sshl

2026-03-23 16:29:42 -04:00 · 2026-03-13 17:43:08 -04:00 · 2026-03-13 17:43:08 -04:00 · 0a90e2f7b2
commit 0a90e2f7b2
parent 851a198428
2 changed files with 21 additions and 2 deletions
--- a/src/system/modules/nginx/default.nix
+++ b/src/system/modules/nginx/default.nix
@ -54,9 +54,20 @@ in
      };
    };

+    services.sslh = {
+      enable = true;
+      settings = {
+        listen = [{ host = "0.0.0.0"; port = 443; }];
+        protocols = [
+          { name = "ssh"; host = "127.0.0.1"; port = 22; probe = "builtin"; }
+          { name = "tls"; host = "127.0.0.1"; port = 4443; probe = "builtin"; }
+        ];
+      };
+    };
+
    services.nginx = {
      enable = true;
-      virtualHosts = 
+      virtualHosts =
      let
        certPath = config.security.acme.certs."ramos.codes".directory;
        sslCertificate = "${certPath}/fullchain.pem";
@ -64,6 +75,10 @@ in

        withSSL = hosts: mapAttrs (name: hostConfig: hostConfig // {
          inherit sslCertificate sslCertificateKey;
+          listen = [
+            { addr = "127.0.0.1"; port = 4443; ssl = true; }
+            { addr = "0.0.0.0"; port = 80; }
+          ];
          forceSSL = true;
        }) hosts;