From 7402212263c332a933fe46131583d8f9c3ad5b63 Mon Sep 17 00:00:00 2001
From: Erik Arvstedt <erik.arvstedt@gmail.com>
Date: Thu, 3 Feb 2022 20:46:31 +0100
Subject: [PATCH] examples/configuration.nix: disable `passwordAuthentication`

This is a sensible default.

Also clarify the pubkey setup.
---
 examples/configuration.nix | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/examples/configuration.nix b/examples/configuration.nix
index 6593cab..e441c23 100644
--- a/examples/configuration.nix
+++ b/examples/configuration.nix
@@ -234,10 +234,15 @@
   networking.hostName = "host";
   time.timeZone = "UTC";
 
-  # FIXME: Add your SSH pubkey
-  services.openssh.enable = true;
+  services.openssh = {
+    enable = true;
+    passwordAuthentication = false;
+  };
   users.users.root = {
-    openssh.authorizedKeys.keys = [ "" ];
+    openssh.authorizedKeys.keys = [
+      # FIXME: Replace this with your SSH pubkey
+      "ssh-ed25519 AAAAC3..."
+    ];
   };
 
   # FIXME: Uncomment this to allow the operator user to run