cryodev/hosts/cryodev-main/services/openssh.nix at 92abe2574d12fa3a3802e0a27e125f1ae9d8f49e - steffen/cryodev - Forgejo: Beyond coding. We Forge.

steffen/cryodev

steffen 92abe2574d enable root SSH key-only login for deploy-rs

- Change PermitRootLogin from 'no' to 'prohibit-password' (key-only)
- Add forgejo-deploy public key to root's authorized_keys
- Revert deploy-rs user back to root (needs root for activation)

Root can only login via SSH key, password auth remains disabled.

2026-03-14 14:13:26 +01:00

17 lines

284 B

Nix

Raw Blame History

 {
   outputs,
   ...
 }:
 {
   imports = [
     outputs.nixosModules.openssh
   ];
   services.openssh.enable = true;
   # Root SSH key for deploy-rs (key-only, no password)
   users.users.root.openssh.authorizedKeys.keyFiles = [
     ../../../users/steffen/pubkeys/forgejo-deploy.pub
   ];
 }