forked from rarias/bscpkgs
Rodrigo Arias Mallo
28db7799ea
Access internal hosts via apex proxy. From the compute nodes we first open an SSH connection to apex, and then tunnel it through the HTTP proxy with netcat. This way we allow reaching internal GitLab repositories without requiring the user to have credentials in the remote host, while we can use multiple remotes to provide redundancy. Reviewed-by: Aleix Boné <abonerib@bsc.es>
17 lines
502 B
Nix
17 lines
502 B
Nix
{
|
|
# Use SSH tunnel to apex to reach internal hosts
|
|
programs.ssh.extraConfig = ''
|
|
Host tent
|
|
ProxyJump raccoon
|
|
|
|
# Access raccoon via the HTTP proxy
|
|
Host raccoon knights3.bsc.es
|
|
HostName knights3.bsc.es
|
|
ProxyCommand=ssh apex 'nc -X connect -x localhost:23080 %h %p'
|
|
|
|
# Make sure we can reach gitlab even if we don't have SSH access to raccoon
|
|
Host bscpm04.bsc.es gitlab-internal.bsc.es
|
|
ProxyCommand=ssh apex 'nc -X connect -x localhost:23080 %h %p'
|
|
'';
|
|
}
|