From dcd8c37014ab91eae77af1430980d1c84899151d Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Fri, 21 Apr 2023 22:07:54 +0200
Subject: [PATCH] hosts/hydra-1,hosts/hydra-2,hosts/schule: migrate ssh
 settings

---
 hosts/hydra-1/configuration.nix | 4 +++-
 hosts/hydra-2/configuration.nix | 4 +++-
 hosts/schule/configuration.nix  | 6 ++++--
 3 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/hosts/hydra-1/configuration.nix b/hosts/hydra-1/configuration.nix
index 91683e8..7d587f5 100644
--- a/hosts/hydra-1/configuration.nix
+++ b/hosts/hydra-1/configuration.nix
@@ -60,7 +60,9 @@
   programs.ssh.knownHosts."hydra-1.net.clerie.de".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE2xQBCsFBCwL9n4OP/bPngtNO1fy9kPw13Z/NDoba16 root@hydra-1";
   programs.ssh.knownHosts."hydra-2.net.clerie.de".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZED9QM+qe7sB6R6atvP6WNaI2sC2nh7TTsD6kgRpnr root@hydra-2";
 
-  services.openssh.permitRootLogin = "yes";
+  services.openssh.settings = {
+    PermitRootLogin = "yes";
+  };
 
   users.extraUsers.root.openssh.authorizedKeys.keys = [
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMv8Lbca/CR4das3HJ2F/sQ9dA7kdGS1hSVTt5lX4diP root@hydra-1"
diff --git a/hosts/hydra-2/configuration.nix b/hosts/hydra-2/configuration.nix
index 43730af..a362512 100644
--- a/hosts/hydra-2/configuration.nix
+++ b/hosts/hydra-2/configuration.nix
@@ -29,7 +29,9 @@
   # Allow Hydra to fetch remote URLs in restricted mode
   nix.settings.allowed-uris = "http:// https://";
 
-  services.openssh.permitRootLogin = "yes";
+  services.openssh.settings= {
+   PermitRootLogin = "yes";
+  };
 
   users.extraUsers.root.openssh.authorizedKeys.keys = [
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMv8Lbca/CR4das3HJ2F/sQ9dA7kdGS1hSVTt5lX4diP root@hydra-1"
diff --git a/hosts/schule/configuration.nix b/hosts/schule/configuration.nix
index db2f209..3b7078c 100644
--- a/hosts/schule/configuration.nix
+++ b/hosts/schule/configuration.nix
@@ -32,8 +32,10 @@
 
   users.users.js.isNormalUser = true;
 
-  services.openssh.passwordAuthentication = lib.mkForce true;
-  services.openssh.challengeResponseAuthentication = lib.mkForce true;
+  services.openssh.settings = {
+    PasswordAuthentication = lib.mkForce true;
+    ChallengeResponseAuthentication = lib.mkForce true;
+  };
 
   services.ttyd = {
     enable = true;