update hosts (+ update sshPort)
This commit is contained in:
parent
821349be71
commit
b6202ad56a
3 changed files with 41 additions and 34 deletions
|
|
@ -1,7 +1,7 @@
|
|||
{lib, ...}: {
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = [
|
||||
22
|
||||
42069 # ssh
|
||||
];
|
||||
};
|
||||
|
||||
|
|
@ -9,7 +9,7 @@
|
|||
# accept Lets Encrypt's security policy
|
||||
acme = {
|
||||
acceptTerms = true;
|
||||
defaults.email = "them@dobutterfliescry.net";
|
||||
defaults.email = "eclarkboman@gmail.com";
|
||||
};
|
||||
|
||||
sudo = {
|
||||
|
|
@ -26,7 +26,7 @@
|
|||
services = {
|
||||
openssh = {
|
||||
enable = true;
|
||||
ports = [22];
|
||||
ports = [42069];
|
||||
settings = {
|
||||
PasswordAuthentication = false;
|
||||
PermitRootLogin = "no";
|
||||
|
|
@ -37,6 +37,22 @@
|
|||
};
|
||||
};
|
||||
|
||||
# simple fail2ban config (not production ready or anything though)
|
||||
# refer to: https://nixos.wiki/wiki/Fail2Ban
|
||||
services.fail2ban = {
|
||||
enable = true;
|
||||
|
||||
maxretry = 5;
|
||||
bantime = "10m"; # 10 minute ban
|
||||
bantime-increment = {
|
||||
enable = true;
|
||||
formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";
|
||||
# multipliers = "1 2 4 8 16 32 64";
|
||||
maxtime = "168h"; # dont ban for more than 1 week
|
||||
overalljails = true;
|
||||
};
|
||||
};
|
||||
|
||||
users = {
|
||||
users = {
|
||||
# primary user
|
||||
|
|
|
|||
|
|
@ -106,42 +106,30 @@
|
|||
};
|
||||
|
||||
# set ssh profiles
|
||||
# NOTE: (IMPORTANT) this DOES NOT start the ssh-agent
|
||||
# for that you need to use `services.ssh-agent.enable`
|
||||
# WARNING: this DOES NOT start the ssh-agent
|
||||
# WARNING: for that you need to use `services.ssh-agent.enable`
|
||||
ssh = {
|
||||
enable = true;
|
||||
forwardAgent = false;
|
||||
addKeysToAgent = "no";
|
||||
addKeysToAgent = "yes";
|
||||
|
||||
matchBlocks = {
|
||||
hyrule = {
|
||||
hostname = "imbored.dev";
|
||||
user = "ae";
|
||||
port = 22;
|
||||
identityFile = "~/.ssh/id_hyrule";
|
||||
butterfly = {
|
||||
hostname = "dobutterfliescry.net";
|
||||
user = "cry";
|
||||
port = 42069;
|
||||
identityFile = "~/.ssh/id_butterfly";
|
||||
setEnv = {
|
||||
TERM = "linux";
|
||||
};
|
||||
};
|
||||
clocktown = {
|
||||
hostname = "clocktown.dobutterfliescry.net";
|
||||
user = "root";
|
||||
port = 22;
|
||||
identityFile = "~/.ssh/id_clocktown";
|
||||
};
|
||||
subspace = {
|
||||
hostname = "imbored.dev";
|
||||
user = "subspace";
|
||||
port = 22;
|
||||
identityFile = "~/.ssh/id_subspace";
|
||||
};
|
||||
dead = {
|
||||
hostname = "deadlyserver.com";
|
||||
user = "emile";
|
||||
port = 29843;
|
||||
identityFile = "~/.ssh/id_deadlyserver";
|
||||
hostname = "hyrule.dobutterfliescry.net";
|
||||
user = "cry";
|
||||
port = 42069;
|
||||
identityFile = "~/.ssh/id_hyrule";
|
||||
setEnv = {
|
||||
TERM = "xterm-256color";
|
||||
TERM = "linux";
|
||||
};
|
||||
};
|
||||
youcue = {
|
||||
|
|
|
|||
15
snow.nix
15
snow.nix
|
|
@ -13,10 +13,6 @@ cerulean.mkNexus ./. (self: {
|
|||
server = {};
|
||||
};
|
||||
|
||||
extraModules = with inputs; [
|
||||
home-manager.nixosModules.default
|
||||
];
|
||||
|
||||
nodes = let
|
||||
inherit
|
||||
(self.nexus)
|
||||
|
|
@ -47,14 +43,21 @@ cerulean.mkNexus ./. (self: {
|
|||
butterfly = {
|
||||
system = "x86_64-linux";
|
||||
groups = [groups.server];
|
||||
deploy.ssh.host = "dobutterfliescry.net";
|
||||
deploy.ssh = {
|
||||
host = "dobutterfliescry.net";
|
||||
user = "cry";
|
||||
port = 42069;
|
||||
};
|
||||
};
|
||||
|
||||
# pls dont sue me im broke
|
||||
hyrule = {
|
||||
system = "x86_64-linux";
|
||||
groups = [groups.server];
|
||||
deploy.ssh.host = "hyrule.dobutterfliescry.net";
|
||||
deploy.ssh = {
|
||||
host = "hyrule.dobutterfliescry.net";
|
||||
user = "cry";
|
||||
};
|
||||
};
|
||||
|
||||
# call me a statistician the way she spreads in my sheets
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue