From f29f5e472eb6f36862ae7e63537343459fc9c67a Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Fri, 9 Jan 2026 12:49:45 +0100
Subject: ...

---
 accounts/gkleen@sif/default.nix   |  3 ++-
 accounts/gkleen@sif/ssh-hosts.nix | 11 +++++++++++
 accounts/gkleen@sif/systemd.nix   | 20 ++++++++++++++++++--
 3 files changed, 31 insertions(+), 3 deletions(-)

diff --git a/accounts/gkleen@sif/default.nix b/accounts/gkleen@sif/default.nix
index e8ce4994..a6bf0803 100644
--- a/accounts/gkleen@sif/default.nix
+++ b/accounts/gkleen@sif/default.nix
@@ -122,7 +122,8 @@ in {
               # ProxyJump ssh.math.lmu.de
 
             Match host *.cipmath.loc !host cip04.cipmath.loc,mgmt-cls01.cipmath.loc !exec "nc -z -w 1 %h %p &>/dev/null"
-              ProxyJump cip04
+              ProxyCommand ${lib.getExe pkgs.socat} - SOCKS4A:127.0.0.1:%h:%p,socksport=8126
+              # ProxyJump cip04
 
             Match host *.ifi.lmu.de,*.math.lmu.de
               AddressFamily inet
diff --git a/accounts/gkleen@sif/ssh-hosts.nix b/accounts/gkleen@sif/ssh-hosts.nix
index a250509b..0b49f385 100644
--- a/accounts/gkleen@sif/ssh-hosts.nix
+++ b/accounts/gkleen@sif/ssh-hosts.nix
@@ -4,6 +4,7 @@ let
     "ssh.math.lmu.de" = 8118;
     "mathw0h" = 8122;
     "mathw0e" = 8124;
+    "cip04" = 8126;
   };
   autosshProxy = host: "${lib.getExe pkgs.socat} - SOCKS4A:127.0.0.1:%h:%p,socksport=${toString autosshProxyPorts.${host}}";
 in {
@@ -342,6 +343,16 @@ in {
         ServerAliveInterval = "2";
       };
     };
+  "proxy.cip04" =
+    { hostname = "cip04.cipmath.loc";
+      proxyCommand = autosshProxy "mathw0h";
+      extraOptions = {
+        ControlPath = "none";
+        ExitOnForwardFailure = "yes";
+        ServerAliveCountMax = "15";
+        ServerAliveInterval = "2";
+      };
+    };
   "vrt-kvm06" =
     { hostname = "vrt-kvm06";
       proxyCommand = autosshProxy "mathw0e";
diff --git a/accounts/gkleen@sif/systemd.nix b/accounts/gkleen@sif/systemd.nix
index fd4b4cf4..51671b20 100644
--- a/accounts/gkleen@sif/systemd.nix
+++ b/accounts/gkleen@sif/systemd.nix
@@ -207,6 +207,22 @@ in {
         StartLimitBurst = 7;
       };
     };
+    "autossh-socks@proxy.cip04:8127" = {
+      Service = {
+        Type = "notify";
+        NotifyAccess = "all";
+        WorkingDirectory = "~";
+        Restart = "always";
+        RestartSec = "23s";
+        ExecStart = "${autossh-socks-script} \"%I\"";
+        Environment = [ "SSHPASS_SECRET=gkleen@cip04.cipmath.loc" ];
+      };
+      Unit = {
+        StopWhenUnneeded = true;
+        StartLimitInterval = "180s";
+        StartLimitBurst = 7;
+      };
+    };
     psi-notify = {
       Install = {
         WantedBy = ["graphical-session.target"];
@@ -383,7 +399,7 @@ in {
         Restart = "always";
         RestartSec = "23s";
       };
-  }) [{ host = "proxy.ssh.math.lmu.de"; port = 8118; } { host = "proxy.vidhar"; port = 8120; } { host = "proxy.mathw0h"; port = 8122; } { host = "proxy.mathw0e"; port = 8124; }]);
+  }) [{ host = "proxy.ssh.math.lmu.de"; port = 8118; } { host = "proxy.vidhar"; port = 8120; } { host = "proxy.mathw0h"; port = 8122; } { host = "proxy.mathw0e"; port = 8124; } { host = "proxy.cip04"; port = 8126; }]);
   sockets = listToAttrs (map (port: nameValuePair "proxy-to-autossh-socks@${toString port}" {
     Socket = {
       ListenStream = "%I";
@@ -394,7 +410,7 @@ in {
     Install = {
       WantedBy = ["default.target"];
     };
-  }) [8118 8122 8124]) // {
+  }) [8118 8122 8124 8126]) // {
     "proxy-to-autossh-socks@8120" = {
       Socket = {
         ListenStream = "%I";
-- 
cgit v1.2.3