cry/flake
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update hosts (+ update sshPort)

Browse source
This commit is contained in:
do butterflies cry? 2026-02-16 09:35:29 +10:00
parent f34c8de388
commit a9cd860396
3 changed files with 41 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

22
groups/server/default.nix
View file

@ -1,7 +1,7 @@
{lib, ...}: { {lib, ...}: {
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ allowedTCPPorts = [
22 42069 # ssh
]; ];
}; };
@ -9,7 +9,7 @@
# accept Lets Encrypt's security policy # accept Lets Encrypt's security policy
acme = { acme = {
acceptTerms = true; acceptTerms = true;
defaults.email = "them@dobutterfliescry.net"; defaults.email = "eclarkboman@gmail.com";
}; };
sudo = { sudo = {
@ -26,7 +26,7 @@
services = { services = {
openssh = { openssh = {
enable = true; enable = true;
ports = [22]; ports = [42069];
settings = { settings = {
PasswordAuthentication = false; PasswordAuthentication = false;
PermitRootLogin = "no"; PermitRootLogin = "no";
@ -37,6 +37,22 @@
}; };
}; };
# simple fail2ban config (not production ready or anything though)
# refer to: https://nixos.wiki/wiki/Fail2Ban
services.fail2ban = {
enable = true;
maxretry = 5;
bantime = "10m"; # 10 minute ban
bantime-increment = {
enable = true;
formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";
# multipliers = "1 2 4 8 16 32 64";
maxtime = "168h"; # dont ban for more than 1 week
overalljails = true;
};
};
users = { users = {
users = { users = {
# primary user # primary user

38
homes/me/default.nix
View file

@ -106,42 +106,30 @@
}; };
# set ssh profiles # set ssh profiles
# NOTE: (IMPORTANT) this DOES NOT start the ssh-agent # WARNING: this DOES NOT start the ssh-agent
# for that you need to use `services.ssh-agent.enable` # WARNING: for that you need to use `services.ssh-agent.enable`
ssh = { ssh = {
enable = true; enable = true;
forwardAgent = false; forwardAgent = false;
addKeysToAgent = "no"; addKeysToAgent = "yes";
matchBlocks = { matchBlocks = {
hyrule = { butterfly = {
hostname = "imbored.dev"; hostname = "dobutterfliescry.net";
user = "ae"; user = "cry";
port = 22; port = 42069;
identityFile = "~/.ssh/id_hyrule"; identityFile = "~/.ssh/id_butterfly";
setEnv = { setEnv = {
TERM = "linux"; TERM = "linux";
}; };
}; };
clocktown = { clocktown = {
hostname = "clocktown.dobutterfliescry.net"; hostname = "hyrule.dobutterfliescry.net";
user = "root"; user = "cry";
port = 22; port = 42069;
identityFile = "~/.ssh/id_clocktown"; identityFile = "~/.ssh/id_hyrule";
};
subspace = {
hostname = "imbored.dev";
user = "subspace";
port = 22;
identityFile = "~/.ssh/id_subspace";
};
dead = {
hostname = "deadlyserver.com";
user = "emile";
port = 29843;
identityFile = "~/.ssh/id_deadlyserver";
setEnv = { setEnv = {
TERM = "xterm-256color"; TERM = "linux";
}; };
}; };
youcue = { youcue = {

15
snow.nix
View file

@ -13,10 +13,6 @@ cerulean.mkNexus ./. (self: {
server = {}; server = {};
}; };
extraModules = with inputs; [
home-manager.nixosModules.default
];
nodes = let nodes = let
inherit inherit
(self.nexus) (self.nexus)
@ -47,14 +43,21 @@ cerulean.mkNexus ./. (self: {
butterfly = { butterfly = {
system = "x86_64-linux"; system = "x86_64-linux";
groups = [groups.server]; groups = [groups.server];
deploy.ssh.host = "dobutterfliescry.net"; deploy.ssh = {
host = "dobutterfliescry.net";
user = "cry";
port = 42069;
};
}; };
# pls dont sue me im broke # pls dont sue me im broke
hyrule = { hyrule = {
system = "x86_64-linux"; system = "x86_64-linux";
groups = [groups.server]; groups = [groups.server];
deploy.ssh.host = "hyrule.dobutterfliescry.net"; deploy.ssh = {
host = "hyrule.dobutterfliescry.net";
user = "cry";
};
}; };
# call me a statistician the way she spreads in my sheets # call me a statistician the way she spreads in my sheets