From 669ab6b6ba9bef503043e8798efc4e030826e376 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 13 Aug 2022 20:17:00 +0200 Subject: [PATCH] Open SSH on the network by default, but don't allow password authentication --- profiles/core/default.nix | 3 ++- profiles/iot/default.nix | 8 ++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 profiles/iot/default.nix diff --git a/profiles/core/default.nix b/profiles/core/default.nix index f313637..d146bfb 100644 --- a/profiles/core/default.nix +++ b/profiles/core/default.nix @@ -117,7 +117,8 @@ in # For rage encryption, all hosts need a ssh key pair services.openssh = { enable = true; - openFirewall = lib.mkDefault false; + openFirewall = lib.mkDefault true; + passwordAuthentication = false; }; # Service that makes Out of Memory Killer more effective diff --git a/profiles/iot/default.nix b/profiles/iot/default.nix new file mode 100644 index 0000000..185a9ce --- /dev/null +++ b/profiles/iot/default.nix @@ -0,0 +1,8 @@ +{ self, config, lib, pkgs, ... }: +let inherit (lib) fileContents; +in +{ + pub-solar.graphical.enable = false; + pub-solar.x-os.localProxyService.enable = false; + pub-solar.sway.enable = false; +}