Open SSH on the network by default, but don't allow password authentication

This commit is contained in:
Benjamin Bädorf 2022-08-13 20:17:00 +02:00
parent ded0dd7d15
commit 669ab6b6ba
No known key found for this signature in database
GPG key ID: 4406E80E13CD656C
2 changed files with 10 additions and 1 deletions

View file

@ -117,7 +117,8 @@ in
# For rage encryption, all hosts need a ssh key pair # For rage encryption, all hosts need a ssh key pair
services.openssh = { services.openssh = {
enable = true; enable = true;
openFirewall = lib.mkDefault false; openFirewall = lib.mkDefault true;
passwordAuthentication = false;
}; };
# Service that makes Out of Memory Killer more effective # Service that makes Out of Memory Killer more effective

8
profiles/iot/default.nix Normal file
View file

@ -0,0 +1,8 @@
{ self, config, lib, pkgs, ... }:
let inherit (lib) fileContents;
in
{
pub-solar.graphical.enable = false;
pub-solar.x-os.localProxyService.enable = false;
pub-solar.sway.enable = false;
}