From 46cd6acc677d1da199e5c49fad073f1999e79bc5 Mon Sep 17 00:00:00 2001
From: Aaron Bieber <aaron@bolddaemon.com>
Date: Sat, 21 Jan 2023 06:05:50 -0700
Subject: [PATCH] all: split ssh options into unstable / stable

---
 default.nix | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/default.nix b/default.nix
index 0dd1dde..3b8d1f1 100644
--- a/default.nix
+++ b/default.nix
@@ -7,6 +7,15 @@ let
     command="/run/current-system/sw/bin/xin-status",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE9PIhQ+yWfBM2tEG+W8W8HXJXqISXif8BcPZHakKvLM xin-status
   '';
   gosignify = pkgs.callPackage ./pkgs/gosignify.nix { inherit isUnstable; };
+  inFluxSSHOptions = if isUnstable then {
+    settings = {
+      PermitRootLogin = "prohibit-password";
+      PasswordAuthentication = false;
+    };
+  } else {
+    permitRootLogin = "prohibit-password";
+    passwordAuthentication = false;
+  };
 in {
   imports = [
     ./configs/colemak.nix
@@ -174,15 +183,13 @@ in {
     services = {
       openssh = {
         enable = true;
-        permitRootLogin = "prohibit-password";
-        passwordAuthentication = false;
         kexAlgorithms = [ "curve25519-sha256" "curve25519-sha256@libssh.org" ];
         macs = [
           "hmac-sha2-512-etm@openssh.com"
           "hmac-sha2-256-etm@openssh.com"
           "umac-128-etm@openssh.com"
         ];
-      };
+      } // inFluxSSHOptions;
     };
   };
 }