Change SSH port to default as we no longer expose the service

Remove SSH Tarpit and SSH logging in grafana
Install nmap
2024-07-09 09:49:10 +08:00 · 2024-07-09 09:48:17 +08:00 · 2024-07-09 09:46:08 +08:00
8 changed files with 4 additions and 148 deletions
--- a/home-manager/sajenim/features/cli/default.nix
+++ b/home-manager/sajenim/features/cli/default.nix
@ -15,7 +15,7 @@
    matchBlocks."viridian" = {
      hostname = "viridian.kanto.dev";
      identityFile = "/home/sajenim/.ssh/sajenim_sk";
-      port = 62841;
+      port = 22;
    };
    matchBlocks."lavender" = {
--- a/home-manager/sajenim/features/cli/git.nix
+++ b/home-manager/sajenim/features/cli/git.nix
@ -11,7 +11,7 @@
    userEmail = "its.jassy@pm.me";
    extraConfig = {
      init.defaultBranch = "master";
-      core.sshCommand = "ssh -i ~/.ssh/forgejo_sk -p 62841 -F /dev/null";
+      core.sshCommand = "ssh -i ~/.ssh/forgejo_sk -F /dev/null";
      commit.gpgsign = "true";
      user.signingkey = "8563E358D4E8040E";
    };
--- a/nixos/common/global/env.nix
+++ b/nixos/common/global/env.nix
@ -18,6 +18,7 @@
      direnv  # load environment
      jq      # JSON processor
      git     # version control
      nmap    # network mapper
      # HTTP
      curl    # transfer dato to/from server
--- a/nixos/common/global/ssh.nix
+++ b/nixos/common/global/ssh.nix
@ -8,7 +8,7 @@
      PasswordAuthentication = false;
      LogLevel = "VERBOSE";
    };
-    ports = [ 62841 ];
+    ports = [ 22 ];
    openFirewall = true;
  };
--- a/nixos/viridian/services/default.nix
+++ b/nixos/viridian/services/default.nix
@ -13,8 +13,5 @@
    ./grafana.nix
    ./mysql.nix
    ./prometheus.nix
    ./endlessh-go.nix
    ./promtail.nix
    ./loki.nix
  ];
 }
--- a/nixos/viridian/services/endlessh-go.nix
+++ b/nixos/viridian/services/endlessh-go.nix
@ -1,30 +0,0 @@
 { config, ... }:
 {
  services.endlessh-go = {
    enable = true;
    port = 22;  # SSH port
    prometheus = {
      enable = true;
      listenAddress = "127.0.0.1";
      port = 2112; # Prometheus metrics port
    };
    extraOptions = [
      "-interval_ms=1000"
      "-logtostderr"
      "-v=1"
      "-geoip_supplier=ip-api"
    ];
    openFirewall = true;
  };
  services.prometheus.scrapeConfigs = [
    {
      job_name = "endlessh";
      static_configs = [{
        targets = [ "127.0.0.1:${toString config.services.endlessh-go.prometheus.port}" ];
      }];
    }
  ];
 }
--- a/nixos/viridian/services/loki.nix
+++ b/nixos/viridian/services/loki.nix
@ -1,81 +0,0 @@
 { ... }:
 {
  services.loki = {
    enable = true;
    configuration = {
      server.http_listen_port = 3030;
      auth_enabled = false;
      ingester = {
        lifecycler = {
          address = "127.0.0.1";
          ring = {
            kvstore = {
              store = "inmemory";
            };
            replication_factor = 1;
          };
        };
        chunk_idle_period = "1h";
        max_chunk_age = "1h";
        chunk_target_size = 999999;
        chunk_retain_period = "30s";
        # max_transfer_retries = 0;
      };
      schema_config = {
        configs = [{
          from = "2022-06-06";
          store = "boltdb-shipper";
          object_store = "filesystem";
          schema = "v13";
          index = {
            prefix = "index_";
            period = "24h";
          };
        }];
      };
      storage_config = {
        boltdb_shipper = {
          active_index_directory = "/var/lib/loki/boltdb-shipper-active";
          cache_location = "/var/lib/loki/boltdb-shipper-cache";
          cache_ttl = "24h";
          # shared_store = "filesystem";
        };
        filesystem = {
          directory = "/var/lib/loki/chunks";
        };
      };
      limits_config = {
        reject_old_samples = true;
        reject_old_samples_max_age = "168h";
        allow_structured_metadata = false;  # IDK it said add this to fix some error
      };
      # chunk_store_config = {
      #   max_look_back_period = "0s";
      # };
      table_manager = {
        retention_deletes_enabled = false;
        retention_period = "0s";
      };
      compactor = {
        working_directory = "/var/lib/loki";
        # shared_store = "filesystem";
        compactor_ring = {
          kvstore = {
            store = "inmemory";
          };
        };
      };
    };
    # user, group, dataDir, extraFlags, (configFile)
  };
 }
--- a/nixos/viridian/services/promtail.nix
+++ b/nixos/viridian/services/promtail.nix
@ -1,31 +0,0 @@
 { config, ... }:
 {
  services.promtail = {
    enable = true;
    configuration = {
      server = {
        http_listen_port = 9080;
        grpc_listen_port = 0;
      };
      positions = {
        filename = "/tmp/positions.yaml";
      };
      clients = [{
        url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push";
      }];
      scrape_configs = [{
        job_name = "system";
        static_configs = [{
          targets = [ "localhost" ]; # Promtail target is localhost
          labels = {
            instance = "viridian.kanto.dev"; # Label identifier for instance
            env = "kanto"; # Environment label
            job = "secure"; # Job label
            __path__ = "/var/log/sshd.log";
          };
        }];
      }];
    };
  };
 }
Author	SHA1	Message	Date
♥ Minnie ♥	98891a9b15	Change SSH port to default as we no longer expose the service	2024-07-09 09:49:10 +08:00
♥ Minnie ♥	10d696d3d2	Remove SSH Tarpit and SSH logging in grafana	2024-07-09 09:48:17 +08:00
♥ Minnie ♥	6f4a3e7a96	Install nmap	2024-07-09 09:46:08 +08:00