From f9323d67ad07b3cd1b7a492e7ce9fa76b26c2015 Mon Sep 17 00:00:00 2001
From: "Casper V. Kristensen" <casper@vkristensen.dk>
Date: Sat, 24 Feb 2024 14:46:40 +0100
Subject: [PATCH] ssh on port 22

---
 modules/base/network.nix |  1 +
 modules/base/ssh.nix     | 15 ++++++---------
 modules/desktop/ssh.nix  | 20 --------------------
 3 files changed, 7 insertions(+), 29 deletions(-)

diff --git a/modules/base/network.nix b/modules/base/network.nix
index 72cb7a1..13dac28 100644
--- a/modules/base/network.nix
+++ b/modules/base/network.nix
@@ -9,6 +9,7 @@
       allowedUDPPorts = [ 1234 1337 8000 8080 ];
     };
     nameservers = [ "127.0.0.53" ]; # resolved stub resolver
+    search = [ "caspervk.net" ];
   };
 
   # TODO: these systemd networkd settings will be the default once
diff --git a/modules/base/ssh.nix b/modules/base/ssh.nix
index e6d3360..0a54f91 100644
--- a/modules/base/ssh.nix
+++ b/modules/base/ssh.nix
@@ -1,9 +1,6 @@
 { ... }: {
   services.openssh = {
     enable = true;
-    # Security by obscurity? Nah, but it certainly reduces the logs volume.
-    # Also, port 222 still requires root to bind.
-    ports = [ 222 ];
     settings = {
       PasswordAuthentication = false;
     };
@@ -16,14 +13,14 @@
     ];
   };
 
-  # ssh-keyscan -t ed25519 -p 222 alpha.caspervk.net
+  # ssh-keyscan -t ed25519 alpha
   programs.ssh.knownHosts = {
-    "alpha.caspervk.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG0OmbNKuMGIOEUxqNDgUN9lz1LSw7xvZ6Tu/BkQyRoy";
-    "delta.caspervk.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0x9oImZjIhoPEwLlHVixIh7y1Kwn+SX17xffrdRzvv";
+    "alpha".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG0OmbNKuMGIOEUxqNDgUN9lz1LSw7xvZ6Tu/BkQyRoy";
+    "delta".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0x9oImZjIhoPEwLlHVixIh7y1Kwn+SX17xffrdRzvv";
+    "lambda".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEEd354UBnQi4xhjtJtKs4yVXuOkKY0svk+YHCm/pG46";
+    "sigma".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF2Qrh0tpR5YawiYvcPGC4OSnu4//ge1eVdiBDLrTbCx";
+    "tor".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVPxvqwS2NMqqCGBkMmExzdBY5hGLegiOuqPJAOfdKk";
     "git.caspervk.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAvPxSg6XN6znT1T4H0U1lzJBsGY7Uann+TBisWD3Drd";
-    "lambda.caspervk.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAvPxSg6XN6znT1T4H0U1lzJBsGY7Uann+TBisWD3Drd";
-    "sigma.caspervk.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF2Qrh0tpR5YawiYvcPGC4OSnu4//ge1eVdiBDLrTbCx";
-    "tor.caspervk.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVPxvqwS2NMqqCGBkMmExzdBY5hGLegiOuqPJAOfdKk";
   };
 
   environment.persistence."/nix/persist" = {
diff --git a/modules/desktop/ssh.nix b/modules/desktop/ssh.nix
index eea2107..3cb8155 100644
--- a/modules/desktop/ssh.nix
+++ b/modules/desktop/ssh.nix
@@ -10,26 +10,6 @@
       # one. This is especially useful when using SCP.
       controlMaster = "yes";
       matchBlocks = {
-        "alpha" = {
-          hostname = "alpha.caspervk.net";
-          port = 222;
-        };
-        "delta" = {
-          hostname = "delta.caspervk.net";
-          port = 222;
-        };
-        "lambda" = {
-          hostname = "lambda.caspervk.net";
-          port = 222;
-        };
-        "sigma" = {
-          hostname = "sigma.caspervk.net";
-          port = 222;
-        };
-        "tor" = {
-          hostname = "tor.caspervk.net";
-          port = 222;
-        };
         "git.caspervk.net" = {
           port = 2222;
         };