c45a603d1c
- Add Comin service for cryodev-main (polls git repo, auto-deploys) - Fix cryodev-pi Comin URL (cryodev-server.git -> cryodev.git) - Remove deploy-rs from CI pipeline (was insecure with shared runner) - Remove deploy SSH key, root SSH login, sudo rules for gitea-runner - Revert PermitRootLogin back to 'no' - CI now only runs flake-check + build (no deploy) - Deployment happens via Comin (both hosts poll and self-deploy)
16 lines
289 B
Nix
16 lines
289 B
Nix
{ lib, ... }:
|
|
|
|
let
|
|
inherit (lib) mkDefault;
|
|
in
|
|
{
|
|
services.openssh = {
|
|
enable = mkDefault true;
|
|
ports = mkDefault [ 2299 ];
|
|
openFirewall = mkDefault true;
|
|
settings = {
|
|
PermitRootLogin = mkDefault "no";
|
|
PasswordAuthentication = mkDefault false;
|
|
};
|
|
};
|
|
}
|