From 2d2c8d4ce4ed3403a2ba2c6587528e9e9278e33b Mon Sep 17 00:00:00 2001
From: Antoine Viallon <antoine@lesviallon.fr>
Date: Mon, 4 Apr 2022 19:57:45 +0200
Subject: [PATCH] [Services] Allow X11 forwarding, disable root password auth
 by default

---
 services.nix | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/services.nix b/services.nix
index 801782a..8f9ba91 100644
--- a/services.nix
+++ b/services.nix
@@ -46,9 +46,13 @@ in {
 
   config = mkIf cfg.enable {
     # Enable the OpenSSH daemon.
-    services.openssh.enable = true;
-  #  services.openssh.permitRootLogin = "prohibit-password";
-    services.openssh.permitRootLogin = mkDefault "yes";
+    services.openssh = {
+      enable = true;
+      permitRootLogin = mkDefault "prohibit-password";
+      forwardX11 = mkDefault true;
+      openFirewall = true;
+    };
+    
     networking.firewall.allowedTCPPorts = [ 22 ];
     networking.firewall.allowedUDPPorts = [ 22 ];