hosts/hydra-1,hosts/hydra-2,hosts/schule: migrate ssh settings

2023-04-21 22:07:54 +02:00 · 2023-04-21 22:07:54 +02:00 · dcd8c37014
commit dcd8c37014
parent 137cebbe9f
3 changed files with 10 additions and 4 deletions
--- a/hosts/hydra-1/configuration.nix
+++ b/hosts/hydra-1/configuration.nix
@ -60,7 +60,9 @@
  programs.ssh.knownHosts."hydra-1.net.clerie.de".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE2xQBCsFBCwL9n4OP/bPngtNO1fy9kPw13Z/NDoba16 root@hydra-1";
  programs.ssh.knownHosts."hydra-2.net.clerie.de".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZED9QM+qe7sB6R6atvP6WNaI2sC2nh7TTsD6kgRpnr root@hydra-2";
-  services.openssh.permitRootLogin = "yes";
+  services.openssh.settings = {
    PermitRootLogin = "yes";
  };
  users.extraUsers.root.openssh.authorizedKeys.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMv8Lbca/CR4das3HJ2F/sQ9dA7kdGS1hSVTt5lX4diP root@hydra-1"
--- a/hosts/hydra-2/configuration.nix
+++ b/hosts/hydra-2/configuration.nix
@ -29,7 +29,9 @@
  # Allow Hydra to fetch remote URLs in restricted mode
  nix.settings.allowed-uris = "http:// https://";
-  services.openssh.permitRootLogin = "yes";
+  services.openssh.settings= {
   PermitRootLogin = "yes";
  };
  users.extraUsers.root.openssh.authorizedKeys.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMv8Lbca/CR4das3HJ2F/sQ9dA7kdGS1hSVTt5lX4diP root@hydra-1"
--- a/hosts/schule/configuration.nix
+++ b/hosts/schule/configuration.nix
@ -32,8 +32,10 @@
  users.users.js.isNormalUser = true;
-  services.openssh.passwordAuthentication = lib.mkForce true;
+  services.openssh.settings = {
-  services.openssh.challengeResponseAuthentication = lib.mkForce true;
+    PasswordAuthentication = lib.mkForce true;
    ChallengeResponseAuthentication = lib.mkForce true;
  };
  services.ttyd = {
    enable = true;