From afc7385c9552a9f5841396652212ce8244abd56f Mon Sep 17 00:00:00 2001
From: William <baduhai@proton.me>
Date: Mon, 2 Jun 2025 13:01:07 -0300
Subject: [PATCH] fix ssh keys and disallow root login

---
 hosts/modules/networking.nix | 5 ++++-
 hosts/modules/users.nix      | 8 ++------
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/hosts/modules/networking.nix b/hosts/modules/networking.nix
index 63459d0..30dd7b5 100644
--- a/hosts/modules/networking.nix
+++ b/hosts/modules/networking.nix
@@ -18,7 +18,10 @@
           enable = true;
           extraUpFlags = [ "--operator=user" ];
         };
-        openssh.enable = true;
+        openssh = {
+          enable = true;
+          settings.PermitRootLogin = "no";
+        };
       };
     }
 
diff --git a/hosts/modules/users.nix b/hosts/modules/users.nix
index 96f1ba5..e463781 100644
--- a/hosts/modules/users.nix
+++ b/hosts/modules/users.nix
@@ -20,17 +20,13 @@
             "wheel"
           ];
           openssh.authorizedKeys.keys = [
-            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKcwF1yuWEfYGScNocEbs0AmGxyTIzGc4/IhpU587SJE"
-            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL"
+            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam"
+            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io"
           ];
           hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0";
         };
         root = {
           shell = pkgs.fish;
-          openssh.authorizedKeys.keys = [
-            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKcwF1yuWEfYGScNocEbs0AmGxyTIzGc4/IhpU587SJE"
-            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL"
-          ];
           hashedPassword = "!";
         };
       };