simplify

hosts/michael/default.nix

@@ -11,9 +11,9 @@
 		(modulesPath + "/profiles/qemu-guest.nix")
 		./disk-config.nix
 		./hardware-configuration.nix
-		./openssh.nix
 		./secrets.nix
 		../../profiles/core.nix
+		../../profiles/openssh.nix
 		../../profiles/fail2ban.nix
 		../../profiles/gitea.nix
 		../../profiles/nixos.nix

hosts/michael/openssh.nix

@@ -1,9 +0,0 @@
-{...}: {
-	services.openssh = {
-		enable = true;
-		settings = {
-			PermitRootLogin = "yes";
-			PasswordAuthentication = false;
-		};
-	};
-}

hosts/mindy/default.nix

@@ -11,11 +11,11 @@
 		(modulesPath + "/profiles/qemu-guest.nix")
 		./disk-config.nix
 		./hardware-configuration.nix
-		./openssh.nix
 		./pgbackrest.nix
 		./secrets.nix
 		../../modules/pgbackrest.nix
 		../../profiles/core.nix
+		../../profiles/openssh.nix
 		../../profiles/fail2ban.nix
 		../../profiles/nixos.nix
 		../../profiles/postgresql.nix

hosts/mindy/openssh.nix

@@ -1,9 +0,0 @@
-{...}: {
-	services.openssh = {
-		enable = true;
-		settings = {
-			PermitRootLogin = "yes";
-			PasswordAuthentication = false;
-		};
-	};
-}

hosts/tahani/default.nix

@@ -8,11 +8,11 @@
 	imports = [
 		./adguardhome.nix
 		./networking.nix
-		./openssh.nix
 		./paperless.nix
 		./secrets.nix
 		./syncthing.nix
 		../../profiles/core.nix
+		../../profiles/openssh.nix
 		../../profiles/nixos.nix
 		../../profiles/syncthing.nix
 		../../profiles/tailscale.nix

hosts/tahani/networking.nix

@@ -14,7 +14,7 @@
 			enable = true;
 			trustedInterfaces = ["eno1" "tailscale0"];
 			allowedUDPPorts = [config.services.tailscale.port];
-			allowedTCPPorts = [22 5555];
+			allowedTCPPorts = [22];
 			checkReversePath = "loose";
 		};
 	};

hosts/tahani/openssh.nix

@@ -1,9 +0,0 @@
-{...}: {
-	services.openssh = {
-		enable = true;
-		settings = {
-			PermitRootLogin = "prohibit-password";
-			PasswordAuthentication = false;
-		};
-	};
-}