Skip to content

Instantly share code, notes, and snippets.

@unode
Created July 7, 2016 16:29
Show Gist options
  • Save unode/2e41d8d2766580612d8996aa4f2887f7 to your computer and use it in GitHub Desktop.
Save unode/2e41d8d2766580612d8996aa4f2887f7 to your computer and use it in GitHub Desktop.
nix-tunnel-daemon
#!/bin/bash
# Any error is fatal
set -e
# Server running the actual nix-daemon
REMOTE_NIXDAEMON="mega"
# Where to find the socket in the destination server
NIX_DAEMON_SOCKET="/local/nix/var/nix/daemon-socket/socket"
# socat location (currently on nix's system profile folder
SOCAT="/usr/bin/socat"
# Prevent socat breakage caused by LD_LIBRARY_PATH
unset LD_LIBRARY_PATH
# Get the tunnel directory from the symlink and create it if it doesn't exist
TUNNELDIR="$(readlink $(dirname $NIX_DAEMON_SOCKET))"
# Create the tunnel directory if it doesn't exist
if ! [ -d "$TUNNELDIR" ]; then
mkdir "$TUNNELDIR"
# Make it accessible for nix group only
chgrp nix "$TUNNELDIR"
chmod 0770 "$TUNNELDIR"
else
echo "WARNING: $TUNNELDIR exists. Assuming permissions are correct."
fi
if [ -S "$NIX_DAEMON_SOCKET" ]; then
echo "WARNING: socket file $NIX_DAEMON_SOCKET already exists."
echo "Is nix-daemon or another nix-tunnel-daemon already running on this machine?"
exit 1
fi
echo
echo "NOTE: A connection is only made when certain nix commands are issued."
echo "If you don't have ssh-keys setup with '${REMOTE_NIXDAEMON}'"
echo "a password will be prompted every time an ssh connection is made."
echo "Use ssh-agent/keychain if you don't want to use passwordless keys."
echo
echo "Setup complete. Setting up a local listening socket"
echo "Press Ctrl+C to terminate"
# Create an ssh tunnel and pipe the socket through using 'socat'
$SOCAT "UNIX-LISTEN:${NIX_DAEMON_SOCKET},reuseaddr,fork" \
EXEC:"ssh $REMOTE_NIXDAEMON LD_LIBRARY_PATH= $SOCAT STDIO UNIX-CONNECT\:${NIX_DAEMON_SOCKET}"
# And we are done
exit 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment