From 3bc0e3f3b7a951b04c1087e71e3f44757d382c6b Mon Sep 17 00:00:00 2001
From: Felix Buehler <account@buehler.rocks>
Date: Thu, 9 Jun 2022 23:20:39 +0200
Subject: [PATCH] ssh: if not declared otherwise disable password-login

---
 nixos/modules/ssh.nix | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/nixos/modules/ssh.nix b/nixos/modules/ssh.nix
index 4b723d6..64e7c26 100644
--- a/nixos/modules/ssh.nix
+++ b/nixos/modules/ssh.nix
@@ -1,6 +1,9 @@
-{ config, ... }:
+{ config, lib, ... }:
 {
-  services.openssh.enable = true;
+  services.openssh = {
+    enable = true;
+    passwordAuthentication = lib.mkDefault false;
+  };
 
   # WARNING: if you remove this, then you need to assign a password to your user, otherwise
   # `sudo` won't work. You can do that either by using `passwd` after the first rebuild or