From 358eb29fc40bd93f9c161c9306879f45f1706539 Mon Sep 17 00:00:00 2001
From: kalipso <kalipso@c3d2.de>
Date: Tue, 5 Dec 2023 18:37:15 +0100
Subject: [PATCH] [lucia] reenable root ssh

---
 machines/configuration.nix       | 1 +
 machines/lucia/configuration.nix | 8 ++++++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/machines/configuration.nix b/machines/configuration.nix
index dff5694d..7945dad4 100644
--- a/machines/configuration.nix
+++ b/machines/configuration.nix
@@ -58,6 +58,7 @@ in
     specialArgs.inputs = inputs;
     modules = defaultModules ++ [
       ./lucia/configuration.nix
+      ./lucia/hardware_configuration.nix
     ];
   };
 
diff --git a/machines/lucia/configuration.nix b/machines/lucia/configuration.nix
index db4c0faf..6d71156b 100644
--- a/machines/lucia/configuration.nix
+++ b/machines/lucia/configuration.nix
@@ -3,14 +3,18 @@
 {
   imports =
     [ # Include the results of the hardware scan.
-      ./hardware_configuration.nix
-      ../modules/sshd.nix
       ../modules/malobeo_user.nix
     ];
 
   sops.defaultSopsFile = ./secrets.yaml;
   sops.secrets.njala_api_key = {};
 
+  services.openssh.enable = true;
+  services.openssh.ports = [ 22 ];
+  services.openssh.passwordAuthentication = false;
+  services.openssh.settings.PermitRootLogin = "prohibit-password";
+  users.users.root.openssh.authorizedKeys.keys = import ../ssh_keys.nix;
+
   # Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
   boot.loader.grub.enable = false;
   boot.loader.raspberryPi.enable = false;