cryodev/modules/nixos/openssh/default.nix at main - steffen/cryodev - Forgejo: Beyond coding. We Forge.

steffen/cryodev

steffen c45a603d1c replace deploy-rs CI with Comin pull-based deployment

- Add Comin service for cryodev-main (polls git repo, auto-deploys)
- Fix cryodev-pi Comin URL (cryodev-server.git -> cryodev.git)
- Remove deploy-rs from CI pipeline (was insecure with shared runner)
- Remove deploy SSH key, root SSH login, sudo rules for gitea-runner
- Revert PermitRootLogin back to 'no'
- CI now only runs flake-check + build (no deploy)
- Deployment happens via Comin (both hosts poll and self-deploy)

2026-03-14 14:43:15 +01:00

16 lines

289 B

Nix

Raw Permalink Blame History

 { lib, ... }:
 let
   inherit (lib) mkDefault;
 in
 {
   services.openssh = {
     enable = mkDefault true;
     ports = mkDefault [ 2299 ];
     openFirewall = mkDefault true;
     settings = {
       PermitRootLogin = mkDefault "no";
       PasswordAuthentication = mkDefault false;
     };
   };
 }