~

jenkins-master.nix

@@ -20,21 +20,6 @@ with lib;
                ];
   };
 
-  services.openssh =
-  {
-    knownHosts =
-    [
-      {
-        hostNames = [ "github.com" ];
-        publicKeyFile = ./github.com.pub;
-      }
-      {
-        hostNames = [ "50.18.248.193" "private" ];
-        publicKeyFile = ./private.pub;
-      }
-    ];
-  };
-
   systemd.services.private-jenkins-notification =
   {
     description = "Notifications From Private To Jenkins On Commit";
@@ -58,14 +43,30 @@ with lib;
     };
   };
 
-  networking =
+  systemd.services.private-reverse-tunnel =
   {
-    extraHosts = ''
-      50.18.248.193 private
-      50.18.248.193 data
-      50.18.248.193 blog
+    description = "Private Reverse Tunnel";
+    wantedBy = ["multi-user.target"];
+    wants = ["network-online.target"];
+    path = [ pkgs.openssh pkgs.gawk pkgs.iproute ];
+    script = ''
+      while [ -z "$(ip addr show enp1s0 | grep inet | awk '{print $2}' | head -1)" ]
+      do
+        sleep 5
+      done
+
+      ssh -NTC -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes \
+          -R 2222:localhost:22 private
     '';
+    serviceConfig = {
+      User = "jenkins";
+      Restart = "always";
+      RestartSec = 3;
+    };
+  };
 
+  networking =
+  {
     firewall.allowedTCPPorts = [ 8080 53251 ];
   };
 }

networks/home.nix

@@ -8,6 +8,25 @@
       192.168.1.4 ufo
       192.168.1.5 thrash
       192.168.1.6 alter
+
+      50.18.248.193 private
+      50.18.248.193 data
+      50.18.248.193 blog
     '';
   };
+
+  services.openssh =
+  {
+    knownHosts =
+    [
+      {
+        hostNames = [ "github.com" ];
+        publicKeyFile = ./github.com.pub;
+      }
+      {
+        hostNames = [ "50.18.248.193" "private" ];
+        publicKeyFile = ./private.pub;
+      }
+    ];
+  };
 }