From a811437e6ebf93d62552d0a2a7495c0f75952f59 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Sat, 31 Aug 2019 22:22:47 +0200 Subject: google-compute-config.nix: update comment about ssh login also move OS Login next to it, for better understandability --- nixos/modules/virtualisation/google-compute-config.nix | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'nixos/modules/virtualisation/google-compute-config.nix') diff --git a/nixos/modules/virtualisation/google-compute-config.nix b/nixos/modules/virtualisation/google-compute-config.nix index df05328b8b8..827e7efdb35 100644 --- a/nixos/modules/virtualisation/google-compute-config.nix +++ b/nixos/modules/virtualisation/google-compute-config.nix @@ -29,12 +29,16 @@ in # way to select them anyway. boot.loader.grub.configurationLimit = 0; - # Allow root logins only using the SSH key that the user specified - # at instance creation time. + # Allow root logins only using SSH keys + # and disable password authentication in general services.openssh.enable = true; services.openssh.permitRootLogin = "prohibit-password"; services.openssh.passwordAuthentication = mkDefault false; + # enable OS Login. This also requires setting enable-oslogin=TRUE metadata on + # instance or project level + security.googleOsLogin.enable = true; + # Use GCE udev rules for dynamic disk volumes services.udev.packages = [ gce ]; @@ -65,8 +69,6 @@ in # GC has 1460 MTU networking.interfaces.eth0.mtu = 1460; - security.googleOsLogin.enable = true; - systemd.services.google-clock-skew-daemon = { description = "Google Compute Engine Clock Skew Daemon"; after = [ -- cgit 1.4.1