feat: disable some services and disable root login from ssh altogether

nixos/tako/services/default.nix

@@ -1,32 +1,33 @@
 {...}: {
   imports = [
-    ./affine.nix
-    ./attic.nix
     ./atuin.nix
     ./authelia.nix
     ./caddy.nix
-    ./excalidraw.nix
     ./fail2ban.nix
-    ./flaresolverr.nix
-    ./games
-    ./gitea.nix
     ./homepage.nix
-    ./immich.nix
-    ./kellnr.nix
     ./lldap.nix
-    ./llms.nix
-    ./matrix
-    ./monitoring.nix
     ./navidrome.nix
     ./nextcloud.nix
     ./openssh.nix
-    ./prowlarr.nix
     ./resolved.nix
-    ./searxng.nix
-    ./shitpost.nix
     ./tailscale.nix
+    ./gitea.nix
+
+    ./affine.nix
+    ./attic.nix
+    ./excalidraw.nix
+    ./flaresolverr.nix
+    # ./games
     # ./headscale.nix
+    ./immich.nix
+    ./kellnr.nix
+    # ./llms.nix
+    ./matrix
+    # ./monitoring.nix
     # ./paperless.nix
+    ./prowlarr.nix
+    # ./searxng.nix
+    # ./shitpost.nix
   ];
   services = {
     nix-serve = {

nixos/tako/services/headscale.nix

@@ -34,12 +34,12 @@
         };
       };
     };
-    # headplane = {
-    #   enable = true;
-    #   settings = {
-    #     server.port = 42562;
-    #   };
-    # };
+    headplane = {
+      enable = true;
+      settings = {
+        server.port = 42562;
+      };
+    };
     caddy = {
       virtualHosts."headscale.darksailor.dev".extraConfig = ''
         reverse_proxy localhost:${toString config.services.headplane.settings.server.port}

nixos/tako/services/openssh.nix

@@ -2,6 +2,6 @@
   services.openssh = {
     enable = true;
     settings.PasswordAuthentication = false;
-    settings.PermitRootLogin = "prohibit-password";
+    settings.PermitRootLogin = "no";
   };
 }