feat(server): sshwifty

2025-11-24 18:04:11 +08:00
parent 7b705fad80
commit 9c920b2cdf
2 changed files with 71 additions and 0 deletions
--- a/config/hosts/imxyy-nix-server/sshwifty.nix
+++ b/config/hosts/imxyy-nix-server/sshwifty.nix
@@ -0,0 +1,49 @@
+{ config, secrets, ... }:
+{
+  sops.secrets.sshwifty = {
+    sopsFile = secrets.sshwifty;
+    format = "binary";
+  };
+  services.sshwifty = {
+    enable = true;
+    sharedKeyFile = config.sops.secrets.sshwifty.path;
+    settings = {
+      Servers = [
+        {
+          ListenInterface = "0.0.0.0";
+          ListenPort = 8101;
+          InitialTimeout = 10;
+          ReadTimeout = 120;
+          WriteTimeout = 120;
+          HeartbeatTimeout = 10;
+          ReadDelay = 10;
+          WriteDelay = 10;
+          TLSCertificateFile = "";
+          TLSCertificateKeyFile = "";
+          ServerMessage = "";
+        }
+      ];
+    };
+  };
+  services.caddy.virtualHosts."ssh.imxyy.top" = {
+    extraConfig = ''
+      reverse_proxy :8101
+    '';
+  };
+  services.frp.settings.proxies = [
+    {
+      name = "sshwifty-http";
+      type = "http";
+      localIP = "127.0.0.1";
+      localPort = 80;
+      customDomains = [ "ssh.imxyy.top" ];
+    }
+    {
+      name = "sshwifty-https";
+      type = "https";
+      localIP = "127.0.0.1";
+      localPort = 443;
+      customDomains = [ "ssh.imxyy.top" ];
+    }
+  ];
+}
--- a/secrets/sshwifty.txt
+++ b/secrets/sshwifty.txt
@@ -0,0 +1,22 @@
+{
+	"data": "ENC[AES256_GCM,data:nxuiih6ghE+OVOLNu5HTXSuWwLw=,iv:bNsg5zoNOSGzRQe2GiwI9K9YRc4GP+E+CC9ZyNIUhEg=,tag:JlKjHyMny2v5hrJUFuCQ8A==,type:str]",
+	"sops": {
+		"age": [
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDltTWRrUSBwREMw\nSXJidDlEY25hNndPRzBxRDlxbnlCK0o0SzNqMVAzOEFOcFdUYmhVCkUrTWkvdnpP\nMmNzbUlrS0lRakdleFA2NktXcGduNzFIWTEvMGwyelgyY1UKLS0tIER0SVZLdzJB\nNldyeUJCRXZWSTQyV2FlRGJyUXU3QWV1K2Rmd2o4RmZWTlUKAkUuoHvYwRobIW7x\nq0ockXuBB9z/M+GK1OAM1HTzRn6HHjfPQB5mVUtSTRh23AN6jChy2rlPtXtB3BuP\ndFLlTw==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB28jpN+h5euh3NtdN+A+EtqgIatC22e4i1TPTioKire",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJNY1d1ZyBYNDZr\nbmpqOWhMNkhNRzg4SGFIOUx6dndQbzRJUnJVMTZheUtFSzVDN1FnCmgzUmFaNWhJ\nckdXbnhzc0lET0RNNldwQmtnU0lYK0crT1kwT1ZPVG83Y1kKLS0tIFhjMjdNZlAw\naENYM0FyT0F5YXE5QjJxMGcveklmRFVkejhxcUUvWkpjZzAKCUYyxM7NnVkG0ime\nTr60eDQdBkUbLbuo60fhKoLYqYX59OPfqSMFc6hsR95qrIlmS42FJs27jEW/Zbwi\nB3GMqQ==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMb5G/ieEYBOng66YeyttBQLThyM6W//z2POsNyq4Rw/",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFhGYmtrZyA3a0JU\nTDZvMkI3WGtSaGFXWTM2NjlCUXJHVGozOVp2TDlFc1VYMzEza2pFCjBhMDJaV3BW\ndkdDL24xeU1iaGdPdkJmVFVjTE96SEZ3Rzd3NjVqMnFra0kKLS0tIGp1d0hsZWl4\nYjVTL0NsOFR0Tks5d0x1cnRzYldzMVZSVVo4dG9OY0FkTTAKAfPBnncY4xZz06Mv\nCoeb/I1DF7hbEWMDPE1V/x/X45lJfkGjXqG8gPyjqIKs02z60tSGcHnN7v5hDEx/\nJff5nA==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2025-12-16T10:07:19Z",
+		"mac": "ENC[AES256_GCM,data:GS572DQ6kh1all0IB6nCkGSq59pJF9y2zakx2tTGFmFsrfA2UMyMlQBK0EWHhPnJ+eFmAuaqMEhrCQnMvAiPfNhcXXya6vbkXxUKRp/S++MIGNHvV9gnFnPJXpODwtnaEUPyFpC9Y6841IRzS5VgPCHmsX5Fq77JdGEMYZs24WA=,iv:9Hf58VvXZtoDYDjapOUBuHM/iQdiOj81VBRZcBFDYBk=,tag:LK7nM0BSP6IW9/20Qksbcw==,type:str]",
+		"version": "3.11.0"
+	}
+}