From 829630944f20ff0b7e0d9c57fd2fdad0c3c2aff1 Mon Sep 17 00:00:00 2001
From: xunuwu <xunuwu@gmail.com>
Date: Wed, 8 Oct 2025 10:39:11 +0200
Subject: [PATCH] ssh nixdesk on public port 2050 prob doesnt work

---
 hosts/nixdesk/default.nix                       |  1 +
 hosts/nixdesk/profiles/ssh-public-port-2050.nix | 17 +++++++++++++++++
 2 files changed, 18 insertions(+)
 create mode 100644 hosts/nixdesk/profiles/ssh-public-port-2050.nix

diff --git a/hosts/nixdesk/default.nix b/hosts/nixdesk/default.nix
index 47cd643..b992736 100644
--- a/hosts/nixdesk/default.nix
+++ b/hosts/nixdesk/default.nix
@@ -14,6 +14,7 @@
       ./profiles/wireguard.nix
       ./profiles/restic-server.nix
       ./profiles/autologin.nix
+      ./profiles/ssh-public-port-2050.nix
 
       inputs.impermanence.nixosModules.impermanence
       inputs.stylix.nixosModules.stylix
diff --git a/hosts/nixdesk/profiles/ssh-public-port-2050.nix b/hosts/nixdesk/profiles/ssh-public-port-2050.nix
new file mode 100644
index 0000000..3fa53fc
--- /dev/null
+++ b/hosts/nixdesk/profiles/ssh-public-port-2050.nix
@@ -0,0 +1,17 @@
+{pkgs, ...}: {
+  # services.openssh.ports = [22 2050];
+  systemd.services.port2050-natpmp = {
+    bindsTo = ["sshd"]; # might not work
+    confinement = {
+      enable = true;
+      mode = "chroot-only";
+    };
+    serviceConfig.ExecStart = ''
+      while true
+      do
+        ${pkgs.libnatpmp}/bin/natpmpc -a 2050 22 tcp 60
+        sleep 30
+      done
+    '';
+  };
+}