From e4262cb0bcbfa37dc44719d228a28446e4b0ef7a Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Sun, 28 May 2023 20:39:18 +0000
Subject: [PATCH] ssh: integrate with sane.services.wan-ports

---
 hosts/common/ssh.nix   | 7 +++++++
 hosts/common/users.nix | 6 ------
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/hosts/common/ssh.nix b/hosts/common/ssh.nix
index b763ee22..7872eadb 100644
--- a/hosts/common/ssh.nix
+++ b/hosts/common/ssh.nix
@@ -30,4 +30,11 @@ in
     })
     (globalKeys ++ domainKeys)
   );
+
+  services.openssh = {
+    enable = true;
+    settings.PermitRootLogin = "no";
+    settings.PasswordAuthentication = false;
+  };
+  sane.services.wan-ports.tcp = [ 22 ];
 }
diff --git a/hosts/common/users.nix b/hosts/common/users.nix
index 9e2e4cc8..4e67fba4 100644
--- a/hosts/common/users.nix
+++ b/hosts/common/users.nix
@@ -129,11 +129,5 @@ in
       enable = true;
       wheelNeedsPassword = false;
     };
-
-    services.openssh = {
-      enable = true;
-      settings.PermitRootLogin = "no";
-      settings.PasswordAuthentication = false;
-    };
   };
 }