No need. What's so hard about providing all these swoopy services on a
machine located just *outside* your firewall, with a completely expendable
OS and utilities that can be restored from tape in a couple of hours, and
doing all your real work [including generating the master tree for your
swoopy-server] behind the wall? Said machine will continue supplying swoopy
services even if it's cracked, until the crackers manage to completely
destroy it, after which you slap a tape on and restore it to its known
configuration [maybe with some more holes plugged].
It also gives you a "target" that you can carefully watch for weird activity
against, if you want to spent the time trapping perpetrators.
A warning to all callers that things they obtain from such a machine may not
necessarily be trustworthy might be appropriate, though, so they might
*expect* things like the wu-ftpd hole to show up.