From 881f9d1ef8bbe3132bc612926cdfa73512e9741f Mon Sep 17 00:00:00 2001
From: "Gustavo L de Mello (Guz)" <contact@guz.one>
Date: Tue, 1 Oct 2024 19:50:33 -0300
Subject: [PATCH] feat: openssh configuration

---
 hosts/battleship/configuration.nix | 4 ++++
 hosts/fighter/configuration.nix    | 7 ++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/hosts/battleship/configuration.nix b/hosts/battleship/configuration.nix
index 053488b..1a81894 100644
--- a/hosts/battleship/configuration.nix
+++ b/hosts/battleship/configuration.nix
@@ -159,6 +159,10 @@
 
   # Enable the OpenSSH daemon.
   services.openssh.enable = true;
+  services.openssh.settings = {
+    PasswordAuthentication = false;
+    PermitRootLogin = "forced-commands-only";
+  };
 
   # Bootloader.
   boot.loader.systemd-boot.enable = true;
diff --git a/hosts/fighter/configuration.nix b/hosts/fighter/configuration.nix
index 748e3ee..d44aac6 100644
--- a/hosts/fighter/configuration.nix
+++ b/hosts/fighter/configuration.nix
@@ -117,7 +117,7 @@
     hostName = "fighter";
     wireless.enable = false;
     dhcpcd.enable = true;
-    defaultGateway = "192.168.1.1";
+    defaultGateway = "${config.battleship-secrets.lesser.devices.defaultGateway}";
     interfaces."wlp2s0".ipv4.addresses = [
       {
         address = "${config.battleship-secrets.lesser.devices.figther}";
@@ -154,6 +154,11 @@
 
   # Enable the OpenSSH daemon.
   services.openssh.enable = true;
+  services.openssh.settings = {
+    PasswordAuthentication = false;
+    PermitRootLogin = "forced-commands-only";
+  };
+
   # Open ports in the firewall.
   networking.firewall.allowedTCPPorts = [80 433];
   # networking.firewall.allowedUDPPorts = [ ... ];