From 5a0cb28f369c104bb371974df876c8c705b0ee7e Mon Sep 17 00:00:00 2001
From: ene <ene@sils.li>
Date: Sat, 18 Mar 2023 16:21:45 +0100
Subject: Refactor: Use better file layout

---
 system/services/opensshd/default.nix | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 system/services/opensshd/default.nix

(limited to 'system/services/opensshd')

diff --git a/system/services/opensshd/default.nix b/system/services/opensshd/default.nix
new file mode 100644
index 0000000..cb9f2ba
--- /dev/null
+++ b/system/services/opensshd/default.nix
@@ -0,0 +1,18 @@
+{
+  config,
+  pkg,
+  ...
+}: {
+  services.openssh = {
+    enable = true;
+    passwordAuthentication = false;
+    hostKeys = [
+      {
+        comment = "key comment";
+        path = "/srv/sshd/ssh_host_ed25519_key";
+        rounds = 1000;
+        type = "ed25519";
+      }
+    ];
+  };
+}
-- 
cgit 1.4.1


From dc4334de217175ad7d1c0a4e2e3f98b2fef51784 Mon Sep 17 00:00:00 2001
From: ene <ene@sils.li>
Date: Sat, 18 Mar 2023 16:56:04 +0100
Subject: Fix(system/users): Remove unneeded root ssh login keys

All users are in the wheel group, thus direct login as root is no longer
needed.
---
 system/services/opensshd/default.nix | 1 -
 system/users/default.nix             | 7 ++-----
 2 files changed, 2 insertions(+), 6 deletions(-)

(limited to 'system/services/opensshd')

diff --git a/system/services/opensshd/default.nix b/system/services/opensshd/default.nix
index cb9f2ba..75c5aef 100644
--- a/system/services/opensshd/default.nix
+++ b/system/services/opensshd/default.nix
@@ -8,7 +8,6 @@
     passwordAuthentication = false;
     hostKeys = [
       {
-        comment = "key comment";
         path = "/srv/sshd/ssh_host_ed25519_key";
         rounds = 1000;
         type = "ed25519";
diff --git a/system/users/default.nix b/system/users/default.nix
index 34e1648..3555221 100644
--- a/system/users/default.nix
+++ b/system/users/default.nix
@@ -5,11 +5,8 @@
   users.users = {
     root = {
       #uid = 0;
-      #initialHashedPassword = null; # to lock root
-      # Backup, if something happens. TODO remove this later
+      initialHashedPassword = null; # to lock root
       openssh.authorizedKeys.keys = [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG63gxw8JePmrC8Fni0pLV4TnPBhCPmSV9FYEdva+6s7 sils"
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBFuTNNn71Rhfnop2cdz3r/RhWWlCePnSBOhTBbu2ME soispha"
       ];
     };
 
@@ -17,7 +14,7 @@
       name = "sils";
       isNormalUser = true;
       home = "/srv/home/sils";
-      initialHashedPassword = "$y$jFT$KpFnahVCE9JbE.5P3us8o.$ZzSxCusWqe3sL7b6DLgOXNNUf114tiiptM6T8lDxtKC"; # TODO CHANGE
+      initialHashedPassword = "$y$jFT$KpFnahVCE9JbE.5P3us8o.$ZzSxCusWqe3sL7b6DLgOXNNUf114tiiptM6T8lDxtKC";
       uid = 1000;
       extraGroups = [
         "wheel"
-- 
cgit 1.4.1