[depo] enable deploy user and change password settings

Disable password authentication for ssh. We only use key-based ssh auth and don't set passwords, so this shouldn't work anyway. Also enable passwordless sudo, since we don't set passwords.
author: Ben Sima <ben@bsima.me> 2019-09-17 21:42:15 -0700
committer: Ben Sima <ben@bsima.me> 2019-09-17 21:45:34 -0700
commit: 83dfc24001e0846c9f631f3902fd7139a60439ba (patch)
tree: 937a666db47e2dc74483306f755ae8dfafd86a02 /depo/nutin-madaj/default.nix
parent: 830668f1368c0a025fe8d58fce663afc75a7f481 (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/depo/nutin-madaj/default.nix b/depo/nutin-madaj/default.nix
index b2afae8..4d9dd02 100644
--- a/depo/nutin-madaj/default.nix
+++ b/depo/nutin-madaj/default.nix
@@ -54,6 +54,13 @@ nixos {
       withUtempter = true;
     };
 
+    services.openssh = {
+      enable = true;
+      passwordAuthentication = false;
+    };
+
+    security.sudo.wheelNeedsPassword = true;
+
     # our custom apps
     #services = {
     #  ibb = {
@@ -83,6 +90,5 @@ nixos {
     #};
 
     boot.cleanTmpDir = true;
-    services.openssh.enable = true;
   };
 }
author	Ben Sima <ben@bsima.me>	2019-09-17 21:42:15 -0700
committer	Ben Sima <ben@bsima.me>	2019-09-17 21:45:34 -0700
commit	83dfc24001e0846c9f631f3902fd7139a60439ba (patch)
tree	937a666db47e2dc74483306f755ae8dfafd86a02 /depo/nutin-madaj/default.nix
parent	830668f1368c0a025fe8d58fce663afc75a7f481 (diff)