nixbld: SSH reverse proxy setup

nixbld-etc-nixos/configuration.nix

@@ -88,7 +88,7 @@ in
     hostName = "nixbld";
     hostId = "e423f012";
     firewall = {
-      allowedTCPPorts = [ 53 80 443 7402 ];
+      allowedTCPPorts = [ 53 80 443 7402 3939 3940 ];
       allowedUDPPorts = [ 53 67 ];
       trustedInterfaces = [ netifLan ];
     };
@@ -301,6 +301,7 @@ in
   services.openssh.enable = true;
   services.openssh.forwardX11 = true;
   services.openssh.passwordAuthentication = false;
+  services.openssh.gatewayPorts = "clientspecified";
   programs.mosh.enable = true;
 
   programs.fish.enable = true;