added for vps

hosts/server/security.nix

@@ -0,0 +1,28 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  services.openssh = {
+    enable = true;
+    ports = [8123];
+    settings = {
+      PermitRootLogin = "prohibit-password";
+      PasswordAuthentication = false;
+    };
+  };
+
+  users.users.root.openssh.authorizedKeys.keyFiles = [
+    ../../.secrets/id_ed25519.pub
+  ];
+
+  users.users.admin = {
+    isNormalUser = true;
+    extraGroups = ["wheel" "docker"];
+    openssh.authorizedKeys.keyFiles = [
+      ../../.secrets/id_ed25519.pub
+    ];
+  };
+
+  security.sudo.wheelNeedsPassword = false;
+}