improve default openssh config

common.nix

@@ -56,12 +56,6 @@
       '';
     };
 
-    # allow reverse ssh port shit to be public sometimes
-    services.openssh.gatewayPorts = lib.mkDefault "clientspecified";
-
-    # no homo
-    nixpkgs.config.oraclejdk.accept_license = lib.mkDefault true;
-
     # set some basic system props
     security.sudo.wheelNeedsPassword = lib.mkDefault false;
     networking.networkmanager.enable = lib.mkDefault true;
@@ -92,9 +86,18 @@
       git
     ];
 
+    services.openssh = {
       # Allow ssh
-    services.openssh.enable = lib.mkDefault true;
-    services.openssh.passwordAuthentication = lib.mkDefault false;
+      enable = lib.mkDefault true;
+      # lol no
+      permitRootLogin = lib.mkDefault "no";
+      passwordAuthentication = lib.mkDefault false;
+      # allow reverse ssh port shit to be public sometimes
+      gatewayPorts = lib.mkDefault "clientspecified";
+      extraConfig = ''
+        StreamLocalBindUnlink yes
+      '';
+    };
 
     # Use a firewall
     networking.firewall.enable = lib.mkDefault true;