Infinidoge/universe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

create ssh-tunnel service module

Browse source
This commit is contained in:
Infinidoge 2021-10-20 10:03:03 -04:00
parent 63a7583343
commit 1766d24d38
1 changed files with 71 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

71
modules/ssh-tunnel.nix Normal file
View file

@ -0,0 +1,71 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.ssh-tunnel;
in
{
options.services.ssh-tunnel = {
enable = mkEnableOption "SSH tunneling service";
server = mkOption {
type = with types; uniq string;
default = null;
description = "The SSH server to connect for port forwarding";
};
requiredBy = mkOption {
type = types.list;
default = [ ];
description = "List of systemd services that require the SSH tunnels";
};
forwards = mkOption {
type = types.submodule {
options = {
dynamic = mkOption {
type = types.list;
default = [ ];
description = "List of dynamic ports to open through the ssh tunnel. See ssh(1) for ``-D``";
};
local = mkOption {
type = types.list;
default = [ ];
description = "List of local ports to open throgh the ssh tunnel. See ssh(1) for ``-L``";
};
remote = mkOption {
type = types.list;
default = [ ];
description = "List of remote ports to open throgh the ssh tunnel. See ssh(1) for ``-R``";
};
};
};
};
};
config.systemd.services.ssh-tunnel = mkIf cf.enable (
let
mkParams = flag: concatMapStringsSep " " (x: "${flag} x");
dynamic = mkParams "-D" cfg.forwards.dynamic;
local = mkParams "-L" cfg.forwards.local;
remote = mkParams "-R" cfg.forwards.remote;
options = mkParams "-o" (mapAttrsToList (n: v: "${n}=${v}") {
ServerAliveInterval = 60;
ExitOnForwardFailure = "yes";
KbdInteractiveAuthentication = "no";
});
in
{
script = ''
${pkgs.openssh}/bin/ssh ${cfg.server} -NTn \
${options} ${dynamic} ${local} ${remote}
'';
requiredBy = cfg.requiredBy;
serviceConfig = {
RestartSec = 5;
Restart = "always";
};
}
);
}