feat(endlessh): add an ssh tarpit to raptus

This commit is contained in:
Nydragon 2024-09-05 15:43:18 +02:00
parent 3b5f91973c
commit 5716c2eee9
Signed by: nydragon
SSH key fingerprint: SHA256:iQnIC12spf4QjWSbarmkD2No1cLMlu6TWoV7K6cYF5g

View file

@ -2,6 +2,7 @@
modulesPath, modulesPath,
lib, lib,
pkgs, pkgs,
config,
... ...
}: }:
let let
@ -39,11 +40,11 @@ in
networking.firewall = lib.mkForce { networking.firewall = lib.mkForce {
enable = true; enable = true;
allowedTCPPorts = [ allowedTCPPorts = [
22
443 443
5984 # couchdb 5984 # couchdb
3000 # forgejo 3000 # forgejo
]; 8000 # rustypaste
] ++ config.services.openssh.ports ++ [ config.services.endlessh.port ];
}; };
# User account to run remote builds # User account to run remote builds
@ -93,7 +94,15 @@ in
]; ];
}; };
services.openssh.enable = true; services.openssh = {
enable = true;
ports = [ 56528 ];
};
services.endlessh = {
enable = true;
port = 22;
};
environment.systemPackages = map lib.lowPrio [ environment.systemPackages = map lib.lowPrio [
pkgs.curl pkgs.curl