Noratrieb/vps
1
0
Fork 0
mirror of https://github.com/Noratrieb/vps.git synced 2026-01-14 16:55:00 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

move fakessh

Browse source
This commit is contained in:
nora 2024-08-12 17:16:08 +02:00
parent 7047b6a9ed
commit 0df507ea14
2 changed files with 39 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

70
newinfra/nix/hive.nix
View file

@ -15,7 +15,6 @@
slides = fetchTarball "https://github.com/Noratrieb/slides/archive/0401f35c22b124b69447655f0c537badae9e223c.tar.gz"; slides = fetchTarball "https://github.com/Noratrieb/slides/archive/0401f35c22b124b69447655f0c537badae9e223c.tar.gz";
pretense = import (fetchTarball "https://github.com/Noratrieb/pretense/archive/270b01fc1118dfd713c1c41530d1a7d98f04527d.tar.gz"); pretense = import (fetchTarball "https://github.com/Noratrieb/pretense/archive/270b01fc1118dfd713c1c41530d1a7d98f04527d.tar.gz");
fakessh = import (fetchTarball "https://github.com/Noratrieb/fakessh/archive/7a129eba2e0bd15d46efce2f2e0daebeb6888bec.tar.gz");
networkingConfig = { networkingConfig = {
dns1 = { dns1 = {
@ -243,37 +242,44 @@
''; '';
}; };
# VPS5 is the primary test server, where new things are being deployed that could break stuff maybe. # VPS5 is the primary test server, where new things are being deployed that could break stuff maybe.
vps5 = { name, nodes, modulesPath, config, pkgs, lib, fakessh, ... }: { vps5 = { name, nodes, modulesPath, config, pkgs, lib, ... }:
imports = [ let
(modulesPath + "/profiles/qemu-guest.nix") commit = "18993f3a00c71af419cb28c01d200bd2efd85603";
./modules/contabo fakessh = import (fetchTarball "https://github.com/Noratrieb/fakessh/archive/${commit}.tar.gz");
./modules/ingress in
./modules/wg-mesh {
./modules/garage imports = [
]; (modulesPath + "/profiles/qemu-guest.nix")
./modules/contabo
./modules/ingress
./modules/wg-mesh
./modules/garage
];
# services.openssh.ports = [ 2000 ];
#systemd.services.fakessh = {
# description = "fakessh ssh honeypot";
# wantedBy = [ "multi-user.target" ];
# after = [ "network.target" ];
# serviceConfig = {
# DynamicUser = true;
# ExecStart = "${lib.getExe (fakessh {inherit pkgs;})}";
# AmbientCapabilities = "CAP_NET_BIND_SERVICE";
# # i really don't trust this.
# MemoryHigh = "100;";
# MemoryMax = "200M";
# Environment = [
# "FAKESSH_LISTEN_ADDR=0.0.0.0:22"
# "RUST_LOG=debug"
# ];
# };
#};
# networking.firewall.allowedTCPPorts = [ 22 ];
#deployment.targetPort = 2000;
deployment.tags = [ "eu" "apps" ]; #services.openssh.ports = [ 2000 ];
system.stateVersion = "23.11"; #systemd.services.fakessh = {
}; # description = "fakessh ssh honeypot";
# wantedBy = [ "multi-user.target" ];
# after = [ "network.target" ];
# serviceConfig = {
# DynamicUser = true;
# ExecStart = "${lib.getExe (fakessh {inherit pkgs;})}";
# AmbientCapabilities = "CAP_NET_BIND_SERVICE";
# # i really don't trust this.
# MemoryHigh = "100;";
# MemoryMax = "200M";
# Environment = [
# "FAKESSH_LISTEN_ADDR=0.0.0.0:22"
# "RUST_LOG=debug"
# #"FAKESSH_JSON_LOGS=1"
# ];
# };
#};
#networking.firewall.allowedTCPPorts = [ 22 ];
#deployment.targetPort = 2000;
deployment.tags = [ "eu" "apps" ];
system.stateVersion = "23.11";
};
} }

1
newinfra/nix/modules/dns/noratrieb.dev.nix
View file

@ -58,6 +58,7 @@ let
pronouns.TXT = [ pronouns.TXT = [
"she/her" "she/her"
]; ];
sshhoneypot = vps5;
# --- infra # --- infra
grafana = vps3; grafana = vps3;