Add SSH server for development machine serpentine

Signed-off-by: Mel <mel@rnrd.eu>

2 files changed, 24 insertions, 1 deletions

diff --git a/modules/development-server.nix b/modules/development-server.nix
index 4b67ca6..b41b4ad 100644
--- a/modules/development-server.nix
+++ b/modules/development-server.nix
@@ -38,6 +38,9 @@
   networking.hostName = me.name;
   services.resolved.enable = true;
 
+  users.users.mel.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINTG/DHTkuQgwLakSBuXx3XBe+WjUmDlSgLBGzldx/ZD mel@moissanite"
+  ];
   services = {
     acpid.enable = true;
     tailscale = {
@@ -46,6 +49,27 @@
       extraUpFlags = [ "--ssh" ];
     };
 
+    openssh = {
+      enable = true;
+      ports = [ 62322 ]; # listen on random port
+      openFirewall = true;
+      settings = {
+        PasswordAuthentication = false;
+        KbdInteractiveAuthentication = false;
+        PermitRootLogin = "no";
+      };
+    };
+
+    # annoy every ssh spammer
+    endlessh = {
+      enable = true;
+      port = 22;
+      openFirewall = true;
+    };
+
+    # ban those who found the real port
+    fail2ban.enable = true;
+
     # sometimes needed for gnupg
     pcscd.enable = true;
   };
diff --git a/modules/home/development-server.nix b/modules/home/development-server.nix
index de196ea..47b8555 100644
--- a/modules/home/development-server.nix
+++ b/modules/home/development-server.nix
@@ -29,5 +29,4 @@
       nix-direnv.enable = true;
     };
   };
-  };
 }