diff --git a/groups/server/default.nix b/groups/server/default.nix index 6182ef1..32fe569 100644 --- a/groups/server/default.nix +++ b/groups/server/default.nix @@ -1,7 +1,7 @@ {lib, ...}: { networking.firewall = { allowedTCPPorts = [ - 22 + 42069 # ssh ]; }; @@ -9,7 +9,7 @@ # accept Lets Encrypt's security policy acme = { acceptTerms = true; - defaults.email = "them@dobutterfliescry.net"; + defaults.email = "eclarkboman@gmail.com"; }; sudo = { @@ -26,7 +26,7 @@ services = { openssh = { enable = true; - ports = [22]; + ports = [42069]; settings = { PasswordAuthentication = false; PermitRootLogin = "no"; @@ -37,6 +37,22 @@ }; }; + # simple fail2ban config (not production ready or anything though) + # refer to: https://nixos.wiki/wiki/Fail2Ban + services.fail2ban = { + enable = true; + + maxretry = 5; + bantime = "10m"; # 10 minute ban + bantime-increment = { + enable = true; + formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)"; + # multipliers = "1 2 4 8 16 32 64"; + maxtime = "168h"; # dont ban for more than 1 week + overalljails = true; + }; + }; + users = { users = { # primary user diff --git a/homes/me/default.nix b/homes/me/default.nix index 8484344..169219f 100755 --- a/homes/me/default.nix +++ b/homes/me/default.nix @@ -106,42 +106,30 @@ }; # set ssh profiles - # NOTE: (IMPORTANT) this DOES NOT start the ssh-agent - # for that you need to use `services.ssh-agent.enable` + # WARNING: this DOES NOT start the ssh-agent + # WARNING: for that you need to use `services.ssh-agent.enable` ssh = { enable = true; forwardAgent = false; - addKeysToAgent = "no"; + addKeysToAgent = "yes"; matchBlocks = { - hyrule = { - hostname = "imbored.dev"; - user = "ae"; - port = 22; - identityFile = "~/.ssh/id_hyrule"; + butterfly = { + hostname = "dobutterfliescry.net"; + user = "cry"; + port = 42069; + identityFile = "~/.ssh/id_butterfly"; setEnv = { TERM = "linux"; }; }; clocktown = { - hostname = "clocktown.dobutterfliescry.net"; - user = "root"; - port = 22; - identityFile = "~/.ssh/id_clocktown"; - }; - subspace = { - hostname = "imbored.dev"; - user = "subspace"; - port = 22; - identityFile = "~/.ssh/id_subspace"; - }; - dead = { - hostname = "deadlyserver.com"; - user = "emile"; - port = 29843; - identityFile = "~/.ssh/id_deadlyserver"; + hostname = "hyrule.dobutterfliescry.net"; + user = "cry"; + port = 42069; + identityFile = "~/.ssh/id_hyrule"; setEnv = { - TERM = "xterm-256color"; + TERM = "linux"; }; }; youcue = { diff --git a/snow.nix b/snow.nix index 7b263f3..4d3b575 100644 --- a/snow.nix +++ b/snow.nix @@ -13,10 +13,6 @@ cerulean.mkNexus ./. (self: { server = {}; }; - extraModules = with inputs; [ - home-manager.nixosModules.default - ]; - nodes = let inherit (self.nexus) @@ -47,14 +43,21 @@ cerulean.mkNexus ./. (self: { butterfly = { system = "x86_64-linux"; groups = [groups.server]; - deploy.ssh.host = "dobutterfliescry.net"; + deploy.ssh = { + host = "dobutterfliescry.net"; + user = "cry"; + port = 42069; + }; }; # pls dont sue me im broke hyrule = { system = "x86_64-linux"; groups = [groups.server]; - deploy.ssh.host = "hyrule.dobutterfliescry.net"; + deploy.ssh = { + host = "hyrule.dobutterfliescry.net"; + user = "cry"; + }; }; # call me a statistician the way she spreads in my sheets