From a7e6bd392b8db4d355ef5bd82720fb7d190177de Mon Sep 17 00:00:00 2001
From: TheWanderingCrow <contact@wanderingcrow.net>
Date: Mon, 20 Jan 2025 10:00:03 -0500
Subject: [PATCH] modify some of the ssh parameters

---
 hosts/Parzival-Live/default.nix               |  4 ++++
 hosts/WCE-Overseer/hardware-configuration.nix |  2 +-
 modules/security/ssh.nix                      |  4 ++++
 modules/users/overseer/services.nix           | 22 +++++++++----------
 4 files changed, 20 insertions(+), 12 deletions(-)

diff --git a/hosts/Parzival-Live/default.nix b/hosts/Parzival-Live/default.nix
index 8ae24f9..f3a7422 100644
--- a/hosts/Parzival-Live/default.nix
+++ b/hosts/Parzival-Live/default.nix
@@ -17,6 +17,10 @@
   boot.supportedFilesystems = lib.mkForce ["zfs" "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs"];
   networking.wireless.enable = false;
 
+  users.users.nixos.authorizedKeys.keys = lib.mkForce [
+    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCccZhYmAIdbBv0vuvhKvnD0sm6dphdngef1jFwDhcUexoEZq8sXB3N69gsQV+ievv++T5SfEwLPEJSgVEwtwYHTCwxnGscD+thYXOacoMr3++1toCKgFHLIWrbma8jSzSDp8ERuVcbeYo/xckxCL3+axlUmyQw6TXsDbOJTYhGuJdCMlHJNl0EftwgnJZ4e+WqW/5jmG9Nu3KDgpyjYVA4v6xtkjS+NCVA3jOdDs0JPFemhb2b5ItAGe60IH65PaX63QFysxMWil0+EF04L+23sYwRMMfz9F/AX62uonemzROTAIu78grUWgjHqGQ2yOhdnOwNT0wox1KhG+r/lvFX"
+  ];
+
   user.live.enable = true;
 
   module.programming.enable = true;
diff --git a/hosts/WCE-Overseer/hardware-configuration.nix b/hosts/WCE-Overseer/hardware-configuration.nix
index 5f9eed1..ae7c0ae 100644
--- a/hosts/WCE-Overseer/hardware-configuration.nix
+++ b/hosts/WCE-Overseer/hardware-configuration.nix
@@ -13,7 +13,7 @@
   ];
 
   boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
-  boot.supportedFilesystems = [ "zfs" ];
+  boot.supportedFilesystems = ["zfs"];
   boot.initrd.kernelModules = [];
   boot.kernelModules = [];
   boot.extraModulePackages = [];
diff --git a/modules/security/ssh.nix b/modules/security/ssh.nix
index 76c2992..cc414db 100644
--- a/modules/security/ssh.nix
+++ b/modules/security/ssh.nix
@@ -1,5 +1,9 @@
 {
   services.openssh = {
     enable = true;
+    settings = {
+      PermitRootLogin = "no";
+      PasswordAuthentication = false;
+    };
   };
 }
diff --git a/modules/users/overseer/services.nix b/modules/users/overseer/services.nix
index 4b44b5a..321f33d 100644
--- a/modules/users/overseer/services.nix
+++ b/modules/users/overseer/services.nix
@@ -30,17 +30,17 @@ in
       # (Arguably) Most Important Service - backups
       services.restic.backups = {
         NPM = {
-            user = "root";
-            timerConfig = {
-                OnCalendar = "daily";
-                Persistent = true;
-            };
-            paths = [
-               "${volumePath}/NPM/data"
-               "${volumePath}/NPM/letsencrypt"
-            ];
-            repositoryFile = config.sops.secrets."restic/url".path;
-            passwordFile = config.sops.secrets."restic/key".path;
+          user = "root";
+          timerConfig = {
+            OnCalendar = "daily";
+            Persistent = true;
+          };
+          paths = [
+            "${volumePath}/NPM/data"
+            "${volumePath}/NPM/letsencrypt"
+          ];
+          repositoryFile = config.sops.secrets."restic/url".path;
+          passwordFile = config.sops.secrets."restic/key".path;
         };
       };