From 805b8cec8489200e1c0dff569b432c7f786a69f9 Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@nix.build>
Date: Sat, 21 Apr 2018 00:36:26 +0200
Subject: profile/base: Set default priority on SSHd options

The parent commit actually introduced an eval error with meshuggah,
because the machine defined permitRootLogin.

Setting these values to priority 1000 (which is what mkDefault does)
makes sure that setting the value somewhere else always takes
precedence (unless of course it has a value >= 1000).

Signed-off-by: aszlig <aszlig@nix.build>
---
 modules/user/aszlig/profiles/base.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'modules/user')

diff --git a/modules/user/aszlig/profiles/base.nix b/modules/user/aszlig/profiles/base.nix
index e79e3c61..cf84cff8 100644
--- a/modules/user/aszlig/profiles/base.nix
+++ b/modules/user/aszlig/profiles/base.nix
@@ -48,9 +48,9 @@ in {
       MaxRetentionSec=3month
     '';
 
-    services.openssh.passwordAuthentication = false;
-    services.openssh.permitRootLogin = "no";
-    services.openssh.challengeResponseAuthentication = false;
+    services.openssh.passwordAuthentication = lib.mkDefault false;
+    services.openssh.permitRootLogin = lib.mkDefault "no";
+    services.openssh.challengeResponseAuthentication = lib.mkDefault false;
 
     environment.systemPackages = with pkgs; [
       binutils
-- 
cgit 1.4.1