From 8052c8f411ffd14a18efe690dcc2718cffed9857 Mon Sep 17 00:00:00 2001 From: Ingolf Wagner Date: Thu, 4 Jul 2024 19:22:20 +0200 Subject: [PATCH] set root password --- machines/orbi/hardware-configuration/default.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/machines/orbi/hardware-configuration/default.nix b/machines/orbi/hardware-configuration/default.nix index 2958053..d71ac9f 100644 --- a/machines/orbi/hardware-configuration/default.nix +++ b/machines/orbi/hardware-configuration/default.nix @@ -43,8 +43,10 @@ in efiSupport = false; # we created a ef02 partition because uefi is not supported on hetzner online machines. }; - # Initial empty root password for easy login: - users.users.root.initialHashedPassword = ""; + # root password + clan.core.facts.services.rootPassword = factsGenerator.password { name = "root"; }; + users.users.root.hashedPasswordFile = config.clan.core.facts.services.rootPassword.secret."password.root.pam".path; + services.openssh.settings.PermitRootLogin = "prohibit-password"; services.openssh.settings.PasswordAuthentication = false;