From a2962229c6a81ac23a685d243fa43d83957b4fc4 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Wed, 8 Dec 2021 15:23:37 +0100 Subject: gkleen@sif: systemd-based ssh socks proxy --- accounts/gkleen@sif/default.nix | 26 +----------- accounts/gkleen@sif/ssh-hosts.nix | 18 ++++++++ accounts/gkleen@sif/systemd.nix | 86 ++++++++++++++++++++++++++++----------- 3 files changed, 81 insertions(+), 49 deletions(-) (limited to 'accounts/gkleen@sif') diff --git a/accounts/gkleen@sif/default.nix b/accounts/gkleen@sif/default.nix index 4f4897f5..70a5c9f2 100644 --- a/accounts/gkleen@sif/default.nix +++ b/accounts/gkleen@sif/default.nix @@ -59,30 +59,6 @@ let wrapProgram $out/bin/zulip \ --add-flags '--force-device-scale-factor=1.6' ''; - sshpassSecret = pkgs.writeScriptBin "sshpass-secret" '' - #!${pkgs.zsh}/bin/zsh -e - - typeset -a cmd - cmd=() - - while - if [[ "$#" -le 0 ]]; then - echo "Insufficient arguments" >&2 - exit 2 - fi - arg="''${1}" - shift - do - [[ "''${arg}" == '--' ]] && break - user=''${arg%@*} - host=''${arg#*@} - exec {fdnum}< <(${pkgs.gnome.libsecret}/bin/secret-tool lookup service sshpass host "''${host}" user "''${user}") - cmd+=(${pkgs.sshpass}/bin/sshpass -d ''${fdnum} -P "''${user}@''${host}'s password:") - done - - cmd+=($@) - exec -a ''${cmd[1]} -- $cmd - ''; in { imports = with flake.nixosModules.userProfiles.${userName}; [ mpv yt-dlp @@ -329,7 +305,7 @@ in { keyboard = { layout = "us"; variant = "dvp"; - options = [ "ctl:nocaps" ]; + options = [ "ctl:nocaps" "compose:caps" ]; }; }; diff --git a/accounts/gkleen@sif/ssh-hosts.nix b/accounts/gkleen@sif/ssh-hosts.nix index b1ac2a05..06b9ccaa 100644 --- a/accounts/gkleen@sif/ssh-hosts.nix +++ b/accounts/gkleen@sif/ssh-hosts.nix @@ -287,6 +287,24 @@ { hostname = "mathw0h.mathinst.loc"; proxyJump = "mathw0g"; }; + "proxy.mathw0g" = + { hostname = "mathw0g.math.lmu.de"; + extraOptions = { + ControlPath = "none"; + ServerAliveCountMax = "3"; + ServerAliveInterval = "1"; + }; + }; + "proxy.mathw0h" = + { hostname = "mathw0h.mathinst.loc"; + proxyJump = "proxy.mathw0g"; + extraOptions = { + ControlPath = "none"; + ExitOnForwardFailure = "yes"; + ServerAliveCountMax = "3"; + ServerAliveInterval = "1"; + }; + }; "vrt-kvm04" = { hostname = "vrt-kvm04"; proxyJump = "mathw0e"; diff --git a/accounts/gkleen@sif/systemd.nix b/accounts/gkleen@sif/systemd.nix index 56965b74..4ebecb93 100644 --- a/accounts/gkleen@sif/systemd.nix +++ b/accounts/gkleen@sif/systemd.nix @@ -2,6 +2,36 @@ let xmobar = import ./xmobar pkgs.haskellPackages; cfg = config.home-manager.users.${userName}; + + autossh-socks-script = pkgs.writeScript "autossh" '' + #!${pkgs.zsh}/bin/zsh -xe + + host="''${1%:*}" + port="''${1#*:}" + + typeset -a cmd + cmd=() + + if [[ -n "''${SSHPASS_SECRET}" ]]; then + cmd+=(${pkgs.sshpassSecret}/bin/sshpass-secret) + cmd+=("''${(@s/:/)SSHPASS_SECRET}") + cmd+=(--) + fi + + cmd+=(${pkgs.openssh}/bin/ssh -vvN -D localhost:''${port} "''${host}") + + ( exec -a "''${cmd[1]}" -- ''${cmd} ) & + pid=$! + ${pkgs.systemd}/bin/systemd-notify --pid="''${pid}" + + while ! ${pkgs.netcat-openbsd.nc}/bin/nc -z -v localhost ''${port}; do + ${pkgs.coreutils}/bin/sleep 0.1 + done + + ${pkgs.systemd}/bin/systemd-notify --ready + + wait "''${pid}" + ''; in { services = { sync-keepass = { @@ -16,30 +46,6 @@ in { After = ["graphical-session-pre.target"]; }; }; - # trayer = { - # Service = { - # Type = "simple"; - # WorkingDirectory = "~"; - # ExecStart = "${pkgs.trayer}/bin/trayer --edge top --align right --SetDockType true --SetPartialStrut true --expand true --width 8 --tint 0x000000 --alpha 0 --transparent true --height 32 --monitor primary"; - # Restart = "always"; - # }; - # Install = { - # WantedBy = ["graphical-session.target"]; - # }; - # }; - # xmobar = { - # Service = { - # Type = "simple"; - # WorkingDirectory = "~"; - # ExecStart = "${xmobar}/bin/xmobar"; - # Restart = "always"; - # Environment = "PATH=${pkgs.worktime}/bin:${pkgs.openssh}/bin"; - - # }; - # Install = { - # WantedBy = ["graphical-session.target"]; - # }; - # }; taffybar = { Service = { Environment = with pkgs; "PATH=${worktime}/bin:${systemd}/bin"; @@ -61,6 +67,38 @@ in { Restart = "always"; }; }; + "autossh-socks@proxy.mathw0h:8119" = { + Service = { + Type = "notify"; + NotifyAccess = "all"; + WorkingDirectory = "~"; + Restart = "always"; + ExecStart = "${autossh-socks-script} \"%I\""; + Environment = [ "SSHPASS_SECRET=gkleen@mathw0g.math.lmu.de" ]; + }; + Unit = { + StopWhenUnneeded = true; + }; + }; + "proxy-to-autossh-socks@8118" = { + Unit = { + Requires = ["autossh-socks@proxy.mathw0h:8119.service" "proxy-to-autossh-socks@8118.socket"]; + After = ["autossh-socks@proxy.mathw0h:8119.service" "proxy-to-autossh-socks@8118.socket"]; + }; + Service = { + ExecStart = "${pkgs.systemd}/lib/systemd/systemd-socket-proxyd --exit-idle-time=10s localhost:8119"; + }; + }; + }; + sockets = { + "proxy-to-autossh-socks@8118" = { + Socket = { + ListenStream = "%I"; + }; + Install = { + WantedBy = ["default.target"]; + }; + }; }; timers = { sync-keepass = { -- cgit v1.2.3