diff options
author | sinanmohd <sinan@sinanmohd.com> | 2023-10-29 14:07:08 +0530 |
---|---|---|
committer | sinanmohd <sinan@sinanmohd.com> | 2023-10-29 14:07:08 +0530 |
commit | 0f622efc5c46c988156b4d527b4b15489e27d197 (patch) | |
tree | 46b2a1514683141cedfb7e0039ef82d0a586a66f | |
parent | 220732df77e7533e77421df7c1d8195dc6d0cdae (diff) |
kay/sftp: init
-rw-r--r-- | hosts/kay/configuration.nix | 1 | ||||
-rw-r--r-- | hosts/kay/modules/sftp.nix | 33 |
2 files changed, 34 insertions, 0 deletions
diff --git a/hosts/kay/configuration.nix b/hosts/kay/configuration.nix index 5085a42..7d85efc 100644 --- a/hosts/kay/configuration.nix +++ b/hosts/kay/configuration.nix @@ -5,6 +5,7 @@ ./hardware-configuration.nix ./modules/network.nix ./modules/www.nix + ./modules/sftp.nix ../../common.nix ]; diff --git a/hosts/kay/modules/sftp.nix b/hosts/kay/modules/sftp.nix new file mode 100644 index 0000000..e90f1f7 --- /dev/null +++ b/hosts/kay/modules/sftp.nix @@ -0,0 +1,33 @@ +{ ... }: + +let + storage = "/hdd/users"; +in +{ + users = { + groups."sftp".members = []; + + users."nazer" = { + group = "sftp"; + shell = "/run/current-system/sw/bin/nologin"; + home = "${storage}/nazer"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICV09w9Ovk9wk4Bhn/06iOn+Ss8lK3AmQAl8+lXHRycu nazu@pc" + ]; + }; + }; + + services.openssh.extraConfig = '' + Match Group sftp + # chroot dir should be owned by root + # and sub dirs by %u + ChrootDirectory ${storage}/%u + ForceCommand internal-sftp + + PermitTunnel no + AllowAgentForwarding no + AllowTcpForwarding no + X11Forwarding no + ''; +} |