From 803b8eb29b64931907d5c82446be41b6ecdae2c0 Mon Sep 17 00:00:00 2001
From: Kat Inskip <kat@inskip.me>
Date: Wed, 9 Oct 2024 13:57:22 -0400
Subject: [PATCH] feat: mosh

---
 nixos/common/ssh.nix                          |  2 ++
 systems/daiyousei.nix                         |  1 +
 .../default_security_list.tf                  | 19 +++++++++++++++++++
 3 files changed, 22 insertions(+)

diff --git a/nixos/common/ssh.nix b/nixos/common/ssh.nix
index 01d7ed37..8fe01650 100644
--- a/nixos/common/ssh.nix
+++ b/nixos/common/ssh.nix
@@ -11,6 +11,8 @@ in {
     allowedTCPPorts = [(list.unsafeHead config.services.openssh.ports)];
   };
 
+  programs.mosh.enable = true;
+
   services.openssh = {
     enable = true;
     settings = {
diff --git a/systems/daiyousei.nix b/systems/daiyousei.nix
index 1634b50c..c6781f39 100644
--- a/systems/daiyousei.nix
+++ b/systems/daiyousei.nix
@@ -21,6 +21,7 @@ _: let
   };
 in {
   arch = "aarch64";
+  deploy.hostname = "daiyousei.inskip.me";
   type = "NixOS";
   modules = [
     hostConfig
diff --git a/tf/oci_common_private_network/default_security_list.tf b/tf/oci_common_private_network/default_security_list.tf
index 1a6ad68a..4fae42b8 100644
--- a/tf/oci_common_private_network/default_security_list.tf
+++ b/tf/oci_common_private_network/default_security_list.tf
@@ -1,6 +1,25 @@
 resource "oci_core_default_security_list" "this" {
   manage_default_resource_id = local.vcn.default_security_list_id
 
+  dynamic "ingress_security_rules" {
+    for_each = [
+      { from = 60000
+        to = 61000 }
+    ]
+    iterator = port
+    content {
+      protocol = local.protocol_number.udp
+      source = "0.0.0.0/0"
+
+      description = "Mosh traffic from any origin"
+
+      udp_options {
+        max = port.to
+        min = port.from
+      }
+    }
+  }
+
   dynamic "ingress_security_rules" {
     for_each = [22, 80, 443]
     iterator = port