From 1cd3fb890ebbf08bc8c59945d111e93f07439310 Mon Sep 17 00:00:00 2001
From: kawaiipunk <kawaiipunk@posteo.net>
Date: Wed, 27 May 2026 22:53:50 +0100
Subject: [PATCH] Added a non root user

---
 configuration.nix | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/configuration.nix b/configuration.nix
index 997d2c6..114f06a 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -60,18 +60,25 @@
     ports = [ 222 ];
     settings = {
       PasswordAuthentication = false;
-      PermitRootLogin = "prohibit-password";
+      # Disable root SSH login entirely
+      PermitRootLogin = "no";
     };
   };
 
   # SSHGuard — monitors logs for brute-force attempts and blocks offending IPs
   services.sshguard.enable = true;
 
-  # Security
-  security.sudo.wheelNeedsPassword = true;
+  # Security — passwordless sudo for wheel group
+  security.sudo = {
+    enable = true;
+    wheelNeedsPassword = false;
+  };
 
   # User configuration
-  users.users.root = {
+  users.users.kawaiipunk = {
+    isNormalUser = true;
+    # wheel group enables sudo access
+    extraGroups = [ "wheel" "docker" ];
     openssh.authorizedKeys.keys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMniNzAzuI527bfk/EipqFILFayUCwYXDoZ3R7+QgYq6 kawaiipunk@ZeroCool"
     ];