From a2c50346f0a5ba4d556f8ae59e55e91920cc116a Mon Sep 17 00:00:00 2001
From: Lillian-Violet <git@lillianviolet.dev>
Date: Sat, 2 Mar 2024 22:01:05 +0100
Subject: [PATCH] Secure queen's ssh a bit better (password not allowed)

---
 nixos/hosts/queen/configuration.nix | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/nixos/hosts/queen/configuration.nix b/nixos/hosts/queen/configuration.nix
index cf10395..aa89f8d 100644
--- a/nixos/hosts/queen/configuration.nix
+++ b/nixos/hosts/queen/configuration.nix
@@ -28,7 +28,13 @@
   boot.tmp.cleanOnBoot = true;
   zramSwap.enable = false;
   networking.domain = "";
-  services.openssh.enable = true;
+  services.openssh = {
+    enable = true;
+    # require public key authentication for better security
+    settings.PasswordAuthentication = false;
+    settings.KbdInteractiveAuthentication = false;
+    settings.PermitRootLogin = "no";
+  };
 
   nixpkgs = {
     # You can add overlays here