added an ssh key for neo

nix/configuration.nix

@@ -3,7 +3,7 @@
 {
   imports = [
     ./users/users.nix
-    ./modules/ssh.nix
+    ./modules/security.nix
     ./vps/hetzner/hardware-configuration.nix
     ./modules/zsh.nix
    ];
@@ -54,9 +54,9 @@
       diskSize = 5000; # 5GB, needed to prevent docker error running out of space
 
       # Networking configuration
-      #forwardPorts = [
-      #  { from = "host"; host.port = 2222; guest.port = 22; }
-      #];
+      forwardPorts = [
+        { from = "host"; host.port = 2222; guest.port = 22; }
+      ];
     };
 
     # Add VM-specific users
@@ -69,8 +69,6 @@
       packages = with pkgs; [  ];
     };
 
-    security.sudo.wheelNeedsPassword = false;
-
     # VM-specific packages
     environment.systemPackages = with pkgs; [
     ];

nix/modules/security.nix

@@ -0,0 +1,17 @@
+{ config, pkgs, inputs, ... }:
+
+{
+  # providing an ssh configuration
+  services.openssh = {
+    enable = true;
+    settings = {
+      PermitRootLogin = "no";                    # Disable root login
+      PasswordAuthentication = false;            # Force SSH key auth only
+      PubkeyAuthentication = true;               # Enable SSH keys
+    };
+    ports = [ 22 ];
+  };
+
+  # other security hardening options can go here
+  security.sudo.wheelNeedsPassword = false;
+}

nix/modules/ssh.nix

@@ -1,8 +0,0 @@
-{ config, pkgs, inputs, ... }:
-
-{
-  services.openssh = {
-    enable = true;
-    # permitRootLogin = "no";
-  };
-}

nix/users/keys/neo.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBtePfzkSorgiFNuol/pEYlR0HToDCy9fk8PPfZWMuf3 henrik@strange

nix/users/users.nix

@@ -5,15 +5,18 @@
   users.defaultUserShell = pkgs.zsh;
   users.users.neo = {
     isNormalUser = true;
-    description = "Matrix User 1";
+    description = "Neovim only user";
     extraGroups = [ "networkmanager" "wheel" ];
     shell = pkgs.zsh;
     packages = with pkgs; [ ];
+    openssh.authorizedKeys.keyFiles = [
+      ./keys/neo.pub
+    ];
   };
 
   users.users.morpheus = {
     isNormalUser = true;
-    description = "Matrix User 2";
+    description = "Insert joke here";
     extraGroups = [ "networkmanager" "wheel" ];
     shell = pkgs.zsh;
     packages = with pkgs; [ ];
@@ -21,7 +24,7 @@
 
   users.users.trinity = {
     isNormalUser = true;
-    description = "Matrix User 3";
+    description = "Named after an atom bomb test";
     extraGroups = [ "networkmanager" "wheel" ];
     shell = pkgs.zsh;
     packages = with pkgs; [ ];