From d39f5c9752645f913bdaeb51acbc35518be43540 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sun, 16 Mar 2025 17:49:46 +0100 Subject: ... --- accounts/gkleen@sif/default.nix | 2 +- accounts/gkleen@sif/ssh-hosts.nix | 40 ++++++++++++++++++++------------------- accounts/gkleen@sif/systemd.nix | 6 +++--- 3 files changed, 25 insertions(+), 23 deletions(-) (limited to 'accounts/gkleen@sif') diff --git a/accounts/gkleen@sif/default.nix b/accounts/gkleen@sif/default.nix index 1254b6db..a30fb35c 100644 --- a/accounts/gkleen@sif/default.nix +++ b/accounts/gkleen@sif/default.nix @@ -86,7 +86,7 @@ in { programs = { ssh = { - matchBlocks = import ./ssh-hosts.nix { inherit pkgs; }; # customUtils.nixImport { dir = ./ssh-hosts; }; + matchBlocks = import ./ssh-hosts.nix inputs; # customUtils.nixImport { dir = ./ssh-hosts; }; extraConfig = '' Match host uniworx3.ifi.lmu.de,uniworx4.ifi.lmu.de,uniworx5.ifi.lmu.de,uni2workgw.ifi.lmu.de,blackbeard.tcs.ifi.lmu.de,gitlab2.rz.ifi.lmu.de,oregon.tcs.ifi.lmu.de !exec "nc -z -w 1 %h %p &>/dev/null" ProxyJump remote.cip.ifi.lmu.de diff --git a/accounts/gkleen@sif/ssh-hosts.nix b/accounts/gkleen@sif/ssh-hosts.nix index 4ca9e052..871b7350 100644 --- a/accounts/gkleen@sif/ssh-hosts.nix +++ b/accounts/gkleen@sif/ssh-hosts.nix @@ -1,5 +1,7 @@ -{ pkgs, ... }: -{ +{ lib, pkgs, ... }: +let + autosshProxy = port: "${lib.getExe pkgs.socat} - SOCKS4A:127.0.0.1:%h:%p,socksport=${toString port}"; +in { "git.ymir" = { hostname = "ymir.yggdrasil.li"; user = "gitolite"; @@ -290,15 +292,15 @@ }; "mathw0d" = { hostname = "mathw0d.mathinst.loc"; - proxyJump = "mathw0h"; + proxyCommand = autosshProxy 8122; }; "mathw0e" = { hostname = "mathw0e.mathinst.loc"; - proxyJump = "mathw0h"; + proxyCommand = autosshProxy 8122; }; "mathw0f" = { hostname = "mathw0f.mathinst.loc"; - proxyJump = "mathw0h"; + proxyCommand = autosshProxy 8122; }; "mathw0g" = { hostname = "mathw0g.mathinst.loc"; @@ -381,31 +383,31 @@ }; "tts-www01" = { hostname = "tts-www01.mathinst.loc"; - proxyJump = "mathw0h"; + proxyCommand = autosshProxy 8122; user = "root"; }; "vpn-wg01" = { hostname = "vpn-wg01.mathinst.loc"; - proxyJump = "mathw0h"; + proxyCommand = autosshProxy 8122; user = "root"; }; "repo-apt01" = { hostname = "repo-apt01.mathinst.loc"; - proxyJump = "mathw0h"; + proxyCommand = autosshProxy 8122; user = "root"; }; "ldap-lmumr01" = { hostname = "ldap-lmumr01.mathinst.loc"; - proxyJump = "mathw0h"; + proxyCommand = autosshProxy 8122; user = "root"; }; "mail-mi01" = { hostname = "mail-mi01.mathinst.loc"; - proxyJump = "mathw0h"; + proxyCommand = autosshProxy 8122; }; "mail-www02" = { hostname = "mail-www02.mathinst.loc"; - proxyJump = "mathw0h"; + proxyCommand = autosshProxy 8122; }; "dpl-fai01" = { hostname = "dpl-fai01.mathinst.loc"; @@ -413,7 +415,7 @@ }; "math05" = { hostname = "math05.mathinst.loc"; - proxyJump = "mathw0h"; + proxyCommand = autosshProxy 8122; extraOptions.KexAlgorithms = "+diffie-hellman-group1-sha1"; }; "switch01" = @@ -439,20 +441,20 @@ }; "www-mi01" = { hostname = "www-mi01.mathinst.loc"; - proxyJump = "mathw0h"; + proxyCommand = autosshProxy 8122; }; "cip04" = { hostname = "cip04.cipmath.loc"; - proxyJump = "mathw0h"; + proxyCommand = autosshProxy 8122; }; "mgmt-cls01" = { user = "root"; hostname = "mgmt-cls01.cipmath.loc"; - proxyJump = "ssh.math.lmu.de"; + proxyCommand = autosshProxy 8118; }; "mgmt01" = { hostname = "mgmt01.mathinst.loc"; - proxyJump = "mathw0h"; + proxyCommand = autosshProxy 8122; user = "root"; }; "ssh-lb01" = @@ -471,17 +473,17 @@ "rdlx02" = { hostname = "rdlx02.mathinst.loc"; proxyJump = "mgmt01"; }; "math0d" = { hostname = "math0d.mathinst.loc"; - proxyJump = "mathw0h"; + proxyCommand = autosshProxy 8122; }; "dhcp01" = { hostname = "dhcp01.mathinst.loc"; user = "root"; - proxyJump = "mathw0h"; + proxyCommand = autosshProxy 8122; }; "dhcp02" = { hostname = "dhcp02.mathinst.loc"; user = "root"; - proxyJump = "mathw0h"; + proxyCommand = autosshProxy 8122; }; "cc-gpu-l01" = { hostname = "cc-gpu-l01.mathinst.loc"; diff --git a/accounts/gkleen@sif/systemd.nix b/accounts/gkleen@sif/systemd.nix index 14669a1e..886f6da1 100644 --- a/accounts/gkleen@sif/systemd.nix +++ b/accounts/gkleen@sif/systemd.nix @@ -20,7 +20,7 @@ let cmd+=(--) fi - cmd+=(${lib.getExe' pkgs.openssh "ssh"} -vN -D localhost:''${port} "''${host}") + cmd+=(${lib.getExe' pkgs.openssh "ssh"} -vN -D 127.0.0.1:''${port} "''${host}") ( exec -a "''${cmd[1]}" -- ''${cmd} ) & pid=$! @@ -364,11 +364,11 @@ in { }; } // listToAttrs (map ({host, port}: nameValuePair "proxy-to-autossh-socks@${toString port}" { Unit = { - Requires = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"]; + BindsTo = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"]; After = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"]; }; Service = { - ExecStart = "${config.systemd.package}/lib/systemd/systemd-socket-proxyd --exit-idle-time=10s localhost:${toString (port + 1)}"; + ExecStart = "${config.systemd.package}/lib/systemd/systemd-socket-proxyd --exit-idle-time=10s 127.0.0.1:${toString (port + 1)}"; }; }) [{ host = "proxy.ssh.math.lmu.de"; port = 8118; } { host = "proxy.vidhar"; port = 8120; } { host = "proxy.mathw0h"; port = 8122; }]); sockets = listToAttrs (map (port: nameValuePair "proxy-to-autossh-socks@${toString port}" { -- cgit v1.2.3