diff --git a/configuration.nix b/configuration.nix index 710942f..1887fd9 100644 --- a/configuration.nix +++ b/configuration.nix @@ -4,7 +4,6 @@ let gitLocalPath = "/var/lib/nixos-config"; in { - # We still import hardware-configuration.nix but it will be regenerated on first boot imports = [ ./hardware-configuration.nix ]; # Critical boot settings for physical hardware @@ -67,13 +66,12 @@ in # Allow unfree packages nixpkgs.config.allowUnfree = true; - # Essential packages + # Essential packages (without openssh) environment.systemPackages = with pkgs; [ git vim curl wget - openssh rsync pciutils usbutils @@ -98,11 +96,7 @@ in programs.firefox.enable = true; - # SSH server configuration - services.openssh.enable = true; - services.openssh.settings.PermitRootLogin = "no"; - - # First-boot setup script to regenerate machine-specific configurations + # First-boot setup script without SSH components environment.etc."first-boot-setup.sh".text = '' #!/run/current-system/sw/bin/bash set -e @@ -110,11 +104,6 @@ in if [ ! -f /var/lib/nixos-firstboot-done ]; then echo "=== First boot setup for cloned NixOS USB ===" - # Regenerate SSH host keys - echo "Regenerating SSH host keys..." - rm -f /etc/ssh/ssh_host_* - ssh-keygen -A >/dev/null 2>&1 - # Generate new machine-id echo "Generating new machine ID..." rm -f /etc/machine-id /var/lib/dbus/machine-id 2>/dev/null || true @@ -140,7 +129,7 @@ in environment.etc."first-boot-setup.sh".mode = "0700"; - # Auto-update script + # Auto-update script (unchanged) environment.etc."update-nixos-config.sh".text = '' #!/run/current-system/sw/bin/bash set -e @@ -177,7 +166,7 @@ in systemd.services.first-boot-setup = { description = "One-time setup for cloned NixOS USB"; script = "/etc/first-boot-setup.sh"; - path = with pkgs; [ systemd openssh git ]; + path = with pkgs; [ systemd git ]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true;