ssh on port 22

2024-02-24 14:46:40 +01:00 · 2024-02-24 14:46:40 +01:00 · f9323d67ad
parent b86d370a62
commit f9323d67ad
3 changed files with 7 additions and 29 deletions
--- a/modules/base/network.nix
+++ b/modules/base/network.nix
@ -9,6 +9,7 @@
      allowedUDPPorts = [ 1234 1337 8000 8080 ];
    };
    nameservers = [ "127.0.0.53" ]; # resolved stub resolver
+    search = [ "caspervk.net" ];
  };

  # TODO: these systemd networkd settings will be the default once
--- a/modules/base/ssh.nix
+++ b/modules/base/ssh.nix
@ -1,9 +1,6 @@
 { ... }: {
  services.openssh = {
    enable = true;
-    # Security by obscurity? Nah, but it certainly reduces the logs volume.
-    # Also, port 222 still requires root to bind.
-    ports = [ 222 ];
    settings = {
      PasswordAuthentication = false;
    };
@ -16,14 +13,14 @@
    ];
  };

-  # ssh-keyscan -t ed25519 -p 222 alpha.caspervk.net
+  # ssh-keyscan -t ed25519 alpha
  programs.ssh.knownHosts = {
-    "alpha.caspervk.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG0OmbNKuMGIOEUxqNDgUN9lz1LSw7xvZ6Tu/BkQyRoy";
-    "delta.caspervk.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0x9oImZjIhoPEwLlHVixIh7y1Kwn+SX17xffrdRzvv";
+    "alpha".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG0OmbNKuMGIOEUxqNDgUN9lz1LSw7xvZ6Tu/BkQyRoy";
+    "delta".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0x9oImZjIhoPEwLlHVixIh7y1Kwn+SX17xffrdRzvv";
+    "lambda".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEEd354UBnQi4xhjtJtKs4yVXuOkKY0svk+YHCm/pG46";
+    "sigma".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF2Qrh0tpR5YawiYvcPGC4OSnu4//ge1eVdiBDLrTbCx";
+    "tor".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVPxvqwS2NMqqCGBkMmExzdBY5hGLegiOuqPJAOfdKk";
    "git.caspervk.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAvPxSg6XN6znT1T4H0U1lzJBsGY7Uann+TBisWD3Drd";
-    "lambda.caspervk.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAvPxSg6XN6znT1T4H0U1lzJBsGY7Uann+TBisWD3Drd";
-    "sigma.caspervk.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF2Qrh0tpR5YawiYvcPGC4OSnu4//ge1eVdiBDLrTbCx";
-    "tor.caspervk.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVPxvqwS2NMqqCGBkMmExzdBY5hGLegiOuqPJAOfdKk";
  };

  environment.persistence."/nix/persist" = {
--- a/modules/desktop/ssh.nix
+++ b/modules/desktop/ssh.nix
@ -10,26 +10,6 @@
      # one. This is especially useful when using SCP.
      controlMaster = "yes";
      matchBlocks = {
-        "alpha" = {
-          hostname = "alpha.caspervk.net";
-          port = 222;
-        };
-        "delta" = {
-          hostname = "delta.caspervk.net";
-          port = 222;
-        };
-        "lambda" = {
-          hostname = "lambda.caspervk.net";
-          port = 222;
-        };
-        "sigma" = {
-          hostname = "sigma.caspervk.net";
-          port = 222;
-        };
-        "tor" = {
-          hostname = "tor.caspervk.net";
-          port = 222;
-        };
        "git.caspervk.net" = {
          port = 2222;
        };