diff options
Diffstat (limited to 'accounts/gkleen@sif/ssh-hosts.nix')
| -rw-r--r-- | accounts/gkleen@sif/ssh-hosts.nix | 67 |
1 files changed, 41 insertions, 26 deletions
diff --git a/accounts/gkleen@sif/ssh-hosts.nix b/accounts/gkleen@sif/ssh-hosts.nix index 871b7350..44dc27f5 100644 --- a/accounts/gkleen@sif/ssh-hosts.nix +++ b/accounts/gkleen@sif/ssh-hosts.nix | |||
| @@ -1,6 +1,11 @@ | |||
| 1 | { lib, pkgs, ... }: | 1 | { lib, pkgs, ... }: |
| 2 | let | 2 | let |
| 3 | autosshProxy = port: "${lib.getExe pkgs.socat} - SOCKS4A:127.0.0.1:%h:%p,socksport=${toString port}"; | 3 | autosshProxyPorts = { |
| 4 | "ssh.math.lmu.de" = 8118; | ||
| 5 | "mathw0h" = 8122; | ||
| 6 | "mathw0e" = 8124; | ||
| 7 | }; | ||
| 8 | autosshProxy = host: "${lib.getExe pkgs.socat} - SOCKS4A:127.0.0.1:%h:%p,socksport=${toString autosshProxyPorts.${host}}"; | ||
| 4 | in { | 9 | in { |
| 5 | "git.ymir" = | 10 | "git.ymir" = |
| 6 | { hostname = "ymir.yggdrasil.li"; | 11 | { hostname = "ymir.yggdrasil.li"; |
| @@ -292,15 +297,15 @@ in { | |||
| 292 | }; | 297 | }; |
| 293 | "mathw0d" = | 298 | "mathw0d" = |
| 294 | { hostname = "mathw0d.mathinst.loc"; | 299 | { hostname = "mathw0d.mathinst.loc"; |
| 295 | proxyCommand = autosshProxy 8122; | 300 | proxyCommand = autosshProxy "mathw0h"; |
| 296 | }; | 301 | }; |
| 297 | "mathw0e" = | 302 | "mathw0e" = |
| 298 | { hostname = "mathw0e.mathinst.loc"; | 303 | { hostname = "mathw0e.mathinst.loc"; |
| 299 | proxyCommand = autosshProxy 8122; | 304 | proxyCommand = autosshProxy "mathw0h"; |
| 300 | }; | 305 | }; |
| 301 | "mathw0f" = | 306 | "mathw0f" = |
| 302 | { hostname = "mathw0f.mathinst.loc"; | 307 | { hostname = "mathw0f.mathinst.loc"; |
| 303 | proxyCommand = autosshProxy 8122; | 308 | proxyCommand = autosshProxy "mathw0h"; |
| 304 | }; | 309 | }; |
| 305 | "mathw0g" = | 310 | "mathw0g" = |
| 306 | { hostname = "mathw0g.mathinst.loc"; | 311 | { hostname = "mathw0g.mathinst.loc"; |
| @@ -319,7 +324,17 @@ in { | |||
| 319 | }; | 324 | }; |
| 320 | "proxy.mathw0h" = | 325 | "proxy.mathw0h" = |
| 321 | { hostname = "mathw0h.mathinst.loc"; | 326 | { hostname = "mathw0h.mathinst.loc"; |
| 322 | # proxyJump = "proxy.ssh.math.lmu.de"; | 327 | proxyCommand = autosshProxy "ssh.math.lmu.de"; |
| 328 | extraOptions = { | ||
| 329 | ControlPath = "none"; | ||
| 330 | ExitOnForwardFailure = "yes"; | ||
| 331 | ServerAliveCountMax = "15"; | ||
| 332 | ServerAliveInterval = "2"; | ||
| 333 | }; | ||
| 334 | }; | ||
| 335 | "proxy.mathw0e" = | ||
| 336 | { hostname = "mathw0e.mathinst.loc"; | ||
| 337 | proxyCommand = autosshProxy "mathw0h"; | ||
| 323 | extraOptions = { | 338 | extraOptions = { |
| 324 | ControlPath = "none"; | 339 | ControlPath = "none"; |
| 325 | ExitOnForwardFailure = "yes"; | 340 | ExitOnForwardFailure = "yes"; |
| @@ -329,7 +344,7 @@ in { | |||
| 329 | }; | 344 | }; |
| 330 | "vrt-kvm06" = | 345 | "vrt-kvm06" = |
| 331 | { hostname = "vrt-kvm06"; | 346 | { hostname = "vrt-kvm06"; |
| 332 | proxyJump = "mathw0e"; | 347 | proxyCommand = autosshProxy "mathw0e"; |
| 333 | user = "root"; | 348 | user = "root"; |
| 334 | extraOptions = { | 349 | extraOptions = { |
| 335 | PasswordAuthentication = "yes"; | 350 | PasswordAuthentication = "yes"; |
| @@ -338,7 +353,7 @@ in { | |||
| 338 | }; | 353 | }; |
| 339 | "vrt-kvm05" = | 354 | "vrt-kvm05" = |
| 340 | { hostname = "vrt-kvm05"; | 355 | { hostname = "vrt-kvm05"; |
| 341 | proxyJump = "mathw0e"; | 356 | proxyCommand = autosshProxy "mathw0e"; |
| 342 | user = "root"; | 357 | user = "root"; |
| 343 | extraOptions = { | 358 | extraOptions = { |
| 344 | PasswordAuthentication = "yes"; | 359 | PasswordAuthentication = "yes"; |
| @@ -347,7 +362,7 @@ in { | |||
| 347 | }; | 362 | }; |
| 348 | "vrt-kvm04" = | 363 | "vrt-kvm04" = |
| 349 | { hostname = "vrt-kvm04"; | 364 | { hostname = "vrt-kvm04"; |
| 350 | proxyJump = "mathw0e"; | 365 | proxyCommand = autosshProxy "mathw0e"; |
| 351 | user = "root"; | 366 | user = "root"; |
| 352 | extraOptions = { | 367 | extraOptions = { |
| 353 | PasswordAuthentication = "yes"; | 368 | PasswordAuthentication = "yes"; |
| @@ -356,7 +371,7 @@ in { | |||
| 356 | }; | 371 | }; |
| 357 | "vrt-kvm02" = | 372 | "vrt-kvm02" = |
| 358 | { hostname = "vrt-kvm02"; | 373 | { hostname = "vrt-kvm02"; |
| 359 | proxyJump = "mathw0e"; | 374 | proxyCommand = autosshProxy "mathw0e"; |
| 360 | user = "root"; | 375 | user = "root"; |
| 361 | extraOptions = { | 376 | extraOptions = { |
| 362 | PasswordAuthentication = "yes"; | 377 | PasswordAuthentication = "yes"; |
| @@ -365,7 +380,7 @@ in { | |||
| 365 | }; | 380 | }; |
| 366 | "vrt-kvm03" = | 381 | "vrt-kvm03" = |
| 367 | { hostname = "vrt-kvm03"; | 382 | { hostname = "vrt-kvm03"; |
| 368 | proxyJump = "mathw0e"; | 383 | proxyCommand = autosshProxy "mathw0e"; |
| 369 | user = "root"; | 384 | user = "root"; |
| 370 | extraOptions = { | 385 | extraOptions = { |
| 371 | PasswordAuthentication = "yes"; | 386 | PasswordAuthentication = "yes"; |
| @@ -374,7 +389,7 @@ in { | |||
| 374 | }; | 389 | }; |
| 375 | "vrt-kvm01" = | 390 | "vrt-kvm01" = |
| 376 | { hostname = "vrt-kvm01"; | 391 | { hostname = "vrt-kvm01"; |
| 377 | proxyJump = "mathw0e"; | 392 | proxyCommand = autosshProxy "mathw0e"; |
| 378 | user = "root"; | 393 | user = "root"; |
| 379 | extraOptions = { | 394 | extraOptions = { |
| 380 | PasswordAuthentication = "yes"; | 395 | PasswordAuthentication = "yes"; |
| @@ -383,31 +398,31 @@ in { | |||
| 383 | }; | 398 | }; |
| 384 | "tts-www01" = | 399 | "tts-www01" = |
| 385 | { hostname = "tts-www01.mathinst.loc"; | 400 | { hostname = "tts-www01.mathinst.loc"; |
| 386 | proxyCommand = autosshProxy 8122; | 401 | proxyCommand = autosshProxy "mathw0h"; |
| 387 | user = "root"; | 402 | user = "root"; |
| 388 | }; | 403 | }; |
| 389 | "vpn-wg01" = | 404 | "vpn-wg01" = |
| 390 | { hostname = "vpn-wg01.mathinst.loc"; | 405 | { hostname = "vpn-wg01.mathinst.loc"; |
| 391 | proxyCommand = autosshProxy 8122; | 406 | proxyCommand = autosshProxy "mathw0h"; |
| 392 | user = "root"; | 407 | user = "root"; |
| 393 | }; | 408 | }; |
| 394 | "repo-apt01" = | 409 | "repo-apt01" = |
| 395 | { hostname = "repo-apt01.mathinst.loc"; | 410 | { hostname = "repo-apt01.mathinst.loc"; |
| 396 | proxyCommand = autosshProxy 8122; | 411 | proxyCommand = autosshProxy "mathw0h"; |
| 397 | user = "root"; | 412 | user = "root"; |
| 398 | }; | 413 | }; |
| 399 | "ldap-lmumr01" = | 414 | "ldap-lmumr01" = |
| 400 | { hostname = "ldap-lmumr01.mathinst.loc"; | 415 | { hostname = "ldap-lmumr01.mathinst.loc"; |
| 401 | proxyCommand = autosshProxy 8122; | 416 | proxyCommand = autosshProxy "mathw0h"; |
| 402 | user = "root"; | 417 | user = "root"; |
| 403 | }; | 418 | }; |
| 404 | "mail-mi01" = | 419 | "mail-mi01" = |
| 405 | { hostname = "mail-mi01.mathinst.loc"; | 420 | { hostname = "mail-mi01.mathinst.loc"; |
| 406 | proxyCommand = autosshProxy 8122; | 421 | proxyCommand = autosshProxy "mathw0h"; |
| 407 | }; | 422 | }; |
| 408 | "mail-www02" = | 423 | "mail-www02" = |
| 409 | { hostname = "mail-www02.mathinst.loc"; | 424 | { hostname = "mail-www02.mathinst.loc"; |
| 410 | proxyCommand = autosshProxy 8122; | 425 | proxyCommand = autosshProxy "mathw0h"; |
| 411 | }; | 426 | }; |
| 412 | "dpl-fai01" = | 427 | "dpl-fai01" = |
| 413 | { hostname = "dpl-fai01.mathinst.loc"; | 428 | { hostname = "dpl-fai01.mathinst.loc"; |
| @@ -415,7 +430,7 @@ in { | |||
| 415 | }; | 430 | }; |
| 416 | "math05" = | 431 | "math05" = |
| 417 | { hostname = "math05.mathinst.loc"; | 432 | { hostname = "math05.mathinst.loc"; |
| 418 | proxyCommand = autosshProxy 8122; | 433 | proxyCommand = autosshProxy "mathw0h"; |
| 419 | extraOptions.KexAlgorithms = "+diffie-hellman-group1-sha1"; | 434 | extraOptions.KexAlgorithms = "+diffie-hellman-group1-sha1"; |
| 420 | }; | 435 | }; |
| 421 | "switch01" = | 436 | "switch01" = |
| @@ -441,20 +456,20 @@ in { | |||
| 441 | }; | 456 | }; |
| 442 | "www-mi01" = | 457 | "www-mi01" = |
| 443 | { hostname = "www-mi01.mathinst.loc"; | 458 | { hostname = "www-mi01.mathinst.loc"; |
| 444 | proxyCommand = autosshProxy 8122; | 459 | proxyCommand = autosshProxy "mathw0h"; |
| 445 | }; | 460 | }; |
| 446 | "cip04" = | 461 | "cip04" = |
| 447 | { hostname = "cip04.cipmath.loc"; | 462 | { hostname = "cip04.cipmath.loc"; |
| 448 | proxyCommand = autosshProxy 8122; | 463 | proxyCommand = autosshProxy "mathw0h"; |
| 449 | }; | 464 | }; |
| 450 | "mgmt-cls01" = | 465 | "mgmt-cls01" = |
| 451 | { user = "root"; | 466 | { user = "root"; |
| 452 | hostname = "mgmt-cls01.cipmath.loc"; | 467 | hostname = "mgmt-cls01.cipmath.loc"; |
| 453 | proxyCommand = autosshProxy 8118; | 468 | proxyCommand = autosshProxy "ssh.math.lmu.de"; |
| 454 | }; | 469 | }; |
| 455 | "mgmt01" = | 470 | "mgmt01" = |
| 456 | { hostname = "mgmt01.mathinst.loc"; | 471 | { hostname = "mgmt01.mathinst.loc"; |
| 457 | proxyCommand = autosshProxy 8122; | 472 | proxyCommand = autosshProxy "mathw0h"; |
| 458 | user = "root"; | 473 | user = "root"; |
| 459 | }; | 474 | }; |
| 460 | "ssh-lb01" = | 475 | "ssh-lb01" = |
| @@ -473,17 +488,17 @@ in { | |||
| 473 | "rdlx02" = { hostname = "rdlx02.mathinst.loc"; proxyJump = "mgmt01"; }; | 488 | "rdlx02" = { hostname = "rdlx02.mathinst.loc"; proxyJump = "mgmt01"; }; |
| 474 | "math0d" = | 489 | "math0d" = |
| 475 | { hostname = "math0d.mathinst.loc"; | 490 | { hostname = "math0d.mathinst.loc"; |
| 476 | proxyCommand = autosshProxy 8122; | 491 | proxyCommand = autosshProxy "mathw0h"; |
| 477 | }; | 492 | }; |
| 478 | "dhcp01" = | 493 | "dhcp01" = |
| 479 | { hostname = "dhcp01.mathinst.loc"; | 494 | { hostname = "dhcp01.mathinst.loc"; |
| 480 | user = "root"; | 495 | user = "root"; |
| 481 | proxyCommand = autosshProxy 8122; | 496 | proxyCommand = autosshProxy "mathw0h"; |
| 482 | }; | 497 | }; |
| 483 | "dhcp02" = | 498 | "dhcp02" = |
| 484 | { hostname = "dhcp02.mathinst.loc"; | 499 | { hostname = "dhcp02.mathinst.loc"; |
| 485 | user = "root"; | 500 | user = "root"; |
| 486 | proxyCommand = autosshProxy 8122; | 501 | proxyCommand = autosshProxy "mathw0h"; |
| 487 | }; | 502 | }; |
| 488 | "cc-gpu-l01" = | 503 | "cc-gpu-l01" = |
| 489 | { hostname = "cc-gpu-l01.mathinst.loc"; | 504 | { hostname = "cc-gpu-l01.mathinst.loc"; |
| @@ -548,7 +563,7 @@ in { | |||
| 548 | user = "root"; | 563 | user = "root"; |
| 549 | }; | 564 | }; |
| 550 | "nas*" = | 565 | "nas*" = |
| 551 | { proxyJump = "mathw0e"; | 566 | { proxyCommand = autosshProxy "mathw0e"; |
| 552 | user = "admin"; | 567 | user = "admin"; |
| 553 | extraOptions = { | 568 | extraOptions = { |
| 554 | PasswordAuthentication = "yes"; | 569 | PasswordAuthentication = "yes"; |