diff options
Diffstat (limited to 'modules/nixfiles/endlessh.nix')
| -rw-r--r-- | modules/nixfiles/endlessh.nix | 45 |
1 files changed, 0 insertions, 45 deletions
diff --git a/modules/nixfiles/endlessh.nix b/modules/nixfiles/endlessh.nix deleted file mode 100644 index c66d8b3..0000000 --- a/modules/nixfiles/endlessh.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.nixfiles.modules.endlessh; -in { - options.nixfiles.modules.endlessh.enable = - mkEnableOption "endlessh"; - - config = let - port = 22; - in - mkIf cfg.enable { - assertions = [ - { - assertion = !(any (x: x == port) config.services.openssh.ports); - message = "Port ${toString port} is already occupied by OpenSSH"; - } - ]; - - systemd.services.endlessh = { - description = "Endlessh SSH Tarpit"; - requires = ["network-online.target"]; - serviceConfig = { - Restart = "always"; - ExecStart = concatStringsSep " " [ - "${pkgs.endlessh}/bin/endlessh" - "-v" - "-4" - "-p ${toString port}" - ]; - KillSignal = "SIGTERM"; - AmbientCapabilities = "CAP_NET_BIND_SERVICE"; - DynamicUser = true; - StateDirectory = "endlessh"; - }; - wantedBy = ["multi-user.target"]; - }; - - networking.firewall.allowedTCPPorts = [port]; - }; -} |