hosts/hyrule/default.nix

@@ -12,6 +12,7 @@ in {
   imports = [
     ./hardware-configuration.nix
     (import "${home-manager}/nixos")
+    #../../flakes/wishlist/wishlist.nix
     #../modules/server/nginx.nix
     #../modules/server/ssh.nix
     #../modules/server/fail2ban.nix
@@ -88,8 +89,12 @@ in {
         ];
       };
 
-      # TODO: reduce security implications of subspace
+      subspace = let
-      subspace = {
+        # override
+        wishlistBash =
+          pkgs.bash.override {
+          };
+      in {
         isNormalUser = true;
         shell = pkgs.bash;
         home = "/home/subspace";
@@ -97,6 +102,15 @@ in {
           wishlist
         ];
       };
+
+      # user for friends to ssh into
+      friends = {
+        isNormalUser = true;
+        shell = pkgs.bash;
+        home = "/home/friends"; # TEMP: remove and replace with home-manager
+        packages = with pkgs; [
+        ];
+      };
     };
   };
 
@@ -182,9 +196,9 @@ in {
       enable = true;
       ports = [22];
       settings = {
-        PasswordAuthentication = false;
+        PasswordAuthentication = true;
         PermitRootLogin = "no";
-        AllowUsers = ["ae" "subspace"]; # DO NOT ALLOW ALL
+        AllowUsers = ["ae" "subspace"]; # allow all users by default
         UseDns = true;
         X11Forwarding = false;
       };