From 28c32073a0fae6e11451e33ad0f4f82ad0dbfcc6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= <lelgenio@disroot.org>
Date: Thu, 10 Nov 2022 20:54:28 -0300
Subject: [PATCH] make ssh config more strict

---
 system/configuration.nix | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/system/configuration.nix b/system/configuration.nix
index ae8afca..234b43b 100644
--- a/system/configuration.nix
+++ b/system/configuration.nix
@@ -48,7 +48,13 @@
   programs.firejail.enable = true;
 
   security.rtkit.enable = true;
-  services.sshd.enable = true;
+  services.openssh = {
+    enable = true;
+    kbdInteractiveAuthentication = false;
+    passwordAuthentication = false;
+    permitRootLogin = "no";
+    ports = [ 9022 ];
+  };
 
   ## Enable sound with pipewire.
   sound.enable = true;