From 1e3e3144119fb18a35df232a329ac7a160baf51c Mon Sep 17 00:00:00 2001
From: uttarayan21 <email@uttarayan.me>
Date: Fri, 28 Nov 2025 15:18:23 +0530
Subject: [PATCH] feat(nixos): enable ssh service with security enhancements

The commit enables the SSH service on the ryu NixOS configuration with enhanced security settings including disabling password authentication and prohibiting root login. It also adds several font packages to the home configuration.

Changes:
- Enabled SSH service in ryu configuration with security settings
- Added font packages to home programs
- Moved SSH service definition to its own module file
- Removed SSH enablement from main configuration
- Updated service imports to include openssh module
---
 home/programs/default.nix      | 7 +++++++
 nixos/ryu/configuration.nix    | 2 --
 nixos/ryu/services/default.nix | 1 +
 nixos/ryu/services/openssh.nix | 7 +++++++
 4 files changed, 15 insertions(+), 2 deletions(-)
 create mode 100644 nixos/ryu/services/openssh.nix

diff --git a/home/programs/default.nix b/home/programs/default.nix
index 0b7c46cc..7752e63e 100644
--- a/home/programs/default.nix
+++ b/home/programs/default.nix
@@ -90,6 +90,13 @@
       nerd-fonts.fira-code
       nerd-fonts.hasklug
       nerd-fonts.symbols-only
+      noto-fonts
+      noto-fonts-cjk-sans
+      noto-fonts-color-emoji
+      liberation_ttf
+      fira-code
+      fira-code-symbols
+      mplus-outline-fonts.githubRelease
     ]
     ++ lib.optionals device.isLinux []
     ++ lib.optionals device.isDarwin [];
diff --git a/nixos/ryu/configuration.nix b/nixos/ryu/configuration.nix
index 648e5382..5088ce55 100644
--- a/nixos/ryu/configuration.nix
+++ b/nixos/ryu/configuration.nix
@@ -169,8 +169,6 @@
     };
   };
 
-  services.openssh.enable = true;
-
   networking = {
     interfaces.eno1.wakeOnLan = {
       policy = ["magic"];
diff --git a/nixos/ryu/services/default.nix b/nixos/ryu/services/default.nix
index 47e7d4ef..0721ac8b 100644
--- a/nixos/ryu/services/default.nix
+++ b/nixos/ryu/services/default.nix
@@ -22,5 +22,6 @@
     ./handoff.nix
     ./gstreamer.nix
     ./dualsense.nix
+    ./openssh.nix
   ];
 }
diff --git a/nixos/ryu/services/openssh.nix b/nixos/ryu/services/openssh.nix
new file mode 100644
index 00000000..80f73359
--- /dev/null
+++ b/nixos/ryu/services/openssh.nix
@@ -0,0 +1,7 @@
+{...}: {
+  services.openssh = {
+    enable = true;
+    settings.PasswordAuthentication = false;
+    settings.PermitRootLogin = "prohibit-password";
+  };
+}