diff options
| author | Preston Pan <ret2pop@nullring.xyz> | 2026-03-01 23:51:02 -0800 |
|---|---|---|
| committer | Preston Pan <ret2pop@nullring.xyz> | 2026-03-01 23:51:02 -0800 |
| commit | a05e0614c1bb75f77717a943dc4ac75a0cca4652 (patch) | |
| tree | d52ddee9db6d6eabbafc73f04aa83f6bbcd7f0c5 /nix/modules/ssh.nix | |
| parent | 75439737613d86975856c4bff0a1257f58fd1b1f (diff) | |
add everything; add CI
Diffstat (limited to 'nix/modules/ssh.nix')
| -rw-r--r-- | nix/modules/ssh.nix | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/nix/modules/ssh.nix b/nix/modules/ssh.nix index db0ebd3..c816f1c 100644 --- a/nix/modules/ssh.nix +++ b/nix/modules/ssh.nix @@ -3,10 +3,11 @@ services.openssh = { enable = true; settings = { - PasswordAuthentication = lib.mkDefault (! config.monorepo.profiles.server.enable); - AllowUsers = [ config.monorepo.vars.userName "root" "git" ]; - PermitRootLogin = "prohibit-password"; + PasswordAuthentication = false; + AllowUsers = [ config.monorepo.vars.userName "git" ]; + PermitRootLogin = "no"; KbdInteractiveAuthentication = false; }; }; + networking.firewall.allowedTCPPorts = lib.mkIf config.services.openssh.enable [ 22 ]; } |