diff --git a/nixos/server/harden.nix b/nixos/server/harden.nix
index 81a3d4c..88bd0ea 100644
--- a/nixos/server/harden.nix
+++ b/nixos/server/harden.nix
@@ -11,8 +11,8 @@
   services = {
     openssh = {
       enable = true;
-      permitRootLogin = "prohibit-password"; # distributed-build.nix requires it
-      passwordAuthentication = false;
+      settings.PermitRootLogin = "prohibit-password"; # distributed-build.nix requires it
+      settings.PasswordAuthentication = false;
       allowSFTP = false;
     };
     fail2ban = {
diff --git a/systems/hetzner/ax101.nix b/systems/hetzner/ax101.nix
index d666737..eb397ee 100644
--- a/systems/hetzner/ax101.nix
+++ b/systems/hetzner/ax101.nix
@@ -107,9 +107,7 @@
     nil
   ];
 
-  services.openssh.permitRootLogin = "prohibit-password";
   services.openssh.enable = true;
-  services.tailscale.enable = true;
 
   services.nginx.enable = true;
   networking.firewall.allowedTCPPorts = [ 80 443 ];