diff --git a/private b/private index 3512e17..8e7d1a2 160000 --- a/private +++ b/private @@ -1 +1 @@ -Subproject commit 3512e177ea84eccde10e92f2f59f9ca53fd12be3 +Subproject commit 8e7d1a212ec93008a038ba9cfa178f21584c8441 diff --git a/sets/builder.nix b/sets/builder.nix index 77d8d7d..fc8d4d7 100644 --- a/sets/builder.nix +++ b/sets/builder.nix @@ -13,5 +13,5 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIElCYORRBERl/as01Obp1Og/mdy28V7gw32uCZseOSZt root@spike" ]; }; - users.groups.build = {}; + users.groups.build = { }; } diff --git a/sets/sshd.nix b/sets/sshd.nix index ac4e491..6f0cc98 100644 --- a/sets/sshd.nix +++ b/sets/sshd.nix @@ -3,6 +3,7 @@ { services.openssh = { enable = true; + permitRootLogin = "no"; passwordAuthentication = false; challengeResponseAuthentication = false; }; diff --git a/system/starlight/default.nix b/system/starlight/default.nix index e8baa99..ec87f1d 100644 --- a/system/starlight/default.nix +++ b/system/starlight/default.nix @@ -42,6 +42,9 @@ }; networking.dhcpcd.allowInterfaces = [ "br0" ]; + services.openssh.extraConfig = '' + HostCertificate ${./starlight-cert.pub} + ''; # Filesystems services.btrfs.autoScrub = { diff --git a/system/starlight/starlight-cert.pub b/system/starlight/starlight-cert.pub new file mode 100644 index 0000000..c17627c --- /dev/null +++ b/system/starlight/starlight-cert.pub @@ -0,0 +1 @@ +ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIGUyWiAERR47rTR2lohChiKdU0kf4TtRvJ/KQtIGIqZDAAAAIH6tiVWFxibZuhoaZbqwlqjBm9x6k5hsY05/RXUgjNrxAAAAAAAAAAAAAAACAAAACXN0YXJsaWdodAAAACIAAAAec3RhcmxpZ2h0Lm1hbmVoYXR0YW4uYXJ0ZW0uaXN0AAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAAJYAAAAic2stZWNkc2Etc2hhMi1uaXN0cDI1NkBvcGVuc3NoLmNvbQAAAAhuaXN0cDI1NgAAAEEEs2afp1TpC5y/FgHU6zq30W1HuH+QkYhwl1Rku/mJe4soLCq0pj8YQMIMObCTSSSaWCAQOgtKxMc0Oj1kuO8jSwAAABtzc2g6Y2FAbWFuZWhhdHRhbi5hcnRlbS5pc3QAAAB4AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAABJAAAAIQDoX9ScwnW7ZRlhE3MzamTHa7Z4XGFwKckZUkxFrWV+uAAAACAWZU7Mo4n5PtIj5OvXwVawot7aerV8KVNmGyT9tCFOlgEAAAAU root@starlight