From 6e22cf546e9e33518c8fb74067af0b4b1a04ab5c Mon Sep 17 00:00:00 2001
From: notgne2 <gen2@gen2.space>
Date: Tue, 8 Feb 2022 02:36:30 -0700
Subject: [PATCH] improve default openssh config

---
 common.nix | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/common.nix b/common.nix
index 2a1d505..ced40bf 100644
--- a/common.nix
+++ b/common.nix
@@ -56,12 +56,6 @@
       '';
     };
 
-    # allow reverse ssh port shit to be public sometimes
-    services.openssh.gatewayPorts = lib.mkDefault "clientspecified";
-
-    # no homo
-    nixpkgs.config.oraclejdk.accept_license = lib.mkDefault true;
-
     # set some basic system props
     security.sudo.wheelNeedsPassword = lib.mkDefault false;
     networking.networkmanager.enable = lib.mkDefault true;
@@ -92,9 +86,18 @@
       git
     ];
 
-    # Allow ssh
-    services.openssh.enable = lib.mkDefault true;
-    services.openssh.passwordAuthentication = lib.mkDefault false;
+    services.openssh = {
+      # Allow ssh
+      enable = lib.mkDefault true;
+      # lol no
+      permitRootLogin = lib.mkDefault "no";
+      passwordAuthentication = lib.mkDefault false;
+      # allow reverse ssh port shit to be public sometimes
+      gatewayPorts = lib.mkDefault "clientspecified";
+      extraConfig = ''
+        StreamLocalBindUnlink yes
+      '';
+    };
 
     # Use a firewall
     networking.firewall.enable = lib.mkDefault true;