diff options
author | Florian Klink <flokli@flokli.de> | 2019-08-31 22:22:47 +0200 |
---|---|---|
committer | Florian Klink <flokli@flokli.de> | 2019-08-31 22:49:29 +0200 |
commit | a811437e6ebf93d62552d0a2a7495c0f75952f59 (patch) | |
tree | 060e13d8b5c7574bc31a2d061e471e43275acba3 /nixos/modules/virtualisation | |
parent | bbb525d541c0dc30af4885de2623f007ad58f361 (diff) |
google-compute-config.nix: update comment about ssh login
also move OS Login next to it, for better understandability
Diffstat (limited to 'nixos/modules/virtualisation')
-rw-r--r-- | nixos/modules/virtualisation/google-compute-config.nix | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/nixos/modules/virtualisation/google-compute-config.nix b/nixos/modules/virtualisation/google-compute-config.nix index df05328b8b8..827e7efdb35 100644 --- a/nixos/modules/virtualisation/google-compute-config.nix +++ b/nixos/modules/virtualisation/google-compute-config.nix @@ -29,12 +29,16 @@ in # way to select them anyway. boot.loader.grub.configurationLimit = 0; - # Allow root logins only using the SSH key that the user specified - # at instance creation time. + # Allow root logins only using SSH keys + # and disable password authentication in general services.openssh.enable = true; services.openssh.permitRootLogin = "prohibit-password"; services.openssh.passwordAuthentication = mkDefault false; + # enable OS Login. This also requires setting enable-oslogin=TRUE metadata on + # instance or project level + security.googleOsLogin.enable = true; + # Use GCE udev rules for dynamic disk volumes services.udev.packages = [ gce ]; @@ -65,8 +69,6 @@ in # GC has 1460 MTU networking.interfaces.eth0.mtu = 1460; - security.googleOsLogin.enable = true; - systemd.services.google-clock-skew-daemon = { description = "Google Compute Engine Clock Skew Daemon"; after = [ |