kfm/niveum
1
0
Fork 0
mirror of https://github.com/kmein/niveum synced 2026-03-16 10:11:08 +01:00
Code Releases Activity

try-connect: use for deploy scripts

Browse Source
This commit is contained in:
Kierán Meinhardt
2025-12-29 13:17:42 +01:00
parent f70383c732
commit 6259075f40
3 changed files with 115 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
packages/niveum-ssh.nix
View File

@@ -4,63 +4,31 @@
lib,
netcat,
openssh,
try-connect,
}:
let
inherit (lib.niveum) machines;
sshableMachines = lib.filterAttrs (name: value: value ? "sshPort") machines;
systemAddresses =
system:
lib.optionals (system ? "internalIp") [ system.internalIp ]
++ lib.optionals (system ? "externalIp") [ system.externalIp ]
++ lib.optionals (system ? "retiolum") [
system.retiolum.ipv6
system.retiolum.ipv4
]
++ lib.optionals (system ? "mycelium") [ system.mycelium.ipv6 ]
++ lib.optionals (system ? "torAddress") [ system.torAddress ];
addresses = lib.listToAttrs (
map (name: {
inherit name;
value = systemAddresses (machines.${name});
}) (builtins.attrNames sshableMachines)
);
in
symlinkJoin {
name = "niveum-ssh";
paths = lib.mapAttrsToList (
hostname: _:
writers.writeBashBin "niveum-ssh-${hostname}" ''
targets=(
${lib.concatStringsSep " " (map (addr: "\"root@${addr}\"") addresses.${hostname})}
)
reachable=$(${try-connect.${hostname}}/bin/try-connect)
for target in "''${targets[@]}"; do
host="$(echo $target | cut -d'@' -f2)"
if [ -z "$reachable" ]; then
exit 1
fi
# Check if it's an onion address
if [[ "$host" == *.onion ]]; then
# For onion addresses, try connecting through Tor
if ${netcat}/bin/nc -z localhost 9050 2>/dev/null; then
echo "Trying $target via Tor..." >&2
if echo | ${netcat}/bin/nc -x localhost:9050 -w 5 "$host" ${
toString machines.${hostname}.sshPort
} 2>/dev/null; then
exec ${openssh}/bin/ssh -p ${toString machines.${hostname}.sshPort} \
-o ProxyCommand="${netcat}/bin/nc -x localhost:9050 %h %p" \
"$target" "$@"
fi
fi
else
# For regular addresses, try direct connection
echo "Trying $target..." >&2
if ${netcat}/bin/nc -z -w 2 "$host" ${toString machines.${hostname}.sshPort} 2>/dev/null; then
exec ${openssh}/bin/ssh -p ${toString machines.${hostname}.sshPort} "$target" "$@"
fi
fi
done
echo "No reachable target found for ${hostname}" >&2
exit 1
if [[ "$reachable" == *.onion ]]; then
exec ${openssh}/bin/ssh -p ${toString machines.${hostname}.sshPort} \
-o ProxyCommand="${netcat}/bin/nc -x localhost:9050 %h %p" \
"root@$reachable" "$@"
else
exec ${openssh}/bin/ssh -p ${toString machines.${hostname}.sshPort} \
"root@$reachable" "$@"
fi
''
) sshableMachines;
}

53
packages/try-connect.nix Normal file
View File

@@ -0,0 +1,53 @@
{
lib,
writers,
netcat,
}:
let
inherit (lib.niveum) machines;
sshableMachines = lib.filterAttrs (name: value: value ? "sshPort") machines;
systemAddresses =
system:
lib.optionals (system ? "internalIp") [ system.internalIp ]
++ lib.optionals (system ? "externalIp") [ system.externalIp ]
++ lib.optionals (system ? "retiolum") [
system.retiolum.ipv6
system.retiolum.ipv4
]
++ lib.optionals (system ? "mycelium") [ system.mycelium.ipv6 ]
++ lib.optionals (system ? "torAddress") [ system.torAddress ];
addresses = lib.listToAttrs (
map (name: {
inherit name;
value = systemAddresses (machines.${name});
}) (builtins.attrNames sshableMachines)
);
in
lib.mapAttrs (
name: _:
writers.writeBashBin "try-connect" ''
port=${toString machines.${name}.sshPort}
for addr in ${lib.concatStringsSep " " addresses.${name}}; do
# Check if it's an onion address
if [[ "$addr" == *.onion ]]; then
if ${netcat}/bin/nc -z localhost 9050 2>/dev/null; then
echo "Trying $addr via Tor..." >&2
if echo | ${netcat}/bin/nc -z -x localhost:9050 -w 5 "$addr" "$port" 2>/dev/null; then
echo "$addr"
exit 0
fi
fi
else
echo "Trying $addr..." >&2
if ${netcat}/bin/nc -z -w 2 "$addr" "$port" 2>/dev/null; then
echo "$addr"
exit 0
fi
fi
done
echo "No reachable address found for ${name}" >&2
exit 1
''
) sshableMachines