diff options
| author | Gregor Kleen <gkleen@yggdrasil.li> | 2026-01-09 12:49:45 +0100 |
|---|---|---|
| committer | Gregor Kleen <gkleen@yggdrasil.li> | 2026-01-09 12:49:45 +0100 |
| commit | f29f5e472eb6f36862ae7e63537343459fc9c67a (patch) | |
| tree | bc0e2cc72baf6f8acf3960df34f267cf4c747614 /accounts | |
| parent | eff63acdd8515e8817a04633f0d5602bf666f92e (diff) | |
| download | nixos-f29f5e472eb6f36862ae7e63537343459fc9c67a.tar nixos-f29f5e472eb6f36862ae7e63537343459fc9c67a.tar.gz nixos-f29f5e472eb6f36862ae7e63537343459fc9c67a.tar.bz2 nixos-f29f5e472eb6f36862ae7e63537343459fc9c67a.tar.xz nixos-f29f5e472eb6f36862ae7e63537343459fc9c67a.zip | |
...flakes
Diffstat (limited to 'accounts')
| -rw-r--r-- | accounts/gkleen@sif/default.nix | 3 | ||||
| -rw-r--r-- | accounts/gkleen@sif/ssh-hosts.nix | 11 | ||||
| -rw-r--r-- | accounts/gkleen@sif/systemd.nix | 20 |
3 files changed, 31 insertions, 3 deletions
diff --git a/accounts/gkleen@sif/default.nix b/accounts/gkleen@sif/default.nix index e8ce4994..a6bf0803 100644 --- a/accounts/gkleen@sif/default.nix +++ b/accounts/gkleen@sif/default.nix | |||
| @@ -122,7 +122,8 @@ in { | |||
| 122 | # ProxyJump ssh.math.lmu.de | 122 | # ProxyJump ssh.math.lmu.de |
| 123 | 123 | ||
| 124 | Match host *.cipmath.loc !host cip04.cipmath.loc,mgmt-cls01.cipmath.loc !exec "nc -z -w 1 %h %p &>/dev/null" | 124 | Match host *.cipmath.loc !host cip04.cipmath.loc,mgmt-cls01.cipmath.loc !exec "nc -z -w 1 %h %p &>/dev/null" |
| 125 | ProxyJump cip04 | 125 | ProxyCommand ${lib.getExe pkgs.socat} - SOCKS4A:127.0.0.1:%h:%p,socksport=8126 |
| 126 | # ProxyJump cip04 | ||
| 126 | 127 | ||
| 127 | Match host *.ifi.lmu.de,*.math.lmu.de | 128 | Match host *.ifi.lmu.de,*.math.lmu.de |
| 128 | AddressFamily inet | 129 | AddressFamily inet |
diff --git a/accounts/gkleen@sif/ssh-hosts.nix b/accounts/gkleen@sif/ssh-hosts.nix index a250509b..0b49f385 100644 --- a/accounts/gkleen@sif/ssh-hosts.nix +++ b/accounts/gkleen@sif/ssh-hosts.nix | |||
| @@ -4,6 +4,7 @@ let | |||
| 4 | "ssh.math.lmu.de" = 8118; | 4 | "ssh.math.lmu.de" = 8118; |
| 5 | "mathw0h" = 8122; | 5 | "mathw0h" = 8122; |
| 6 | "mathw0e" = 8124; | 6 | "mathw0e" = 8124; |
| 7 | "cip04" = 8126; | ||
| 7 | }; | 8 | }; |
| 8 | autosshProxy = host: "${lib.getExe pkgs.socat} - SOCKS4A:127.0.0.1:%h:%p,socksport=${toString autosshProxyPorts.${host}}"; | 9 | autosshProxy = host: "${lib.getExe pkgs.socat} - SOCKS4A:127.0.0.1:%h:%p,socksport=${toString autosshProxyPorts.${host}}"; |
| 9 | in { | 10 | in { |
| @@ -342,6 +343,16 @@ in { | |||
| 342 | ServerAliveInterval = "2"; | 343 | ServerAliveInterval = "2"; |
| 343 | }; | 344 | }; |
| 344 | }; | 345 | }; |
| 346 | "proxy.cip04" = | ||
| 347 | { hostname = "cip04.cipmath.loc"; | ||
| 348 | proxyCommand = autosshProxy "mathw0h"; | ||
| 349 | extraOptions = { | ||
| 350 | ControlPath = "none"; | ||
| 351 | ExitOnForwardFailure = "yes"; | ||
| 352 | ServerAliveCountMax = "15"; | ||
| 353 | ServerAliveInterval = "2"; | ||
| 354 | }; | ||
| 355 | }; | ||
| 345 | "vrt-kvm06" = | 356 | "vrt-kvm06" = |
| 346 | { hostname = "vrt-kvm06"; | 357 | { hostname = "vrt-kvm06"; |
| 347 | proxyCommand = autosshProxy "mathw0e"; | 358 | proxyCommand = autosshProxy "mathw0e"; |
diff --git a/accounts/gkleen@sif/systemd.nix b/accounts/gkleen@sif/systemd.nix index fd4b4cf4..51671b20 100644 --- a/accounts/gkleen@sif/systemd.nix +++ b/accounts/gkleen@sif/systemd.nix | |||
| @@ -207,6 +207,22 @@ in { | |||
| 207 | StartLimitBurst = 7; | 207 | StartLimitBurst = 7; |
| 208 | }; | 208 | }; |
| 209 | }; | 209 | }; |
| 210 | "autossh-socks@proxy.cip04:8127" = { | ||
| 211 | Service = { | ||
| 212 | Type = "notify"; | ||
| 213 | NotifyAccess = "all"; | ||
| 214 | WorkingDirectory = "~"; | ||
| 215 | Restart = "always"; | ||
| 216 | RestartSec = "23s"; | ||
| 217 | ExecStart = "${autossh-socks-script} \"%I\""; | ||
| 218 | Environment = [ "SSHPASS_SECRET=gkleen@cip04.cipmath.loc" ]; | ||
| 219 | }; | ||
| 220 | Unit = { | ||
| 221 | StopWhenUnneeded = true; | ||
| 222 | StartLimitInterval = "180s"; | ||
| 223 | StartLimitBurst = 7; | ||
| 224 | }; | ||
| 225 | }; | ||
| 210 | psi-notify = { | 226 | psi-notify = { |
| 211 | Install = { | 227 | Install = { |
| 212 | WantedBy = ["graphical-session.target"]; | 228 | WantedBy = ["graphical-session.target"]; |
| @@ -383,7 +399,7 @@ in { | |||
| 383 | Restart = "always"; | 399 | Restart = "always"; |
| 384 | RestartSec = "23s"; | 400 | RestartSec = "23s"; |
| 385 | }; | 401 | }; |
| 386 | }) [{ host = "proxy.ssh.math.lmu.de"; port = 8118; } { host = "proxy.vidhar"; port = 8120; } { host = "proxy.mathw0h"; port = 8122; } { host = "proxy.mathw0e"; port = 8124; }]); | 402 | }) [{ host = "proxy.ssh.math.lmu.de"; port = 8118; } { host = "proxy.vidhar"; port = 8120; } { host = "proxy.mathw0h"; port = 8122; } { host = "proxy.mathw0e"; port = 8124; } { host = "proxy.cip04"; port = 8126; }]); |
| 387 | sockets = listToAttrs (map (port: nameValuePair "proxy-to-autossh-socks@${toString port}" { | 403 | sockets = listToAttrs (map (port: nameValuePair "proxy-to-autossh-socks@${toString port}" { |
| 388 | Socket = { | 404 | Socket = { |
| 389 | ListenStream = "%I"; | 405 | ListenStream = "%I"; |
| @@ -394,7 +410,7 @@ in { | |||
| 394 | Install = { | 410 | Install = { |
| 395 | WantedBy = ["default.target"]; | 411 | WantedBy = ["default.target"]; |
| 396 | }; | 412 | }; |
| 397 | }) [8118 8122 8124]) // { | 413 | }) [8118 8122 8124 8126]) // { |
| 398 | "proxy-to-autossh-socks@8120" = { | 414 | "proxy-to-autossh-socks@8120" = { |
| 399 | Socket = { | 415 | Socket = { |
| 400 | ListenStream = "%I"; | 416 | ListenStream = "%I"; |