This is an automated email from the git hooks/post-receive script.
guix_mirror_bot pushed a commit to branch master
in repository guix.
The following commit(s) were added to refs/heads/master by this push:
new 8dc57904e3 services: Add endlessh-service-type.
8dc57904e3 is described below
commit 8dc57904e385b9219f548601afc6dc9b26dadd68
Author: Clombrong <[email protected]>
AuthorDate: Thu Oct 2 01:51:08 2025 +0200
services: Add endlessh-service-type.
* docs/guix.texi: Document EndleSSH service and configuration.
* gnu/services/ssh.scm: New service.
* gnu/services/ssh.scm: Define shepherd service.
Merges: https://codeberg.org/guix/guix/pulls/5910
Co-Authored-By: Giacomo Leidi <[email protected]>
Change-Id: Ief4520b536276b88f2e5027ef0897bf84b2835df
Signed-off-by: Giacomo Leidi <[email protected]>
---
doc/guix.texi | 52 +++++++++++++++++++++++++++++++++++++
gnu/services/ssh.scm | 73 ++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 125 insertions(+)
diff --git a/doc/guix.texi b/doc/guix.texi
index 436ae58878..0d57b516ba 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -24321,6 +24321,58 @@ Whether to enable password-based authentication.
@end table
@end deftp
+@cindex EndleSSH
+@defvar endlessh-service-type
+This is the type for the
+@uref{https://github.com/skeeto/endlessh,EndleSSH} program that runs an
+SSH tar pit. By very slowly sending an SSH banner, this program keeps
+unwanted visitors locked away from the actual SSH daemon.
+
+For example, to specify a service running Endlessh on port @code{2222}, add
+this call to the operating system's @code{services} field:
+
+@lisp
+(service endlessh-service-type
+ (endlessh-configuration
+ (port-number 2222)))
+@end lisp
+@end defvar
+
+@deftp {Data Type} endlessh-configuration
+This data type represents the configuration of an EndleSSH service.
+
+@table @asis
+@item @code{endlessh} (default: @var{endlessh})
+The EndleSSH package to use.
+
+@item @code{port-number} (default: @code{22})
+The TCP port where the daemon waits for incoming connections.
+
+@item @code{log-level} (default: @code{1})
+The log level. @code{0} is quiet, @code{2} is very noisy.
+
+@item @code{syslog-output?} (default: @code{#t})
+Whether to enable syslog output.
+
+@item @code{pid-file} (default: @code{"/var/run/endlessh.pid"})
+File name of the daemon's PID file.
+
+@item @code{message-delay} (default: @code{10000})
+The endless banner is sent one line at a time. This is the delay in
+milliseconds between individual lines.
+
+@item @code{max-banner-length} (default: @code{32})
+The length of each line is randomized. This controls the maximum length
+of each line. Shorter lines may keep clients on for longer if they give
+up after a certain number of bytes.
+
+@item @code{max-clients} (default: @code{4096})
+Maximum number of connections to accept at a time. Connections beyond
+this are not immediately rejected, but will wait in the queue.
+
+@end table
+@end deftp
+
@cindex AutoSSH
@defvar autossh-service-type
This is the type for the @uref{https://www.harding.motd.ca/autossh,
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index 77359501e4..d5c1c77800 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -70,6 +70,17 @@
dropbear-service-type
dropbear-service ; deprecated
+ endlessh-configuration
+ endlessh-configuration?
+ endlessh-configuration-endlessh
+ endlessh-configuration-port-number
+ endlessh-configuration-log-level
+ endlessh-configuration-syslog-output?
+ endlessh-configuration-message-delay
+ endlessh-configuration-max-banner-length
+ endlessh-configuration-max-clients
+ endlessh-service-type
+
autossh-configuration
autossh-configuration?
autossh-service-type
@@ -524,6 +535,68 @@ object."
(service dropbear-service-type config))
�
+;;;
+;;; Endlessh.
+;;;
+
+(define-record-type* <endlessh-configuration>
+ endlessh-configuration make-endlessh-configuration
+ endlessh-configuration?
+ (endlessh endlessh-configuration-endlessh
+ (default endlessh))
+ (port-number endlessh-configuration-port-number
+ (default 22))
+ (log-level endlessh-configuration-log-level
+ (default 1))
+ (syslog-output? endlessh-configuration-syslog-output?
+ (default #t))
+ (message-delay endlessh-configuration-message-delay
+ (default 10000))
+ (max-banner-length endlessh-configuration-max-banner-length
+ (default 32))
+ (max-clients endlessh-configuration-max-clients
+ (default 4096)))
+
+(define (endlessh-shepherd-service config)
+ "Return a <shepherd-service> for endlessh with CONFIG."
+ (define endlessh
+ (endlessh-configuration-endlessh config))
+
+ (define endlessh-config
+ (format #f "Port ~a~%Delay ~a~%MaxLineLength ~a~%MaxClients ~a~%LogLevel
~a"
+ (endlessh-configuration-port-number config)
+ (endlessh-configuration-message-delay config)
+ (endlessh-configuration-max-banner-length config)
+ (endlessh-configuration-max-clients config)
+ (endlessh-configuration-log-level config)))
+
+ (define endlessh-command
+ #~(list (string-append #$endlessh "/bin/endlessh")
+ "-f" #$(plain-file "endlessh_config" endlessh-config)
+ #$@(if (endlessh-configuration-syslog-output? config) '("-s")
'())))
+
+ (define requires
+ (if (endlessh-configuration-syslog-output? config)
+ '(user-processes networking syslogd)
+ '(user-processes networking)))
+
+ (list (shepherd-service
+ (documentation "EndleSSH server.")
+ (requirement requires)
+ (provision '(endlessh))
+ (start #~(make-forkexec-constructor #$endlessh-command))
+ (stop #~(make-kill-destructor)))))
+
+(define endlessh-service-type
+ (service-type (name 'endlessh)
+ (description
+ "Run the EndleSSH secure shell (SSH) tarpit.")
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ endlessh-shepherd-service)))
+ (default-value (endlessh-configuration))))
+
+�
;;;
;;; AutoSSH.
;;;
