From 81ac3b4c0d45713a28dfcea842b334e3e52adf30 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Mon, 6 May 2024 11:12:19 +0200
Subject: [PATCH] ssh: disable password login

---
 hosts/quitte/configuration.nix | 9 +++------
 modules/core/base.nix          | 8 +++++++-
 2 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/hosts/quitte/configuration.nix b/hosts/quitte/configuration.nix
index 0e2d288..2d7faa1 100644
--- a/hosts/quitte/configuration.nix
+++ b/hosts/quitte/configuration.nix
@@ -21,12 +21,12 @@
   boot.kernelPackages = pkgs.linuxPackagesFor (pkgs.linux_6_6.override {
     argsOverride = rec {
       src = pkgs.fetchurl {
-            url = "mirror://kernel/linux/kernel/v6.x/linux-${version}.tar.xz";
-            sha256 = "sha256-Y55QBg48jyPtAXyxDP6sxrqI/1WDgSu3aFm0zGoSgpE=";
+        url = "mirror://kernel/linux/kernel/v6.x/linux-${version}.tar.xz";
+        sha256 = "sha256-Y55QBg48jyPtAXyxDP6sxrqI/1WDgSu3aFm0zGoSgpE=";
       };
       version = "6.6.27";
       modDirVersion = "6.6.27";
-      };
+    };
   });
 
   services.zfs = {
@@ -53,9 +53,6 @@
       value = "10000";
     }
   ];
-  # Enable the OpenSSH daemon.
-  services.openssh.enable = true;
-  services.openssh.settings.PermitRootLogin = "yes";
 
   systemd = {
     services.nix-daemon.serviceConfig = {
diff --git a/modules/core/base.nix b/modules/core/base.nix
index 53a5d38..b3f19c0 100755
--- a/modules/core/base.nix
+++ b/modules/core/base.nix
@@ -29,7 +29,13 @@
   };
 
   # Enable the OpenSSH daemon.
-  services.openssh.enable = true;
+  services.openssh = {
+    enable = true;
+    settings = {
+      PermitRootLogin = "yes";
+      PasswordAuthentication = "no";
+    };
+  };
   programs.mosh.enable = true;
 
   # vs code server