From 83dfc24001e0846c9f631f3902fd7139a60439ba Mon Sep 17 00:00:00 2001 From: Ben Sima Date: Tue, 17 Sep 2019 21:42:15 -0700 Subject: [depo] enable deploy user and change password settings Disable password authentication for ssh. We only use key-based ssh auth and don't set passwords, so this shouldn't work anyway. Also enable passwordless sudo, since we don't set passwords. --- depo/nutin-madaj/default.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'depo/nutin-madaj') diff --git a/depo/nutin-madaj/default.nix b/depo/nutin-madaj/default.nix index b2afae8..4d9dd02 100644 --- a/depo/nutin-madaj/default.nix +++ b/depo/nutin-madaj/default.nix @@ -54,6 +54,13 @@ nixos { withUtempter = true; }; + services.openssh = { + enable = true; + passwordAuthentication = false; + }; + + security.sudo.wheelNeedsPassword = true; + # our custom apps #services = { # ibb = { @@ -83,6 +90,5 @@ nixos { #}; boot.cleanTmpDir = true; - services.openssh.enable = true; }; } -- cgit v1.2.3