karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add sish tcp forwarding

Browse Source 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
Nick Karaolidis
2025-09-01 16:33:35 +01:00
parent f7112f73d7
commit 20b38b0467
4 changed files with 20 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/elara/default.nix
View File

@@ -27,6 +27,7 @@
../common/configs/system/podman ../common/configs/system/podman
../common/configs/system/sops ../common/configs/system/sops
../common/configs/system/ssh ../common/configs/system/ssh
../common/configs/system/sshd
../common/configs/system/sudo ../common/configs/system/sudo
../common/configs/system/system ../common/configs/system/system
../common/configs/system/users ../common/configs/system/users

4
hosts/elara/users/nikara/default.nix
View File

@@ -84,6 +84,10 @@ in
]; ];
linger = true; linger = true;
uid = lib.strings.toInt (builtins.readFile ./uid); uid = lib.strings.toInt (builtins.readFile ./uid);
openssh.authorizedKeys.keyFiles = [
"${inputs.secrets}/domains/personal/id_ed25519.pub"
"${inputs.secrets}/domains/sas/id_ed25519.pub"
];
}; };
wsl.defaultUser = user; wsl.defaultUser = user;

1
hosts/himalia/default.nix
View File

@@ -40,6 +40,7 @@
../common/configs/system/smartmontools ../common/configs/system/smartmontools
../common/configs/system/sops ../common/configs/system/sops
../common/configs/system/ssh ../common/configs/system/ssh
../common/configs/system/sshd
../common/configs/system/sudo ../common/configs/system/sudo
../common/configs/system/system ../common/configs/system/system
../common/configs/system/timezone ../common/configs/system/timezone

16
hosts/jupiter/users/storm/configs/console/podman/sish/default.nix
View File

@@ -11,7 +11,15 @@ let
inherit (hmConfig.virtualisation.quadlet) networks; inherit (hmConfig.virtualisation.quadlet) networks;
in in
{ {
networking.firewall.allowedTCPPorts = [ 2222 ]; networking.firewall = {
allowedTCPPorts = [ 2222 ];
allowedTCPPortRanges = [
{
from = 61000;
to = 61999;
}
];
};
home-manager.users.${user} = { home-manager.users.${user} = {
sops.secrets."sish/ssh/key".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml"; sops.secrets."sish/ssh/key".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml";
@@ -44,7 +52,10 @@ in
"traefik.http.routers.sish.rule=HostRegexp(`^(.+\.)?tunnel\.karaolidis\.com$`)" "traefik.http.routers.sish.rule=HostRegexp(`^(.+\.)?tunnel\.karaolidis\.com$`)"
"traefik.http.services.sish.loadbalancer.server.port=80" "traefik.http.services.sish.loadbalancer.server.port=80"
]; ];
publishPorts = [ "2222:2222/tcp" ]; publishPorts = [
"2222:2222/tcp"
"61000-61999:61000-61999/tcp"
];
exec = [ exec = [
"--ssh-address=0.0.0.0:2222" "--ssh-address=0.0.0.0:2222"
"--http-address=0.0.0.0:80" "--http-address=0.0.0.0:80"
@@ -55,6 +66,7 @@ in
"--bind-random-ports=false" "--bind-random-ports=false"
"--bind-random-aliases=false" "--bind-random-aliases=false"
"--bind-random-subdomains=false" "--bind-random-subdomains=false"
"--port-bind-range=61000-61999"
"--welcome-message=\"\"" "--welcome-message=\"\""
"--domain=tunnel.karaolidis.com" "--domain=tunnel.karaolidis.com"
"--proxy-ssl-termination=true" "--proxy-ssl-termination=true"