doc: endlessh service documentation.

* doc/guix.texi (Networking Services): New endlessh-service-type section.

services: containerized endlessh

* gnu/services/ssh.scm (endlessh-config->conf): make-forkexec-contructor ->
make-forkexec-constructor/container. and attempted to enable logging to syslog.
  (define-record-type* <endlessh-configuration>)
  move default values of endlessh configuration to separate line.
  Add copyright line for Nicolo.
---
 doc/guix.texi        | 60 ++++++++++++++++++++++++++++++++++++++++++++
 gnu/services/ssh.scm | 35 ++++++++++++++++++--------
 2 files changed, 85 insertions(+), 10 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 464c1141d8..38807b3069 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -17081,6 +17081,66 @@ may cause undefined behaviour.
 @end table
 @end deftp
 
+@cindex Endlessh
+@deffn {Scheme Variable} endlessh-service-type
+This is the type for the @uref{https://github.com/skeeto/endlessh,
+Endlessh} program that delays ssh clients for days at a time by
+@emph{very slowly} sending a random and endless SSH banner.  The smart
+hacker will put endlessh running on port 22, and let crackers get stuck
+in this tarpit.  This lets your real ssh server run more securely on a
+non-standard port.
+
+For example:
+
+@lisp
+(service endlessh-service-type
+  (endlessh-configuration
+    (port-number 22)))
+@end lisp
+
+@end deffn
+
+@deftp {Data Type} endlessh-configuration
+Data type representing the configuration for @code{endlessh-service}.
+@table @asis
+@item @code{package} (default: @var{endlessh})
+@code{endlessh} package to use.
+
+@item @code{bind-family} (default: @code{'(ipv4 ipv6)})
+This specifies if endlessh should use ipv4 and/or ipv6.
+
+@item @code{delay} (default: @code{10000})
+The endless banner is sent one line at a time. This is the delay
+in milliseconds between individual lines.
+
+@item @code{length} (default: @code{32})
+The length of each line is randomized. This controls the maximum length
+of each line. Shorter lines may keep clients on for longer if they give
+up after a certain number of bytes.
+
+@item @code{max-clients} (default: @code{4096})
+Maximum number of connections to accept at a time. Connections beyond
+this are not immediately rejected, but will wait in the queue.
+
+@item @code{port-number} (default: @code{2222})
+The port on which to listen for new SSH connections.  Most users who
+want to use endlessh as intended should set this port number to
+@code{22}.
+
+@item @code{log-level} (default: @code{0})
+Set the detail level for the log.
+@table @asis
+@item  0 = Quiet
+@item  1 = Standard, useful log messages
+@item  2 = Very noisy debugging information
+@end table
+
+@item @code{syslog} (default: @code{#f})
+Print diagnostics to syslog instead of standard output
+
+@end table
+@end deftp
+
 @cindex WebSSH
 @deffn {Scheme Variable} webssh-service-type
 This is the type for the @uref{https://webssh.huashengdun.org/, WebSSH}
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index aad9bbc754..838655cf2c 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -6,6 +6,8 @@
 ;;; Copyright © 2019 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2020 pinoaffe <pinoaffe@airmail.cc>
 ;;; Copyright © 2020 Oleg Pykhalov <go.wigust@gmail.com>
+;;; Copyright © 2020 Nicolò Balzarotti <nicolo@nixo.xyz>
+;;; Copyright @ 2021 Joshua Branson <jbranso@dismail.de>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -752,19 +754,25 @@ object."
   endlessh-configuration make-endlessh-configuration
   endlessh-configuration?
   ;; list of two symbols, allowed values are ipv4, ipv6 or both
-  (bind-family endlessh-configuration-bind-family (default '(ipv4 ipv6)))
+  (bind-family endlessh-configuration-bind-family
+               (default '(ipv4 ipv6)))
   ;; integer
-  (delay endlessh-configuration-delay (default 10000))
+  (delay endlessh-configuration-delay
+         (default 10000))
   ;; integer
   ;; Must be in the range
-  (length endlessh-configuration-length (default 32))
+  (length endlessh-configuration-length
+          (default 32))
   ;; integer
-  (max-clients endlessh-configuration-max-clients (default 4096))
+  (max-clients endlessh-configuration-max-clients
+               (default 4096))
   ;; integer
-  (port-number endlessh-configuration-port-number (default 2222))
+  (port-number endlessh-configuration-port-number
+               (default 2222))
   ;; integer
   ;; Allowed values are 0, 1 and 2
-  (log-level endlessh-configuration-log-level (default 0)))
+  (log-level endlessh-configuration-log-level
+             (default 0)))
 
 (define (endlessh-config->conf config)
   "Convert the CONFIG of type <endlessh-config> to a config file."
@@ -797,15 +805,22 @@ object."
   (shepherd-service
    (documentation "Run endlessh tarpit server.")
    (provision '(endlessh))
-   (start #~(make-forkexec-constructor
-	     (list #$(file-append endlessh "/bin/endlessh")
-		   "-f" #$(endlessh-config->conf config))))
+   (start #~(make-forkexec-constructor/container
+	     `(list #$(file-append endlessh "/bin/endlessh")
+                    ,(if (positive? (endlessh-configuration-log-level config))
+                         "-s"
+                         "")
+		    "-f" #$(endlessh-config->conf config))))
    (stop  #~(make-kill-destructor))))
 
 (define endlessh-service-type
   (service-type
    (name 'endlessh)
-   (description "Run endlessh tarpit server.")
+   (description "Endlessh is an SSH tarpit that very slowly sends an endless,
+random SSH banner. It keeps SSH clients locked up for hours or even days at a
+time. The purpose is to put your real SSH server on another port and then let
+the script kiddies get stuck in this tarpit instead of bothering a real
+server.")
    (extensions
     (list (service-extension shepherd-root-service-type
                              (compose list endlessh-shepherd-service))))
-- 
2.30.0