summaryrefslogtreecommitdiffstats
path: root/configs/sshd.nix
diff options
context:
space:
mode:
Diffstat (limited to 'configs/sshd.nix')
-rw-r--r--configs/sshd.nix26
1 files changed, 26 insertions, 0 deletions
diff --git a/configs/sshd.nix b/configs/sshd.nix
new file mode 100644
index 0000000..281d498
--- /dev/null
+++ b/configs/sshd.nix
@@ -0,0 +1,26 @@
+{ config, lib, ... }: let
+ cfg.host = config.krebs.build.host;
+ nets =
+ lib.optional (cfg.host.nets?retiolum) cfg.host.nets.retiolum ++
+ lib.optional (cfg.host.nets?wiregrill) cfg.host.nets.wiregrill;
+in {
+ services.openssh = {
+ enable = true;
+ };
+ tv.iptables.input-internet-accept-tcp = [ "ssh" ];
+ tv.iptables.extra.nat.OUTPUT = [
+ "-o lo -p tcp --dport 11423 -j REDIRECT --to-ports 22"
+ ];
+ tv.iptables.extra4.nat.PREROUTING =
+ map
+ (net: "-d ${net.ip4.addr} -p tcp --dport 22 -j ACCEPT")
+ (builtins.filter (net: net.ip4 != null) nets);
+ tv.iptables.extra6.nat.PREROUTING =
+ map
+ (net: "-d ${net.ip6.addr} -p tcp --dport 22 -j ACCEPT")
+ (builtins.filter (net: net.ip6 != null) nets);
+ tv.iptables.extra.nat.PREROUTING = [
+ "-p tcp --dport 22 -j REDIRECT --to-ports 0"
+ "-p tcp --dport 11423 -j REDIRECT --to-ports 22"
+ ];
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-28 00:33:48 +0000