From 38e14fde99727bcdd48c3352c41e7e9d59b8b2d8 Mon Sep 17 00:00:00 2001
From: Mel <mel@rnrd.eu>
Date: Thu, 28 Aug 2025 18:28:03 +0200
Subject: Add SSH server for development machine serpentine

Signed-off-by: Mel <mel@rnrd.eu>
---
 modules/development-server.nix      | 24 ++++++++++++++++++++++++
 modules/home/development-server.nix |  1 -
 2 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/modules/development-server.nix b/modules/development-server.nix
index 4b67ca6..b41b4ad 100644
--- a/modules/development-server.nix
+++ b/modules/development-server.nix
@@ -38,6 +38,9 @@
   networking.hostName = me.name;
   services.resolved.enable = true;
 
+  users.users.mel.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINTG/DHTkuQgwLakSBuXx3XBe+WjUmDlSgLBGzldx/ZD mel@moissanite"
+  ];
   services = {
     acpid.enable = true;
     tailscale = {
@@ -46,6 +49,27 @@
       extraUpFlags = [ "--ssh" ];
     };
 
+    openssh = {
+      enable = true;
+      ports = [ 62322 ]; # listen on random port
+      openFirewall = true;
+      settings = {
+        PasswordAuthentication = false;
+        KbdInteractiveAuthentication = false;
+        PermitRootLogin = "no";
+      };
+    };
+
+    # annoy every ssh spammer
+    endlessh = {
+      enable = true;
+      port = 22;
+      openFirewall = true;
+    };
+
+    # ban those who found the real port
+    fail2ban.enable = true;
+
     # sometimes needed for gnupg
     pcscd.enable = true;
   };
diff --git a/modules/home/development-server.nix b/modules/home/development-server.nix
index de196ea..47b8555 100644
--- a/modules/home/development-server.nix
+++ b/modules/home/development-server.nix
@@ -29,5 +29,4 @@
       nix-direnv.enable = true;
     };
   };
-  };
 }
-- 
cgit 1.4.1