From 05bfef728be546b8bc048ba6be4aacdb5ae04d47 Mon Sep 17 00:00:00 2001
From: Yan Lin <github@yanlincs.com>
Date: Sat, 13 Sep 2025 21:17:45 +0200
Subject: [PATCH] Fix bug

---
 modules/borg-server.nix | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/modules/borg-server.nix b/modules/borg-server.nix
index 0c2b670..4e6962a 100644
--- a/modules/borg-server.nix
+++ b/modules/borg-server.nix
@@ -76,20 +76,20 @@ in
       enable = true;
       ports = [ cfg.sshPort ];
       settings = {
-        # SSH hardening for borg users
-        Match = "Group borg-server";
-        PasswordAuthentication = false;
-        PubkeyAuthentication = true;
-        PermitRootLogin = "no";
-        X11Forwarding = false;
-        AllowAgentForwarding = false;
-        AllowTcpForwarding = false;
-        PermitTunnel = "no";
-        
         # Keep connection alive settings
         ClientAliveInterval = 10;
         ClientAliveCountMax = 30;
       };
+      extraConfig = ''
+        # SSH hardening for borg users
+        Match Group borg-server
+          PasswordAuthentication no
+          PubkeyAuthentication yes
+          X11Forwarding no
+          AllowAgentForwarding no
+          AllowTcpForwarding no
+          PermitTunnel no
+      '';
     };
 
     # Open firewall port