public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

google-compute-config.nix: update comment about ssh login 

also move OS Login next to it, for better understandability
This commit is contained in:
Florian Klink 2019-08-31 22:22:47 +02:00
parent bbb525d541
commit a811437e6e
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
nixos/modules/virtualisation/google-compute-config.nix
View File

@ -29,12 +29,16 @@ in
# way to select them anyway. # way to select them anyway.
boot.loader.grub.configurationLimit = 0; boot.loader.grub.configurationLimit = 0;
# Allow root logins only using the SSH key that the user specified # Allow root logins only using SSH keys
# at instance creation time. # and disable password authentication in general
services.openssh.enable = true; services.openssh.enable = true;
services.openssh.permitRootLogin = "prohibit-password"; services.openssh.permitRootLogin = "prohibit-password";
services.openssh.passwordAuthentication = mkDefault false; services.openssh.passwordAuthentication = mkDefault false;
# enable OS Login. This also requires setting enable-oslogin=TRUE metadata on
# instance or project level
security.googleOsLogin.enable = true;
# Use GCE udev rules for dynamic disk volumes # Use GCE udev rules for dynamic disk volumes
services.udev.packages = [ gce ]; services.udev.packages = [ gce ];
@ -65,8 +69,6 @@ in
# GC has 1460 MTU # GC has 1460 MTU
networking.interfaces.eth0.mtu = 1460; networking.interfaces.eth0.mtu = 1460;
security.googleOsLogin.enable = true;
systemd.services.google-clock-skew-daemon = { systemd.services.google-clock-skew-daemon = {
description = "Google Compute Engine Clock Skew Daemon"; description = "Google Compute Engine Clock Skew Daemon";
after = [ after = [