From e768957dcdc0952332f1b0b269c2f626af86bbd1 Mon Sep 17 00:00:00 2001
From: Nathan McCarty <thatonelutenist@stranger.systems>
Date: Wed, 12 Feb 2025 01:49:06 -0500
Subject: [PATCH] more tides configuration

---
 flake.nix                                       |  1 +
 nixos/machines/tides/configuration.nix          | 15 ---------------
 ...{hardware-configuration.nix => hardware.nix} |  0
 nixos/machines/tides/machine.nix                |  1 +
 nixos/modules/ssh.nix                           | 17 +++++++++++++++++
 5 files changed, 19 insertions(+), 15 deletions(-)
 rename nixos/machines/tides/{hardware-configuration.nix => hardware.nix} (100%)
 create mode 100644 nixos/modules/ssh.nix

diff --git a/flake.nix b/flake.nix
index 49a0fec..db13ee7 100644
--- a/flake.nix
+++ b/flake.nix
@@ -31,6 +31,7 @@
         ./nixos/machines/wsl/configuration.nix
         ./nixos/machines/installer/configuration.nix
         ./nixos/machines/crash/machine.nix
+        ./nixos/machines/tides/machine.nix
         ./home-manager/machines/wsl/home.nix
         ./home-manager/machines/crash/home.nix
         ./devshells/rust.nix
diff --git a/nixos/machines/tides/configuration.nix b/nixos/machines/tides/configuration.nix
index 4bdaa86..c7fd79e 100644
--- a/nixos/machines/tides/configuration.nix
+++ b/nixos/machines/tides/configuration.nix
@@ -26,20 +26,5 @@
   time.timeZone = "America/Louisville";
   i18n.defaultLocale = "en_US.UTF-8";
 
-  # Enable passwordless sudo.
-  security.sudo.extraRules = [
-    {
-      users = ["nathan"];
-      commands = [
-        {
-          command = "ALL";
-          options = ["NOPASSWD"];
-        }
-      ];
-    }
-  ];
-
-  services.openssh.enable = true;
-
   system.stateVersion = "24.11"; # Did you read the comment?
 }
diff --git a/nixos/machines/tides/hardware-configuration.nix b/nixos/machines/tides/hardware.nix
similarity index 100%
rename from nixos/machines/tides/hardware-configuration.nix
rename to nixos/machines/tides/hardware.nix
diff --git a/nixos/machines/tides/machine.nix b/nixos/machines/tides/machine.nix
index b7febc6..ce39405 100644
--- a/nixos/machines/tides/machine.nix
+++ b/nixos/machines/tides/machine.nix
@@ -37,6 +37,7 @@
                   inherit inputs;
                   mutableUsers = false;
                 })
+                (import ../../modules/ssh.nix)
               ];
 
               nix.settings.experimental-features = [
diff --git a/nixos/modules/ssh.nix b/nixos/modules/ssh.nix
new file mode 100644
index 0000000..6fd3563
--- /dev/null
+++ b/nixos/modules/ssh.nix
@@ -0,0 +1,17 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  services.openssh = {
+    enable = true;
+    settings = {
+      ciphers = ["chacha20-poly1305@openssh.com"];
+      PermitRootLogin = "no";
+      PasswordAuthentication = false;
+    };
+  };
+
+  programs.mosh.enable = true;
+}