From e4abf5c1ed909cf53ab30b5d94267b2042eef65b Mon Sep 17 00:00:00 2001
From: stupidcomputer <ryan@beepboop.systems>
Date: Thu, 26 Dec 2024 17:23:18 -0600
Subject: [PATCH] add notifications for successful ssh logins

---
 boxes/netbox/ssh.nix  | 31 +++++++++++++++++++++++++++++++
 boxes/netbox/sslh.nix | 29 ++++++++++++++++-------------
 2 files changed, 47 insertions(+), 13 deletions(-)

diff --git a/boxes/netbox/ssh.nix b/boxes/netbox/ssh.nix
index e4a7b1d..03e9c33 100644
--- a/boxes/netbox/ssh.nix
+++ b/boxes/netbox/ssh.nix
@@ -16,4 +16,35 @@
     machines.aristotle.pubkey
     machines.phone.pubkey
   ];
+
+  environment.etc."ssh/sshrc".text = ''
+    login_ip="''${SSH_CLIENT%% *}"
+    is_in_ignored=$(grep "$login_ip" /etc/ssh/ignored_ips -c)
+    if [ "$is_in_ignored" -gt 0 ]; then
+      echo "Your login has been ignored based on your IP address."
+      exit
+    fi
+    time=$(date "+%T%:z")
+    geodata=$(
+      curl -s ipinfo.io/$login_ip |
+      sed '1d;$d;/readme/d;s/^  //g'
+    )
+    ${pkgs.mailutils}/bin/mail \
+      ryan@beepboop.systems -r "ssh" \
+      -s "ssh login from $login_ip at $time" \
+    <<EOF
+    Hi there,
+
+    \`netbox\` was just logged into from $login_ip at $time (America/Chicago).
+    It was not in /etc/ssh/ignored_ips.
+
+    If this is you, that's great! If not, there is most certainly
+    an unauthorized user connected to the machine -- in which case, the
+    prudent course of action is to shut the machine down.
+
+    For your information, here is geolocation data from $login_ip.
+
+    $geodata
+    EOF
+  '';
 }
diff --git a/boxes/netbox/sslh.nix b/boxes/netbox/sslh.nix
index 6c86873..40d3662 100644
--- a/boxes/netbox/sslh.nix
+++ b/boxes/netbox/sslh.nix
@@ -2,18 +2,21 @@
 {
   services.sslh = {
     enable = true;
-    settings.protocols = [
-      {
-        host = "localhost";
-        name = "ssh";
-        port = "55555";
-        service = "ssh";
-      }
-      {
-        host = "localhost";
-          name = "tls";
-          port = "442";
-      }
-    ];
+    settings = {
+        protocols = [
+        {
+          host = "localhost";
+          name = "ssh";
+          port = "55555";
+          service = "ssh";
+        }
+        {
+          host = "localhost";
+            name = "tls";
+            port = "442";
+        }
+      ];
+      transparent = true;
+    };
   };
 }