summaryrefslogtreecommitdiff
path: root/accounts/gkleen@sif
diff options
context:
space:
mode:
Diffstat (limited to 'accounts/gkleen@sif')
-rw-r--r--accounts/gkleen@sif/ssh-hosts.nix67
-rw-r--r--accounts/gkleen@sif/systemd.nix20
2 files changed, 59 insertions, 28 deletions
diff --git a/accounts/gkleen@sif/ssh-hosts.nix b/accounts/gkleen@sif/ssh-hosts.nix
index 871b7350..44dc27f5 100644
--- a/accounts/gkleen@sif/ssh-hosts.nix
+++ b/accounts/gkleen@sif/ssh-hosts.nix
@@ -1,6 +1,11 @@
1{ lib, pkgs, ... }: 1{ lib, pkgs, ... }:
2let 2let
3 autosshProxy = port: "${lib.getExe pkgs.socat} - SOCKS4A:127.0.0.1:%h:%p,socksport=${toString port}"; 3 autosshProxyPorts = {
4 "ssh.math.lmu.de" = 8118;
5 "mathw0h" = 8122;
6 "mathw0e" = 8124;
7 };
8 autosshProxy = host: "${lib.getExe pkgs.socat} - SOCKS4A:127.0.0.1:%h:%p,socksport=${toString autosshProxyPorts.${host}}";
4in { 9in {
5 "git.ymir" = 10 "git.ymir" =
6 { hostname = "ymir.yggdrasil.li"; 11 { hostname = "ymir.yggdrasil.li";
@@ -292,15 +297,15 @@ in {
292 }; 297 };
293 "mathw0d" = 298 "mathw0d" =
294 { hostname = "mathw0d.mathinst.loc"; 299 { hostname = "mathw0d.mathinst.loc";
295 proxyCommand = autosshProxy 8122; 300 proxyCommand = autosshProxy "mathw0h";
296 }; 301 };
297 "mathw0e" = 302 "mathw0e" =
298 { hostname = "mathw0e.mathinst.loc"; 303 { hostname = "mathw0e.mathinst.loc";
299 proxyCommand = autosshProxy 8122; 304 proxyCommand = autosshProxy "mathw0h";
300 }; 305 };
301 "mathw0f" = 306 "mathw0f" =
302 { hostname = "mathw0f.mathinst.loc"; 307 { hostname = "mathw0f.mathinst.loc";
303 proxyCommand = autosshProxy 8122; 308 proxyCommand = autosshProxy "mathw0h";
304 }; 309 };
305 "mathw0g" = 310 "mathw0g" =
306 { hostname = "mathw0g.mathinst.loc"; 311 { hostname = "mathw0g.mathinst.loc";
@@ -319,7 +324,17 @@ in {
319 }; 324 };
320 "proxy.mathw0h" = 325 "proxy.mathw0h" =
321 { hostname = "mathw0h.mathinst.loc"; 326 { hostname = "mathw0h.mathinst.loc";
322 # proxyJump = "proxy.ssh.math.lmu.de"; 327 proxyCommand = autosshProxy "ssh.math.lmu.de";
328 extraOptions = {
329 ControlPath = "none";
330 ExitOnForwardFailure = "yes";
331 ServerAliveCountMax = "15";
332 ServerAliveInterval = "2";
333 };
334 };
335 "proxy.mathw0e" =
336 { hostname = "mathw0e.mathinst.loc";
337 proxyCommand = autosshProxy "mathw0h";
323 extraOptions = { 338 extraOptions = {
324 ControlPath = "none"; 339 ControlPath = "none";
325 ExitOnForwardFailure = "yes"; 340 ExitOnForwardFailure = "yes";
@@ -329,7 +344,7 @@ in {
329 }; 344 };
330 "vrt-kvm06" = 345 "vrt-kvm06" =
331 { hostname = "vrt-kvm06"; 346 { hostname = "vrt-kvm06";
332 proxyJump = "mathw0e"; 347 proxyCommand = autosshProxy "mathw0e";
333 user = "root"; 348 user = "root";
334 extraOptions = { 349 extraOptions = {
335 PasswordAuthentication = "yes"; 350 PasswordAuthentication = "yes";
@@ -338,7 +353,7 @@ in {
338 }; 353 };
339 "vrt-kvm05" = 354 "vrt-kvm05" =
340 { hostname = "vrt-kvm05"; 355 { hostname = "vrt-kvm05";
341 proxyJump = "mathw0e"; 356 proxyCommand = autosshProxy "mathw0e";
342 user = "root"; 357 user = "root";
343 extraOptions = { 358 extraOptions = {
344 PasswordAuthentication = "yes"; 359 PasswordAuthentication = "yes";
@@ -347,7 +362,7 @@ in {
347 }; 362 };
348 "vrt-kvm04" = 363 "vrt-kvm04" =
349 { hostname = "vrt-kvm04"; 364 { hostname = "vrt-kvm04";
350 proxyJump = "mathw0e"; 365 proxyCommand = autosshProxy "mathw0e";
351 user = "root"; 366 user = "root";
352 extraOptions = { 367 extraOptions = {
353 PasswordAuthentication = "yes"; 368 PasswordAuthentication = "yes";
@@ -356,7 +371,7 @@ in {
356 }; 371 };
357 "vrt-kvm02" = 372 "vrt-kvm02" =
358 { hostname = "vrt-kvm02"; 373 { hostname = "vrt-kvm02";
359 proxyJump = "mathw0e"; 374 proxyCommand = autosshProxy "mathw0e";
360 user = "root"; 375 user = "root";
361 extraOptions = { 376 extraOptions = {
362 PasswordAuthentication = "yes"; 377 PasswordAuthentication = "yes";
@@ -365,7 +380,7 @@ in {
365 }; 380 };
366 "vrt-kvm03" = 381 "vrt-kvm03" =
367 { hostname = "vrt-kvm03"; 382 { hostname = "vrt-kvm03";
368 proxyJump = "mathw0e"; 383 proxyCommand = autosshProxy "mathw0e";
369 user = "root"; 384 user = "root";
370 extraOptions = { 385 extraOptions = {
371 PasswordAuthentication = "yes"; 386 PasswordAuthentication = "yes";
@@ -374,7 +389,7 @@ in {
374 }; 389 };
375 "vrt-kvm01" = 390 "vrt-kvm01" =
376 { hostname = "vrt-kvm01"; 391 { hostname = "vrt-kvm01";
377 proxyJump = "mathw0e"; 392 proxyCommand = autosshProxy "mathw0e";
378 user = "root"; 393 user = "root";
379 extraOptions = { 394 extraOptions = {
380 PasswordAuthentication = "yes"; 395 PasswordAuthentication = "yes";
@@ -383,31 +398,31 @@ in {
383 }; 398 };
384 "tts-www01" = 399 "tts-www01" =
385 { hostname = "tts-www01.mathinst.loc"; 400 { hostname = "tts-www01.mathinst.loc";
386 proxyCommand = autosshProxy 8122; 401 proxyCommand = autosshProxy "mathw0h";
387 user = "root"; 402 user = "root";
388 }; 403 };
389 "vpn-wg01" = 404 "vpn-wg01" =
390 { hostname = "vpn-wg01.mathinst.loc"; 405 { hostname = "vpn-wg01.mathinst.loc";
391 proxyCommand = autosshProxy 8122; 406 proxyCommand = autosshProxy "mathw0h";
392 user = "root"; 407 user = "root";
393 }; 408 };
394 "repo-apt01" = 409 "repo-apt01" =
395 { hostname = "repo-apt01.mathinst.loc"; 410 { hostname = "repo-apt01.mathinst.loc";
396 proxyCommand = autosshProxy 8122; 411 proxyCommand = autosshProxy "mathw0h";
397 user = "root"; 412 user = "root";
398 }; 413 };
399 "ldap-lmumr01" = 414 "ldap-lmumr01" =
400 { hostname = "ldap-lmumr01.mathinst.loc"; 415 { hostname = "ldap-lmumr01.mathinst.loc";
401 proxyCommand = autosshProxy 8122; 416 proxyCommand = autosshProxy "mathw0h";
402 user = "root"; 417 user = "root";
403 }; 418 };
404 "mail-mi01" = 419 "mail-mi01" =
405 { hostname = "mail-mi01.mathinst.loc"; 420 { hostname = "mail-mi01.mathinst.loc";
406 proxyCommand = autosshProxy 8122; 421 proxyCommand = autosshProxy "mathw0h";
407 }; 422 };
408 "mail-www02" = 423 "mail-www02" =
409 { hostname = "mail-www02.mathinst.loc"; 424 { hostname = "mail-www02.mathinst.loc";
410 proxyCommand = autosshProxy 8122; 425 proxyCommand = autosshProxy "mathw0h";
411 }; 426 };
412 "dpl-fai01" = 427 "dpl-fai01" =
413 { hostname = "dpl-fai01.mathinst.loc"; 428 { hostname = "dpl-fai01.mathinst.loc";
@@ -415,7 +430,7 @@ in {
415 }; 430 };
416 "math05" = 431 "math05" =
417 { hostname = "math05.mathinst.loc"; 432 { hostname = "math05.mathinst.loc";
418 proxyCommand = autosshProxy 8122; 433 proxyCommand = autosshProxy "mathw0h";
419 extraOptions.KexAlgorithms = "+diffie-hellman-group1-sha1"; 434 extraOptions.KexAlgorithms = "+diffie-hellman-group1-sha1";
420 }; 435 };
421 "switch01" = 436 "switch01" =
@@ -441,20 +456,20 @@ in {
441 }; 456 };
442 "www-mi01" = 457 "www-mi01" =
443 { hostname = "www-mi01.mathinst.loc"; 458 { hostname = "www-mi01.mathinst.loc";
444 proxyCommand = autosshProxy 8122; 459 proxyCommand = autosshProxy "mathw0h";
445 }; 460 };
446 "cip04" = 461 "cip04" =
447 { hostname = "cip04.cipmath.loc"; 462 { hostname = "cip04.cipmath.loc";
448 proxyCommand = autosshProxy 8122; 463 proxyCommand = autosshProxy "mathw0h";
449 }; 464 };
450 "mgmt-cls01" = 465 "mgmt-cls01" =
451 { user = "root"; 466 { user = "root";
452 hostname = "mgmt-cls01.cipmath.loc"; 467 hostname = "mgmt-cls01.cipmath.loc";
453 proxyCommand = autosshProxy 8118; 468 proxyCommand = autosshProxy "ssh.math.lmu.de";
454 }; 469 };
455 "mgmt01" = 470 "mgmt01" =
456 { hostname = "mgmt01.mathinst.loc"; 471 { hostname = "mgmt01.mathinst.loc";
457 proxyCommand = autosshProxy 8122; 472 proxyCommand = autosshProxy "mathw0h";
458 user = "root"; 473 user = "root";
459 }; 474 };
460 "ssh-lb01" = 475 "ssh-lb01" =
@@ -473,17 +488,17 @@ in {
473 "rdlx02" = { hostname = "rdlx02.mathinst.loc"; proxyJump = "mgmt01"; }; 488 "rdlx02" = { hostname = "rdlx02.mathinst.loc"; proxyJump = "mgmt01"; };
474 "math0d" = 489 "math0d" =
475 { hostname = "math0d.mathinst.loc"; 490 { hostname = "math0d.mathinst.loc";
476 proxyCommand = autosshProxy 8122; 491 proxyCommand = autosshProxy "mathw0h";
477 }; 492 };
478 "dhcp01" = 493 "dhcp01" =
479 { hostname = "dhcp01.mathinst.loc"; 494 { hostname = "dhcp01.mathinst.loc";
480 user = "root"; 495 user = "root";
481 proxyCommand = autosshProxy 8122; 496 proxyCommand = autosshProxy "mathw0h";
482 }; 497 };
483 "dhcp02" = 498 "dhcp02" =
484 { hostname = "dhcp02.mathinst.loc"; 499 { hostname = "dhcp02.mathinst.loc";
485 user = "root"; 500 user = "root";
486 proxyCommand = autosshProxy 8122; 501 proxyCommand = autosshProxy "mathw0h";
487 }; 502 };
488 "cc-gpu-l01" = 503 "cc-gpu-l01" =
489 { hostname = "cc-gpu-l01.mathinst.loc"; 504 { hostname = "cc-gpu-l01.mathinst.loc";
@@ -548,7 +563,7 @@ in {
548 user = "root"; 563 user = "root";
549 }; 564 };
550 "nas*" = 565 "nas*" =
551 { proxyJump = "mathw0e"; 566 { proxyCommand = autosshProxy "mathw0e";
552 user = "admin"; 567 user = "admin";
553 extraOptions = { 568 extraOptions = {
554 PasswordAuthentication = "yes"; 569 PasswordAuthentication = "yes";
diff --git a/accounts/gkleen@sif/systemd.nix b/accounts/gkleen@sif/systemd.nix
index 886f6da1..eb10cd78 100644
--- a/accounts/gkleen@sif/systemd.nix
+++ b/accounts/gkleen@sif/systemd.nix
@@ -189,6 +189,22 @@ in {
189 StartLimitBurst = 7; 189 StartLimitBurst = 7;
190 }; 190 };
191 }; 191 };
192 "autossh-socks@proxy.mathw0e:8125" = {
193 Service = {
194 Type = "notify";
195 NotifyAccess = "all";
196 WorkingDirectory = "~";
197 Restart = "always";
198 RestartSec = "23s";
199 ExecStart = "${autossh-socks-script} \"%I\"";
200 Environment = [ "SSHPASS_SECRET=gkleen@mathw0e.mathinst.loc" ];
201 };
202 Unit = {
203 StopWhenUnneeded = true;
204 StartLimitInterval = "180s";
205 StartLimitBurst = 7;
206 };
207 };
192 swayidle = { 208 swayidle = {
193 Service = { 209 Service = {
194 RuntimeDirectory = "swayidle"; 210 RuntimeDirectory = "swayidle";
@@ -370,7 +386,7 @@ in {
370 Service = { 386 Service = {
371 ExecStart = "${config.systemd.package}/lib/systemd/systemd-socket-proxyd --exit-idle-time=10s 127.0.0.1:${toString (port + 1)}"; 387 ExecStart = "${config.systemd.package}/lib/systemd/systemd-socket-proxyd --exit-idle-time=10s 127.0.0.1:${toString (port + 1)}";
372 }; 388 };
373 }) [{ host = "proxy.ssh.math.lmu.de"; port = 8118; } { host = "proxy.vidhar"; port = 8120; } { host = "proxy.mathw0h"; port = 8122; }]); 389 }) [{ host = "proxy.ssh.math.lmu.de"; port = 8118; } { host = "proxy.vidhar"; port = 8120; } { host = "proxy.mathw0h"; port = 8122; } { host = "proxy.mathw0e"; port = 8124; }]);
374 sockets = listToAttrs (map (port: nameValuePair "proxy-to-autossh-socks@${toString port}" { 390 sockets = listToAttrs (map (port: nameValuePair "proxy-to-autossh-socks@${toString port}" {
375 Socket = { 391 Socket = {
376 ListenStream = "%I"; 392 ListenStream = "%I";
@@ -378,7 +394,7 @@ in {
378 Install = { 394 Install = {
379 WantedBy = ["default.target"]; 395 WantedBy = ["default.target"];
380 }; 396 };
381 }) [8118 8120 8122]) // { 397 }) [8118 8120 8122 8124]) // {
382 "yt-dlp" = { 398 "yt-dlp" = {
383 Socket = { 399 Socket = {
384 SocketMode = "0600"; 400 SocketMode = "0600";
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-26 14:44:52 +0000