Add sshwifty service

acmcsufoss · May 3, 2024 · e29f68e · e29f68e
1 parent 9825e23
commit e29f68e
Show file tree

Hide file tree

Showing 6 changed files with 95 additions and 0 deletions.
diff --git a/packages/default.nix b/packages/default.nix
@@ -2,6 +2,7 @@
 
 rec {
 	jre_small = pkgs.callPackage ./jre-small {};
+	sshwifty = pkgs.callPackage ./sshwifty {};
 	quizler = pkgs.callPackage ./quizler {};
 
 	# Go

diff --git a/packages/imports.nix b/packages/imports.nix
@@ -6,6 +6,7 @@ in {
 	imports = [
 		./caddy/caddy.nix
 		./sysmet/sysmet.nix
+		./sshwifty/service.nix
 		./dischord/service.nix
 		./christmasd/service.nix
 	];

diff --git a/packages/sshwifty/default.nix b/packages/sshwifty/default.nix
@@ -0,0 +1,23 @@
+{ pkgs }:
+
+let
+	version = "0.3.9-beta-release-prebuild";
+	url = "https://github.com/nirui/sshwifty/releases/download/0.3.9-beta-release-prebuild/sshwifty_0.3.9-beta-release_linux_amd64.tar.gz";
+	src = pkgs.fetchzip {
+		inherit url;
+		sha256 = "sha256-M7SX3nec9LVlII0iPb3udkUY/ESh6EZaW2U2fjhZAiE=";
+		stripRoot = false;
+	};
+in
+
+pkgs.runCommandLocal "sshwifty" {
+	nativeBuildInputs = with pkgs; [
+		autoPatchelfHook
+	];
+	meta = {
+		mainProgram = "sshwifty";
+	};
+} ''
+	mkdir -p $out/bin
+	ln -s ${src}/sshwifty_linux_amd64 $out/bin/sshwifty
+''
diff --git a/packages/sshwifty/service.nix b/packages/sshwifty/service.nix
@@ -0,0 +1,47 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+with builtins;
+
+let
+	self = config.services.sshwifty;
+in
+
+{
+	options.services.sshwifty = {
+		enable = mkEnableOption "sshwifty server";
+
+		config = mkOption {
+			type = types.attrs;
+			description = ''
+				Verbatim JSON configuration for sshwifty
+				See https://github.com/nirui/sshwifty?tab=readme-ov-file#configuration-file-option-and-descriptions.
+			'';
+		};
+
+		package = mkOption {
+			type = types.package;
+			default = pkgs.sshwifty;
+			description = "The sshwifty package to use.";
+		};
+	};
+
+	config = mkIf self.enable {
+		systemd.services.sshwifty = {
+			description = "sshwifty server";
+			wantedBy = [ "multi-user.target" ];
+			after = [ "network.target" ];
+			environment = {
+				SSHWIFTY_CONFIG = pkgs.writeText "sshwifty.json" self.config;
+			};
+			serviceConfig = {
+				ExecStart = "${lib.getExe self.package}";
+				DynamicUser = true;
+				ProtectSystem = "strict";
+				ProtectHome = true;
+				PrivateTmp = true;
+				PrivateDevices = true;
+			};
+		};
+	};
+}
diff --git a/servers/cs306/caddy/Caddyfile b/servers/cs306/caddy/Caddyfile
@@ -80,3 +80,7 @@ isos.acmcsuf.com {
 	@files not path / */
 	header @files Cache-Control "public, max-age=31536000, immutable"
 }
+
+ssh.acmcsuf.com {
+	reverse_proxy * localhost:38274
+}
diff --git a/servers/cs306/services.nix b/servers/cs306/services.nix
@@ -131,4 +131,23 @@ in
 		enable = true;
 		config = builtins.readFile <acm-aws/secrets/dischord-config.toml>;
 	};
+
+	services.sshwifty = {
+		enable = true;
+		config = {
+			Servers = [
+				{
+					ListenInterface = "127.0.0.1";
+					ListenPort = 38274;
+				}
+			];
+			Presets = [
+				# {
+				# 	Title = "GitHub";
+				# 	Type = "SSH";
+				# }
+			];
+			OnlyAllowPresetRemotes = true;
+		};
+	};
 }
-Original file line number
+Diff line change
@@ Expand Up / @@ -2,6 +2,7 @@ @@
     rec {
     	jre_small = pkgs.callPackage ./jre-small {};
+    	sshwifty = pkgs.callPackage ./sshwifty {};
     	quizler = pkgs.callPackage ./quizler {};
     	# Go
@@ Expand Down @@