curnve does ssh now too

hosts/curve/default.nix

@@ -1,5 +1,4 @@
-{ self, pkgs, ... }:
-{
+{ self, pkgs, ... }: {
   imports = [
     ./configuration.nix
     ../users/anish
@@ -17,19 +16,26 @@
     # ../profiles/mount-mossnet
   ];
 
+  # temporarily allow ssh access for work, to be able to do deploy new services
+  services.openssh = {
+    enable = true;
+    settings.PasswordAuthentication = false;
+    settings.PermitRootLogin = "no";
+  };
+
   # import profiling tools
   programs.systemtap.enable = true;
 
   virtualisation.docker.enable = true;
   virtualisation.docker.storageDriver = "btrfs";
-  environment.systemPackages = with pkgs; [
-    docker-compose  
-  ];
+  environment.systemPackages = with pkgs; [ docker-compose ];
 
   # Speed up boot by removing dependency on network 
   systemd = {
-    targets.network-online.wantedBy = pkgs.lib.mkForce [ ]; # Normally ["multi-user.target"]
-    services.NetworkManager-wait-online.wantedBy = pkgs.lib.mkForce [ ]; # Normally ["network-online.target"]
+    targets.network-online.wantedBy =
+      pkgs.lib.mkForce [ ]; # Normally ["multi-user.target"]
+    services.NetworkManager-wait-online.wantedBy =
+      pkgs.lib.mkForce [ ]; # Normally ["network-online.target"]
   };
 
   programs.gnupg.agent.enable = true;
@@ -64,8 +70,15 @@
 
   # lazy enable of ports necessary for KDE connect which is installed via cli home profile (for some reason?)
   networking.firewall = {
-    allowedTCPPortRanges = [{ from = 1714; to = 1764; }];
-    allowedUDPPortRanges = [{ from = 1714; to = 1764; }];
+    allowedTCPPorts = [ 22 ]; # allow ssh
+    allowedTCPPortRanges = [{
+      from = 1714;
+      to = 1764;
+    }];
+    allowedUDPPortRanges = [{
+      from = 1714;
+      to = 1764;
+    }];
   };
 
   age.secrets.curve-wg.file = "${self}/secrets/curve-wg.age";
@@ -81,10 +94,7 @@
   mossnet.backup = {
     enable = true;
     name = "curve";
-    paths = [
-      "/home/anish/usr"
-      "/home/anish/.ssh"
-    ];
+    paths = [ "/home/anish/usr" "/home/anish/.ssh" ];
   };
 
   # enable adb 
@@ -93,7 +103,8 @@
   #virtualisation.docker.enable = true;
   boot.blacklistedKernelModules = [ "qcserial" ];
   # Used for packer Capsul
-  users.users.anish.extraGroups = [ "adbusers" "wheel" "plugdev" "libvertd" "docker" ];
+  users.users.anish.extraGroups =
+    [ "adbusers" "wheel" "plugdev" "libvertd" "docker" ];
   virtualisation.libvirtd.enable = true;
   hardware.keyboard.zsa.enable = true;
   services.udev.extraRules = ''