diff --git a/hosts/containers/deployer/configuration.nix b/hosts/containers/deployer/configuration.nix index 18ace05d..c1dd21df 100644 --- a/hosts/containers/deployer/configuration.nix +++ b/hosts/containers/deployer/configuration.nix @@ -56,7 +56,6 @@ services.openssh = { enable = true; - permitRootLogin = "yes"; }; nix = { diff --git a/hosts/containers/dn42/default.nix b/hosts/containers/dn42/default.nix index fe803c3f..fdd0008c 100644 --- a/hosts/containers/dn42/default.nix +++ b/hosts/containers/dn42/default.nix @@ -40,7 +40,6 @@ in { # SSH for nixops services.openssh.enable = true; - services.openssh.permitRootLogin = "yes"; boot.kernel.sysctl = { "net.ipv4.conf.all.forwarding" = true; diff --git a/hosts/containers/elastic/configuration.nix b/hosts/containers/elastic/configuration.nix index 4b340d03..88cc6995 100644 --- a/hosts/containers/elastic/configuration.nix +++ b/hosts/containers/elastic/configuration.nix @@ -29,7 +29,6 @@ services.openssh = { enable = true; - permitRootLogin = "yes"; }; services.elasticsearch = { diff --git a/hosts/containers/gitea/modules/ssh.nix b/hosts/containers/gitea/modules/ssh.nix index f53f70a9..68e3aa4e 100644 --- a/hosts/containers/gitea/modules/ssh.nix +++ b/hosts/containers/gitea/modules/ssh.nix @@ -3,7 +3,6 @@ { services.openssh = { enable = true; - permitRootLogin = "prohibit-password"; extraConfig = '' Match User gitea AllowAgentForwarding no diff --git a/hosts/containers/logging/configuration.nix b/hosts/containers/logging/configuration.nix index abe7d506..a021d360 100644 --- a/hosts/containers/logging/configuration.nix +++ b/hosts/containers/logging/configuration.nix @@ -37,7 +37,6 @@ services.openssh = { enable = true; - permitRootLogin = "yes"; }; services.nginx = { diff --git a/hosts/containers/lxc-template.nix b/hosts/containers/lxc-template.nix index 953d8d08..e6a69c02 100644 --- a/hosts/containers/lxc-template.nix +++ b/hosts/containers/lxc-template.nix @@ -17,7 +17,6 @@ services.openssh = { enable = true; - permitRootLogin = "yes"; }; # This value determines the NixOS release with which your system is to be diff --git a/hosts/containers/mongo/configuration.nix b/hosts/containers/mongo/configuration.nix index f4b13185..e6a80371 100644 --- a/hosts/containers/mongo/configuration.nix +++ b/hosts/containers/mongo/configuration.nix @@ -29,7 +29,6 @@ services.openssh = { enable = true; - permitRootLogin = "yes"; }; services.mongodb = { diff --git a/hosts/dacbert/default.nix b/hosts/dacbert/default.nix index ee6bb6a0..09bf73a3 100644 --- a/hosts/dacbert/default.nix +++ b/hosts/dacbert/default.nix @@ -100,7 +100,6 @@ # Enable the OpenSSH daemon. services.openssh = { enable = true; - permitRootLogin = "yes"; }; security.sudo = { enable = true; diff --git a/hosts/pulsebert/default.nix b/hosts/pulsebert/default.nix index 01a5d52c..ba3ae9bb 100644 --- a/hosts/pulsebert/default.nix +++ b/hosts/pulsebert/default.nix @@ -70,7 +70,6 @@ in # Enable the OpenSSH daemon. services.openssh = { enable = true; - permitRootLogin = "yes"; }; security.sudo = { enable = true; diff --git a/hosts/radiobert/default.nix b/hosts/radiobert/default.nix index 52b7b923..f67f389c 100644 --- a/hosts/radiobert/default.nix +++ b/hosts/radiobert/default.nix @@ -118,7 +118,6 @@ # Enable the OpenSSH daemon. services.openssh = { enable = true; - permitRootLogin = "yes"; }; security.sudo = { enable = true; diff --git a/lib/default.nix b/lib/default.nix index 4923203e..f10b8fe7 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -236,7 +236,7 @@ in { # Required for deployment services.openssh = { enable = true; - permitRootLogin = "yes"; + permitRootLogin = "prohibit-password"; }; environment.systemPackages = with pkgs; [