So tilde.town's IRC is not directly accessible from the open internet. You can run weechat from inside, but I like having a single IRC client with all my networks. There's a guide to using an SSH tunnel to connect from a local client by ~nick, although it kind of assumes you are using a mac.
My IRC client is ZNC, a bouncer, and it runs on my server. So the plan would be to have my server open a tunnel to tilde.town so that ZNC can connect to localhost and find the irc server.
And to have this kind of persistent thing, we'd like a service. Fortunately, most of the work is already done for us in this gist.
Since my key is not password-protected and I wouldn't be around to unlock it anyway, I skipped the agent step. And I made the service global in /etc/systemd/system/ssh-tunnel@.service. instead of local to my user.
[Unit]
Description=SSH tunnel to %i
Documentation=man:ssh(1)
After=network.target
[Service]
Type=simple
User=jaume
Environment="LOCAL_ADDR=127.0.0.1"
Environment="REMOTE_HOST=127.0.0.1"
EnvironmentFile=MY_ACTUAL_HOME_GOES_HERE/.ssh/tunnels/%i
ExecStart=/usr/bin/ssh -NT ${TARGET} \
-o ExitOnForwardFailure=yes -o ServerAliveInterval=60 \
-L ${LOCAL_ADDR}:${LOCAL_PORT}:${REMOTE_HOST}:${REMOTE_PORT} ${SSH_OPTS}
RestartSec=10
Restart=on-success
RestartForceExitStatus=255
[Install]
WantedBy=multi-user.target
And then in ~/.ssh/tunnels/town:
TARGET=cosarara@tilde.town LOCAL_PORT=6605 REMOTE_PORT=6667
Then I only have to `systemctl enable --now ssh-tunnel@town` and then tell znc to connect to localhost:6605.