:''${port} "''${host}")
 
     ( exec -a "''${cmd[1]}" -- ''${cmd} ) &
     pid=$!
@@ -364,11 +364,11 @@ in {
     };
   } // listToAttrs (map ({host, port}: nameValuePair "proxy-to-autossh-socks@${toString port}" {
       Unit = {
-        Requires = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"];
+        BindsTo = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"];
         After = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"];
       };
       Service = {
-        ExecStart = "${config.systemd.package}/lib/systemd/systemd-socket-proxyd --exit-idle-time=10s localhost:${toString (port + 1)}";
+        ExecStart = "${config.systemd.package}/lib/systemd/systemd-socket-proxyd --exit-idle-time=10s 127.0.0.1:${toString (port + 1)}";
       };
   }) [{ host = "proxy.ssh.math.lmu.de"; port = 8118; } { host = "proxy.vidhar"; port = 8120; } { host = "proxy.mathw0h"; port = 8122; }]);
   sockets = listToAttrs (map (port: nameValuePair "proxy-to-autossh-socks@${toString port}" {