From a05e0614c1bb75f77717a943dc4ac75a0cca4652 Mon Sep 17 00:00:00 2001
From: Preston Pan <ret2pop@nullring.xyz>
Date: Sun, 1 Mar 2026 23:51:02 -0800
Subject: add everything; add CI

---
 nix/modules/ssh.nix | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'nix/modules/ssh.nix')

diff --git a/nix/modules/ssh.nix b/nix/modules/ssh.nix
index db0ebd3..c816f1c 100644
--- a/nix/modules/ssh.nix
+++ b/nix/modules/ssh.nix
@@ -3,10 +3,11 @@
   services.openssh = {
     enable = true;
     settings = {
-      PasswordAuthentication = lib.mkDefault (! config.monorepo.profiles.server.enable);
-      AllowUsers = [ config.monorepo.vars.userName "root" "git" ];
-      PermitRootLogin = "prohibit-password";
+      PasswordAuthentication = false;
+      AllowUsers = [ config.monorepo.vars.userName "git" ];
+      PermitRootLogin = "no";
       KbdInteractiveAuthentication = false;
     };
   };
+  networking.firewall.allowedTCPPorts = lib.mkIf config.services.openssh.enable [ 22 ];
 }
-- 
cgit v1.3