From 9acb378e5f94979f43ffa278ff41882484aaa40a Mon Sep 17 00:00:00 2001
From: servius <servius@darksailor.dev>
Date: Thu, 19 Feb 2026 13:41:40 +0530
Subject: [PATCH] feat: disable some services and disable root login from ssh
 altogether

---
 nixos/tako/services/default.nix   | 29 +++++++++++++++--------------
 nixos/tako/services/headscale.nix | 12 ++++++------
 nixos/tako/services/openssh.nix   |  2 +-
 3 files changed, 22 insertions(+), 21 deletions(-)

diff --git a/nixos/tako/services/default.nix b/nixos/tako/services/default.nix
index 1c8e45f5..c2ca98fb 100644
--- a/nixos/tako/services/default.nix
+++ b/nixos/tako/services/default.nix
@@ -1,32 +1,33 @@
 {...}: {
   imports = [
-    ./affine.nix
-    ./attic.nix
     ./atuin.nix
     ./authelia.nix
     ./caddy.nix
-    ./excalidraw.nix
     ./fail2ban.nix
-    ./flaresolverr.nix
-    ./games
-    ./gitea.nix
     ./homepage.nix
-    ./immich.nix
-    ./kellnr.nix
     ./lldap.nix
-    ./llms.nix
-    ./matrix
-    ./monitoring.nix
     ./navidrome.nix
     ./nextcloud.nix
     ./openssh.nix
-    ./prowlarr.nix
     ./resolved.nix
-    ./searxng.nix
-    ./shitpost.nix
     ./tailscale.nix
+    ./gitea.nix
+
+    ./affine.nix
+    ./attic.nix
+    ./excalidraw.nix
+    ./flaresolverr.nix
+    # ./games
     # ./headscale.nix
+    ./immich.nix
+    ./kellnr.nix
+    # ./llms.nix
+    ./matrix
+    # ./monitoring.nix
     # ./paperless.nix
+    ./prowlarr.nix
+    # ./searxng.nix
+    # ./shitpost.nix
   ];
   services = {
     nix-serve = {
diff --git a/nixos/tako/services/headscale.nix b/nixos/tako/services/headscale.nix
index 74594c0c..b46af894 100644
--- a/nixos/tako/services/headscale.nix
+++ b/nixos/tako/services/headscale.nix
@@ -34,12 +34,12 @@
         };
       };
     };
-    # headplane = {
-    #   enable = true;
-    #   settings = {
-    #     server.port = 42562;
-    #   };
-    # };
+    headplane = {
+      enable = true;
+      settings = {
+        server.port = 42562;
+      };
+    };
     caddy = {
       virtualHosts."headscale.darksailor.dev".extraConfig = ''
         reverse_proxy localhost:${toString config.services.headplane.settings.server.port}
diff --git a/nixos/tako/services/openssh.nix b/nixos/tako/services/openssh.nix
index 80f73359..a303bb51 100644
--- a/nixos/tako/services/openssh.nix
+++ b/nixos/tako/services/openssh.nix
@@ -2,6 +2,6 @@
   services.openssh = {
     enable = true;
     settings.PasswordAuthentication = false;
-    settings.PermitRootLogin = "prohibit-password";
+    settings.PermitRootLogin = "no";
   };
 }