From a2962229c6a81ac23a685d243fa43d83957b4fc4 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Wed, 8 Dec 2021 15:23:37 +0100 Subject: gkleen@sif: systemd-based ssh socks proxy --- accounts/gkleen@sif/systemd.nix | 86 +++++++++++++++++++++++++++++------------ 1 file changed, 62 insertions(+), 24 deletions(-) (limited to 'accounts/gkleen@sif/systemd.nix') diff --git a/accounts/gkleen@sif/systemd.nix b/accounts/gkleen@sif/systemd.nix index 56965b74..4ebecb93 100644 --- a/accounts/gkleen@sif/systemd.nix +++ b/accounts/gkleen@sif/systemd.nix @@ -2,6 +2,36 @@ let xmobar = import ./xmobar pkgs.haskellPackages; cfg = config.home-manager.users.${userName}; + + autossh-socks-script = pkgs.writeScript "autossh" '' + #!${pkgs.zsh}/bin/zsh -xe + + host="''${1%:*}" + port="''${1#*:}" + + typeset -a cmd + cmd=() + + if [[ -n "''${SSHPASS_SECRET}" ]]; then + cmd+=(${pkgs.sshpassSecret}/bin/sshpass-secret) + cmd+=("''${(@s/:/)SSHPASS_SECRET}") + cmd+=(--) + fi + + cmd+=(${pkgs.openssh}/bin/ssh -vvN -D localhost:''${port} "''${host}") + + ( exec -a "''${cmd[1]}" -- ''${cmd} ) & + pid=$! + ${pkgs.systemd}/bin/systemd-notify --pid="''${pid}" + + while ! ${pkgs.netcat-openbsd.nc}/bin/nc -z -v localhost ''${port}; do + ${pkgs.coreutils}/bin/sleep 0.1 + done + + ${pkgs.systemd}/bin/systemd-notify --ready + + wait "''${pid}" + ''; in { services = { sync-keepass = { @@ -16,30 +46,6 @@ in { After = ["graphical-session-pre.target"]; }; }; - # trayer = { - # Service = { - # Type = "simple"; - # WorkingDirectory = "~"; - # ExecStart = "${pkgs.trayer}/bin/trayer --edge top --align right --SetDockType true --SetPartialStrut true --expand true --width 8 --tint 0x000000 --alpha 0 --transparent true --height 32 --monitor primary"; - # Restart = "always"; - # }; - # Install = { - # WantedBy = ["graphical-session.target"]; - # }; - # }; - # xmobar = { - # Service = { - # Type = "simple"; - # WorkingDirectory = "~"; - # ExecStart = "${xmobar}/bin/xmobar"; - # Restart = "always"; - # Environment = "PATH=${pkgs.worktime}/bin:${pkgs.openssh}/bin"; - - # }; - # Install = { - # WantedBy = ["graphical-session.target"]; - # }; - # }; taffybar = { Service = { Environment = with pkgs; "PATH=${worktime}/bin:${systemd}/bin"; @@ -61,6 +67,38 @@ in { Restart = "always"; }; }; + "autossh-socks@proxy.mathw0h:8119" = { + Service = { + Type = "notify"; + NotifyAccess = "all"; + WorkingDirectory = "~"; + Restart = "always"; + ExecStart = "${autossh-socks-script} \"%I\""; + Environment = [ "SSHPASS_SECRET=gkleen@mathw0g.math.lmu.de" ]; + }; + Unit = { + StopWhenUnneeded = true; + }; + }; + "proxy-to-autossh-socks@8118" = { + Unit = { + Requires = ["autossh-socks@proxy.mathw0h:8119.service" "proxy-to-autossh-socks@8118.socket"]; + After = ["autossh-socks@proxy.mathw0h:8119.service" "proxy-to-autossh-socks@8118.socket"]; + }; + Service = { + ExecStart = "${pkgs.systemd}/lib/systemd/systemd-socket-proxyd --exit-idle-time=10s localhost:8119"; + }; + }; + }; + sockets = { + "proxy-to-autossh-socks@8118" = { + Socket = { + ListenStream = "%I"; + }; + Install = { + WantedBy = ["default.target"]; + }; + }; }; timers = { sync-keepass = { -- cgit v1.2.3