summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorsinanmohd <sinan@sinanmohd.com>2023-10-29 14:07:08 +0530
committersinanmohd <sinan@sinanmohd.com>2023-10-29 14:07:08 +0530
commit0f622efc5c46c988156b4d527b4b15489e27d197 (patch)
tree46b2a1514683141cedfb7e0039ef82d0a586a66f
parent220732df77e7533e77421df7c1d8195dc6d0cdae (diff)
kay/sftp: init
-rw-r--r--hosts/kay/configuration.nix1
-rw-r--r--hosts/kay/modules/sftp.nix33
2 files changed, 34 insertions, 0 deletions
diff --git a/hosts/kay/configuration.nix b/hosts/kay/configuration.nix
index 5085a42..7d85efc 100644
--- a/hosts/kay/configuration.nix
+++ b/hosts/kay/configuration.nix
@@ -5,6 +5,7 @@
./hardware-configuration.nix
./modules/network.nix
./modules/www.nix
+ ./modules/sftp.nix
../../common.nix
];
diff --git a/hosts/kay/modules/sftp.nix b/hosts/kay/modules/sftp.nix
new file mode 100644
index 0000000..e90f1f7
--- /dev/null
+++ b/hosts/kay/modules/sftp.nix
@@ -0,0 +1,33 @@
+{ ... }:
+
+let
+ storage = "/hdd/users";
+in
+{
+ users = {
+ groups."sftp".members = [];
+
+ users."nazer" = {
+ group = "sftp";
+ shell = "/run/current-system/sw/bin/nologin";
+ home = "${storage}/nazer";
+ isNormalUser = true;
+ openssh.authorizedKeys.keys = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICV09w9Ovk9wk4Bhn/06iOn+Ss8lK3AmQAl8+lXHRycu nazu@pc"
+ ];
+ };
+ };
+
+ services.openssh.extraConfig = ''
+ Match Group sftp
+ # chroot dir should be owned by root
+ # and sub dirs by %u
+ ChrootDirectory ${storage}/%u
+ ForceCommand internal-sftp
+
+ PermitTunnel no
+ AllowAgentForwarding no
+ AllowTcpForwarding no
+ X11Forwarding no
+ '';
+}