From ac022776e7f211c68ac1e3f06d905fbe37458a80 Mon Sep 17 00:00:00 2001
From: Sebastien Bourdeauducq <sb@m-labs.hk>
Date: Sat, 17 Sep 2022 19:13:54 +0800
Subject: [PATCH] nixbld: SSH reverse proxy setup

---
 nixbld-etc-nixos/configuration.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/nixbld-etc-nixos/configuration.nix b/nixbld-etc-nixos/configuration.nix
index cd88452..dcd1902 100644
--- a/nixbld-etc-nixos/configuration.nix
+++ b/nixbld-etc-nixos/configuration.nix
@@ -88,7 +88,7 @@ in
     hostName = "nixbld";
     hostId = "e423f012";
     firewall = {
-      allowedTCPPorts = [ 53 80 443 7402 ];
+      allowedTCPPorts = [ 53 80 443 7402 3939 3940 ];
       allowedUDPPorts = [ 53 67 ];
       trustedInterfaces = [ netifLan ];
     };
@@ -301,6 +301,7 @@ in
   services.openssh.enable = true;
   services.openssh.forwardX11 = true;
   services.openssh.passwordAuthentication = false;
+  services.openssh.gatewayPorts = "clientspecified";
   programs.mosh.enable = true;
 
   programs.fish.enable = true;