update hosts (+ update sshPort)

groups/server/default.nix

@@ -1,7 +1,7 @@
 {lib, ...}: {
   networking.firewall = {
     allowedTCPPorts = [
-      22
+      42069 # ssh
     ];
   };
 
@@ -9,7 +9,7 @@
     # accept Lets Encrypt's security policy
     acme = {
       acceptTerms = true;
-      defaults.email = "them@dobutterfliescry.net";
+      defaults.email = "eclarkboman@gmail.com";
     };
 
     sudo = {
@@ -26,7 +26,7 @@
   services = {
     openssh = {
       enable = true;
-      ports = [22];
+      ports = [42069];
       settings = {
         PasswordAuthentication = false;
         PermitRootLogin = "no";
@@ -37,6 +37,22 @@
     };
   };
 
+  # simple fail2ban config (not production ready or anything though)
+  # refer to: https://nixos.wiki/wiki/Fail2Ban
+  services.fail2ban = {
+    enable = true;
+
+    maxretry = 5;
+    bantime = "10m"; # 10 minute ban
+    bantime-increment = {
+      enable = true;
+      formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";
+      # multipliers = "1 2 4 8 16 32 64";
+      maxtime = "168h"; # dont ban for more than 1 week
+      overalljails = true;
+    };
+  };
+
   users = {
     users = {
       # primary user

homes/me/default.nix

@@ -106,42 +106,30 @@
     };
 
     # set ssh profiles
-    # NOTE: (IMPORTANT) this DOES NOT start the ssh-agent
-    #       for that you need to use `services.ssh-agent.enable`
+    # WARNING: this DOES NOT start the ssh-agent
+    # WARNING: for that you need to use `services.ssh-agent.enable`
     ssh = {
       enable = true;
       forwardAgent = false;
-      addKeysToAgent = "no";
+      addKeysToAgent = "yes";
 
       matchBlocks = {
-        hyrule = {
-          hostname = "imbored.dev";
-          user = "ae";
-          port = 22;
-          identityFile = "~/.ssh/id_hyrule";
+        butterfly = {
+          hostname = "dobutterfliescry.net";
+          user = "cry";
+          port = 42069;
+          identityFile = "~/.ssh/id_butterfly";
           setEnv = {
             TERM = "linux";
           };
         };
         clocktown = {
-          hostname = "clocktown.dobutterfliescry.net";
-          user = "root";
-          port = 22;
-          identityFile = "~/.ssh/id_clocktown";
-        };
-        subspace = {
-          hostname = "imbored.dev";
-          user = "subspace";
-          port = 22;
-          identityFile = "~/.ssh/id_subspace";
-        };
-        dead = {
-          hostname = "deadlyserver.com";
-          user = "emile";
-          port = 29843;
-          identityFile = "~/.ssh/id_deadlyserver";
+          hostname = "hyrule.dobutterfliescry.net";
+          user = "cry";
+          port = 42069;
+          identityFile = "~/.ssh/id_hyrule";
           setEnv = {
-            TERM = "xterm-256color";
+            TERM = "linux";
           };
         };
         youcue = {

snow.nix

@@ -13,10 +13,6 @@ cerulean.mkNexus ./. (self: {
       server = {};
     };
 
-    extraModules = with inputs; [
-      home-manager.nixosModules.default
-    ];
-
     nodes = let
       inherit
         (self.nexus)
@@ -47,14 +43,21 @@ cerulean.mkNexus ./. (self: {
       butterfly = {
         system = "x86_64-linux";
         groups = [groups.server];
-        deploy.ssh.host = "dobutterfliescry.net";
+        deploy.ssh = {
+          host = "dobutterfliescry.net";
+          user = "cry";
+          port = 42069;
+        };
       };
 
       # pls dont sue me im broke
       hyrule = {
         system = "x86_64-linux";
         groups = [groups.server];
-        deploy.ssh.host = "hyrule.dobutterfliescry.net";
+        deploy.ssh = {
+          host = "hyrule.dobutterfliescry.net";
+          user = "cry";
+        };
       };
 
       # call me a statistician the way she spreads in my sheets