diff --git a/configs/nixos/sshd.nix b/configs/nixos/sshd.nix new file mode 100644 index 0000000..11a8ad1 --- /dev/null +++ b/configs/nixos/sshd.nix @@ -0,0 +1,20 @@ +{ + config, + pkgs, + inputs, + outputs, + ... +}: { + services.openssh = { + enable = true; + settings.PermitRootLogin = "prohibit-password"; + settings.PasswordAuthentication = false; + }; + # so we dont have to set TERM everytime we ssh in. + environment.systemPackages = with pkgs; [ + kitty.terminfo + ]; + # if it can log into root, it should also be able to log in to the main user. + users.users.${config.host.user}.openssh.authorizedKeys.keys = + config.users.users.root.openssh.authorizedKeys.keys; +} diff --git a/hosts/archlaptop-vm/default.nix b/hosts/archlaptop-vm/default.nix index 464e16e..02e99ec 100644 --- a/hosts/archlaptop-vm/default.nix +++ b/hosts/archlaptop-vm/default.nix @@ -17,6 +17,8 @@ inputs.nixpkgs.lib.nixosSystem { ../../configs/nixos/sound.nix ../../configs/nixos/interactive-networking.nix ../../configs/nixos/i3 + ../../configs/nixos/sshd.nix + ./secrets.nix ({ config, pkgs, @@ -58,7 +60,6 @@ inputs.nixpkgs.lib.nixosSystem { firefox # thunderbird ]; - openssh.authorizedKeys.keys=config.users.users.root.openssh.authorizedKeys.keys; }; home-manager.users.${config.host.user} = { diff --git a/hosts/workstation-vm/default.nix b/hosts/workstation-vm/default.nix index 83d19f3..fd4b56e 100644 --- a/hosts/workstation-vm/default.nix +++ b/hosts/workstation-vm/default.nix @@ -21,6 +21,7 @@ inputs.nixpkgs.lib.nixosSystem { ../../configs/nixos/nfsv2.nix ../../configs/nixos/i3 ../../configs/nixos/common.nix + ../../configs/nixos/sshd.nix ./secrets.nix ({ config, @@ -65,7 +66,6 @@ inputs.nixpkgs.lib.nixosSystem { firefox # thunderbird ]; - openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys; }; home-manager.users.${config.host.user} = {