hosts/server: always add root SSH key

2025-03-30 17:01:51 +01:00
parent 863a02769f
commit ae4a0ebf84
4 changed files with 16 additions and 30 deletions
--- a/hosts/server.nix
+++ b/hosts/server.nix
@@ -1,7 +1,11 @@
 {
+  lib,
  ...
 }:

+let
+  inherit (lib) mkForce;
+in
 {
  imports = [
    ./common.nix
@@ -29,6 +33,16 @@
    # };
  };

+  users = {
+    users = {
+      root = {
+        openssh.authorizedKeys.keys = [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILVHTjsyMIV4THNw6yz0OxAxGnC+41gX72UrPqTzR+OS jordan@vimium.com"
+        ];
+      };
+    };
+  };
+
  systemd = {
    enableEmergencyMode = false;

@@ -56,6 +70,8 @@
    ];
  };

+  services.openssh.settings.PermitRootLogin = mkForce "prohibit-password";
+
  modules.services.tailscale = {
    enable = true;
    restrictSSH = false;