From 3571def80a269f3484db225c6661dfcf70cb443f Mon Sep 17 00:00:00 2001
From: Anish Lakhwara <anish+git@lakhwara.com>
Date: Sat, 18 Oct 2025 00:45:07 -0700
Subject: [PATCH] add boris keys, turn off root login

---
 hosts/asusmini/default.nix | 4 +---
 secrets/secrets.nix        | 2 +-
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/hosts/asusmini/default.nix b/hosts/asusmini/default.nix
index 64b9111..37fafdc 100644
--- a/hosts/asusmini/default.nix
+++ b/hosts/asusmini/default.nix
@@ -47,6 +47,7 @@
     description = "Boris Mann";
     extraGroups = [ "networkmanager" "wheel" ];
     packages = with pkgs; [];
+    openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII54a7T+KQOoGhFe34LSTE5b3FmIwcDcAbYXgWGY3sax" ];
   };
 
   users.users.anish = {
@@ -88,9 +89,6 @@
   # Enable the OpenSSH daemon. 
   services.openssh = {
     enable = true;
-    settings = {
-      PermitRootLogin = "yes";
-    };
   };
 
   # Open ports in the firewall.
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index e60fdbc..d25fd4f 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -4,7 +4,7 @@ let
   # Generate with: ssh-keyscan or from ~/.ssh/id_ed25519.pub or ~/.ssh/id_rsa.pub
   anish_curve = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDM0Zvei46x/yZl/IeBCq6+IYQQ0avulzVyBysF9cPigZMCybWRV7IEU+E3k9t6JrbdbdGfJkcZIWmsWDdKS8W8mBnZpVoT0ffLynu8JQ/TKdGm4Qv6bgUeKNrGsNv0ZPs2CDaGSLj0oJfRF7Ko10tcLP0vW+yujrh+y6TH/vVzJioaV4TGvtCUpn+wEQah9ROwPQLUUofsSWdnRsDJ/gp37zXWs4l5wyjSKtP3O9RZUP7kBekbSqEgSXiTk0oUQSVqIWl9NDiP6onk/gSOjXsR/JPqsSN/XI/c/yj6gyY0f51Ru2D7iBxuMJIJcWV+rU6coIj+ULcQWLzt/7TI8jq5AOOzI/ll4zbL24Eo84Rz+TP9tvMMhDZ0VaMN22AJ8qQEjc5P09tWKsX7Jg39XelyV1jHXncE4yvIE9F4RSCHzWCeKeXakizQNuzSaxTxIExRFYHjNW5bR6+3MTGwVrEIXU+qML+0yFTR86MT+tdY5AreAJQLwbog79O1NupeXJE= anish@curve";
   anish_work = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHOnfDvR2D2nGnC+DZYDUXiokzz+eLfZwkp+O8WjWutp anishlakhwara@Anishs-MacBook-Pro.local";
-  bmann = ""; # TODO(Boris): SSH public key here
+  bmann = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII54a7T+KQOoGhFe34LSTE5b3FmIwcDcAbYXgWGY3sax"; # TODO(Boris): SSH public key here
   
   allKeys = [ asusmini anish_curve anish_work bmann ];
 in