karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add sish

Browse Source 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
Nick Karaolidis
2025-05-17 18:06:32 +01:00
parent 3c09cf9f69
commit bf82f4b52e
10 changed files with 204 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/jupiter/default.nix
View File

@@ -20,6 +20,7 @@
../common/configs/system/podman
../common/configs/system/smartmontools
../common/configs/system/sops
../common/configs/system/ssh
../common/configs/system/sshd
../common/configs/system/sudo
../common/configs/system/system

1
hosts/jupiter/users/storm/configs/console/podman/default.nix
View File

@@ -13,6 +13,7 @@ in
(import ./grafana { inherit user home; })
(import ./ntfy { inherit user home; })
(import ./prometheus { inherit user home; })
(import ./sish { inherit user home; })
(import ./traefik { inherit user home; })
(import ./whoami { inherit user home; })
];

72
hosts/jupiter/users/storm/configs/console/podman/sish/default.nix Normal file
View File

@@ -0,0 +1,72 @@
{
user ? throw "user argument is required",
home ? throw "home argument is required",
}:
{
config,
inputs,
pkgs,
system,
...
}:
let
selfPkgs = inputs.self.packages.${system};
hmConfig = config.home-manager.users.${user};
inherit (hmConfig.virtualisation.quadlet) networks;
in
{
networking.firewall.allowedTCPPorts = [ 2222 ];
home-manager.users.${user} = {
sops.secrets."sish/ssh/key".sopsFile = ../../../../../../secrets/secrets.yaml;
virtualisation.quadlet = {
networks.sish.networkConfig.internal = true;
containers.sish = {
containerConfig = {
image = "docker-archive:${selfPkgs.docker-sish}";
networks = [
networks.sish.ref
networks.traefik.ref
];
volumes =
let
authorizedKeys = pkgs.writeTextFile {
name = "authorized_keys";
text = ''
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEWDA5vnIB7KE2VG28Ovg5rXtQqxFwMXsfozLsH0BNZS nick@karaolidis.com
'';
};
in
[
"${hmConfig.sops.secrets."sish/ssh/key".path}:/etc/sish/keys/ssh_key:ro"
"${authorizedKeys}:/etc/sish/pubkeys/authorized_keys:ro"
];
labels = [
"traefik.enable=true"
"traefik.http.routers.sish.rule=HostRegexp(`^(.+\.)?tunnel\.karaolidis\.com$`)"
"traefik.http.services.sish.loadbalancer.server.port=80"
];
publishPorts = [ "2222:2222/tcp" ];
exec = [
"--ssh-address=0.0.0.0:2222"
"--http-address=0.0.0.0:80"
"--load-templates=false"
"--private-keys-directory=/etc/sish/keys"
"--authentication-password=\"\""
"--authentication-keys-directory=/etc/sish/pubkeys"
"--bind-random-ports=false"
"--bind-random-aliases=false"
"--bind-random-subdomains=false"
"--welcome-message=\"\""
"--domain=tunnel.karaolidis.com"
"--proxy-ssl-termination=true"
];
};
unitConfig.After = [ "sops-nix.service" ];
};
};
};
}

1
hosts/jupiter/users/storm/configs/console/podman/sish/ssh_host_ed25519_key.pub Normal file
View File

@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILbYZvInRgXWVVi7pgP/rrOLPv9l7zH/TkPk7bb98OFp root@jupiter-sish

4
hosts/jupiter/users/storm/configs/console/podman/traefik/default.nix
View File

@@ -76,9 +76,9 @@ in
"--entrypoints.https.http.tls=true"
"--entrypoints.https.http.tls.certResolver=letsencrypt"
"--entrypoints.https.http.tls.domains[0].main=karaolidis.com"
"--entrypoints.https.http.tls.domains[0].sans=*.karaolidis.com"
"--entrypoints.https.http.tls.domains[0].sans=*.karaolidis.com,*.tunnel.karaolidis.com,*.gaming.karaolidis.com"
"--entrypoints.https.http.tls.domains[1].main=krlds.com"
"--entrypoints.https.http.tls.domains[1].sans=*.krlds.com"
"--entrypoints.https.http.tls.domains[1].sans=*.krlds.com,*.tunnel.krlds.com,*.gaming.krlds.com"
"--entrypoints.https.http.middlewares=compress@docker"
"--entryPoints.https.http3"
"--entrypoints.https.forwardedHeaders.insecure=true"