From 5ff437e58c4516717d6f281c18c9ef9935516624 Mon Sep 17 00:00:00 2001
From: geemili <opensource@geemili.xyz>
Date: Sun, 31 Dec 2023 22:27:25 -0700
Subject: [PATCH] security: disable root login and logging in with passwords

---
 configuration.nix | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/configuration.nix b/configuration.nix
index 7eb015f..c1d61eb 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -60,7 +60,12 @@
   # List services that you want to enable:
 
   # Enable the OpenSSH daemon.
-  services.openssh.enable = true;
+  services.openssh = {
+    enable = true;
+    settings.PasswordAuthentication = false;
+    settings.KbdInteractiveAuthentication = false;
+    settings.PermitRootLogin = "no";
+  };
 
   services.cockpit = {
     enable = true;