From 9c920b2cdfc22e16a0eb3d98385e5709b25cfce7 Mon Sep 17 00:00:00 2001 From: imxyy_soope_ Date: Mon, 24 Nov 2025 18:04:11 +0800 Subject: [PATCH] feat(server): sshwifty --- config/hosts/imxyy-nix-server/sshwifty.nix | 49 ++++++++++++++++++++++ secrets/sshwifty.txt | 22 ++++++++++ 2 files changed, 71 insertions(+) create mode 100644 config/hosts/imxyy-nix-server/sshwifty.nix create mode 100644 secrets/sshwifty.txt diff --git a/config/hosts/imxyy-nix-server/sshwifty.nix b/config/hosts/imxyy-nix-server/sshwifty.nix new file mode 100644 index 0000000..3dddc14 --- /dev/null +++ b/config/hosts/imxyy-nix-server/sshwifty.nix @@ -0,0 +1,49 @@ +{ config, secrets, ... }: +{ + sops.secrets.sshwifty = { + sopsFile = secrets.sshwifty; + format = "binary"; + }; + services.sshwifty = { + enable = true; + sharedKeyFile = config.sops.secrets.sshwifty.path; + settings = { + Servers = [ + { + ListenInterface = "0.0.0.0"; + ListenPort = 8101; + InitialTimeout = 10; + ReadTimeout = 120; + WriteTimeout = 120; + HeartbeatTimeout = 10; + ReadDelay = 10; + WriteDelay = 10; + TLSCertificateFile = ""; + TLSCertificateKeyFile = ""; + ServerMessage = ""; + } + ]; + }; + }; + services.caddy.virtualHosts."ssh.imxyy.top" = { + extraConfig = '' + reverse_proxy :8101 + ''; + }; + services.frp.settings.proxies = [ + { + name = "sshwifty-http"; + type = "http"; + localIP = "127.0.0.1"; + localPort = 80; + customDomains = [ "ssh.imxyy.top" ]; + } + { + name = "sshwifty-https"; + type = "https"; + localIP = "127.0.0.1"; + localPort = 443; + customDomains = [ "ssh.imxyy.top" ]; + } + ]; +} diff --git a/secrets/sshwifty.txt b/secrets/sshwifty.txt new file mode 100644 index 0000000..9bd39cf --- /dev/null +++ b/secrets/sshwifty.txt @@ -0,0 +1,22 @@ +{ + "data": "ENC[AES256_GCM,data:nxuiih6ghE+OVOLNu5HTXSuWwLw=,iv:bNsg5zoNOSGzRQe2GiwI9K9YRc4GP+E+CC9ZyNIUhEg=,tag:JlKjHyMny2v5hrJUFuCQ8A==,type:str]", + "sops": { + "age": [ + { + "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDltTWRrUSBwREMw\nSXJidDlEY25hNndPRzBxRDlxbnlCK0o0SzNqMVAzOEFOcFdUYmhVCkUrTWkvdnpP\nMmNzbUlrS0lRakdleFA2NktXcGduNzFIWTEvMGwyelgyY1UKLS0tIER0SVZLdzJB\nNldyeUJCRXZWSTQyV2FlRGJyUXU3QWV1K2Rmd2o4RmZWTlUKAkUuoHvYwRobIW7x\nq0ockXuBB9z/M+GK1OAM1HTzRn6HHjfPQB5mVUtSTRh23AN6jChy2rlPtXtB3BuP\ndFLlTw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB28jpN+h5euh3NtdN+A+EtqgIatC22e4i1TPTioKire", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJNY1d1ZyBYNDZr\nbmpqOWhMNkhNRzg4SGFIOUx6dndQbzRJUnJVMTZheUtFSzVDN1FnCmgzUmFaNWhJ\nckdXbnhzc0lET0RNNldwQmtnU0lYK0crT1kwT1ZPVG83Y1kKLS0tIFhjMjdNZlAw\naENYM0FyT0F5YXE5QjJxMGcveklmRFVkejhxcUUvWkpjZzAKCUYyxM7NnVkG0ime\nTr60eDQdBkUbLbuo60fhKoLYqYX59OPfqSMFc6hsR95qrIlmS42FJs27jEW/Zbwi\nB3GMqQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMb5G/ieEYBOng66YeyttBQLThyM6W//z2POsNyq4Rw/", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFhGYmtrZyA3a0JU\nTDZvMkI3WGtSaGFXWTM2NjlCUXJHVGozOVp2TDlFc1VYMzEza2pFCjBhMDJaV3BW\ndkdDL24xeU1iaGdPdkJmVFVjTE96SEZ3Rzd3NjVqMnFra0kKLS0tIGp1d0hsZWl4\nYjVTL0NsOFR0Tks5d0x1cnRzYldzMVZSVVo4dG9OY0FkTTAKAfPBnncY4xZz06Mv\nCoeb/I1DF7hbEWMDPE1V/x/X45lJfkGjXqG8gPyjqIKs02z60tSGcHnN7v5hDEx/\nJff5nA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-12-16T10:07:19Z", + "mac": "ENC[AES256_GCM,data:GS572DQ6kh1all0IB6nCkGSq59pJF9y2zakx2tTGFmFsrfA2UMyMlQBK0EWHhPnJ+eFmAuaqMEhrCQnMvAiPfNhcXXya6vbkXxUKRp/S++MIGNHvV9gnFnPJXpODwtnaEUPyFpC9Y6841IRzS5VgPCHmsX5Fq77JdGEMYZs24WA=,iv:9Hf58VvXZtoDYDjapOUBuHM/iQdiOj81VBRZcBFDYBk=,tag:LK7nM0BSP6IW9/20Qksbcw==,type:str]", + "version": "3.11.0" + } +}