From 84f9815ebb8d0f95bec93f2fb990c7c1bb6fd3e2 Mon Sep 17 00:00:00 2001
From: LavaDesu <me@lava.moe>
Date: Thu, 15 Jul 2021 08:39:09 +0700
Subject: [PATCH] disallow ssh root login and password auth

---
 hosts/winter/security.nix | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/hosts/winter/security.nix b/hosts/winter/security.nix
index 78748e5..0cfde8e 100644
--- a/hosts/winter/security.nix
+++ b/hosts/winter/security.nix
@@ -1,6 +1,11 @@
 { config, pkgs, ... }: {
   networking.firewall.enable = false;
-  services.openssh.enable = true;
+
+  services.openssh = {
+    enable = true;
+    permitRootLogin = "no";
+    passwordAuthentication = false;
+  };
 
   security = {
     polkit.enable = true;