use nonstandard ssh port

2026-02-16 16:37:55 +10:00 · 2026-02-16 16:37:55 +10:00 · 31e7614d0d
commit 31e7614d0d
parent 5dded316af
2 changed files with 31 additions and 8 deletions
--- a/groups/server/default.nix
+++ b/groups/server/default.nix
@ -1,8 +1,15 @@
-{lib, ...}: {
-  networking.firewall = {
-    allowedTCPPorts = [
-      42069 # ssh
-    ];
+{
+  pkgs,
+  lib,
+  ...
+}: {
+  networking = {
+    firewall = {
+      allowedTCPPorts = [
+        42069 # ssh
+      ];
+    };
+    nftables.enable = true;
  };

  security = {
@ -68,4 +75,8 @@
      };
    };
  };
+
+  environment.systemPackages = with pkgs; [
+    unixtools.netstat
+  ];
 }
--- a/hosts/butterfly/default.nix
+++ b/hosts/butterfly/default.nix
@ -16,16 +16,16 @@

    firewall = {
      allowedTCPPorts = [
+        22 # forgejo ssh
        80 # nginx
        # 143 # IMAP4
        443 # nginx
        # 587 # SMTPS
-        2222 # forgejo ssh
-        2035 # debug (for my job)
+        2222 # TEMP: forgejo ssh
        # 3000 (INTERNAL) forgejo
        # 3306 (INTERNAL) forgejo sqlite3 database
-        5000 # debug (for my job)
        # 8222 (INTERNAL) vaultwarden
+        42069 # ssh
        45000 # minecaft server
      ];
      allowedUDPPorts = [
@ -57,6 +57,18 @@
    # };
  };

+  services.pixiecore = {
+    enable = false;
+
+    port = 1234;
+    statusPort = 1234;
+    openFirewall = true;
+    listen = "0.0.0.0";
+
+    quick = "xyz";
+    mode = "boot";
+  };
+
  users.users.cry = {
    openssh.authorizedKeys.keys = [
      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsUZY45rgezi+8iROdcR5vPeacJ2fbMjlDijfUrH9hRX2FzCsg/4e3aFKhi2seZMmyTfbstxmDrrH8paUS5TibFgLFBGNngaF3CTjg85i5pm25Hr4IVo31oziBnTWaG6j3buYKtz5e1qSPzXywinJR+5+FCUJU7Fxa+EWTZcOX4wYgArSj4q73rZmvk5N0X44Mudt4nvpD2chvxygsdTzD6ph92qCuaJ/AbfmOoC7b/xvOaOVydUfgDLpHi9VZbd3akvvKxRfW6ZklldgXEzPXKMuastN0mwcBxvIb5G1Vkj8jtSVtKPc5psZ9/NWA5l38xH4qZ6z7eib6thtEMdtcKmTZEEWDADjqTea5Gj61c1n18cr6f3Tff+0bn/cxsl4Y0esi+aDeuCXYiIYNmeKBx0ttDNIxpk4J5Fdh6Xs+AZif5lnJErtu8TPy2aC0bc9wehTjMyvilTHfyerOD1ZJXhN2XwRVDGN7t7leAJZISJlPjqTDcw3Vfvzte/5JqS+FR+hbpG4uz2ix8kUa20u5YF2oSdGl8+zsdozVsdQm10Iv9WSXBV7t4m+oyodgtfzydBpmXq7aBXudCiEKw+7TC7F+1a4YFrVrCNXKFgKUpd1MiVLl7DIbzm5U9MD2BB3Fy7BPCzr3tW6/ExOhhpBWY+HnzVGQfkNr7dRcqfipKw== ae@dobutterfliescry.net"