Disable password auth in SSH and root login

More secure.
Re-enable the bare 'sovr.cloud' certificate
2025-01-05 19:06:15 -07:00 · 2025-01-05 19:05:10 -07:00
1 changed files with 9 additions and 3 deletions
--- a/sovr/etc/nixos/configuration.nix
+++ b/sovr/etc/nixos/configuration.nix
@ -49,12 +49,12 @@
      environmentFile = "/opt/keys/porkbun";
      group = "nginx";
    };
-    /*certs."sovr.cloud" = {
+    certs."sovr.cloud" = {
      dnsProvider = "porkbun";
      domain = "sovr.cloud";
      environmentFile = "/opt/keys/porkbun";
      group = "nginx";
-    };*/
+    };
    defaults.email = "eli@theribbles.org";
  };
  # Configure network proxy if necessary
@ -65,7 +65,13 @@
    enable = true;
    network.enable = true;
  };
-  services.openssh.enable = true;
+  services.openssh = {
+    enable = true;
+    # require public key authentication for better security
+    settings.PasswordAuthentication = false;
+    settings.KbdInteractiveAuthentication = false;
+    settings.PermitRootLogin = "no";
+  };
  services.sovr-server = {
    enable = true;
    sessionSecret = "secret";
Author	SHA1	Message	Date
Eli Ribble	5421eccc0b	Disable password auth in SSH and root login More secure.	2025-01-05 19:06:15 -07:00
Eli Ribble	a154a67ac8	Re-enable the bare 'sovr.cloud' certificate It works now that our DNS entries are correct.	2025-01-05 19:05:10 -07:00