diff options
| author | sinanmohd <sinan@sinanmohd.com> | 2023-10-29 14:07:08 +0530 | 
|---|---|---|
| committer | sinanmohd <sinan@sinanmohd.com> | 2023-10-29 14:07:08 +0530 | 
| commit | 0f622efc5c46c988156b4d527b4b15489e27d197 (patch) | |
| tree | 46b2a1514683141cedfb7e0039ef82d0a586a66f /hosts/kay/modules | |
| parent | 220732df77e7533e77421df7c1d8195dc6d0cdae (diff) | |
kay/sftp: init
Diffstat (limited to 'hosts/kay/modules')
| -rw-r--r-- | hosts/kay/modules/sftp.nix | 33 | 
1 files changed, 33 insertions, 0 deletions
| diff --git a/hosts/kay/modules/sftp.nix b/hosts/kay/modules/sftp.nix new file mode 100644 index 0000000..e90f1f7 --- /dev/null +++ b/hosts/kay/modules/sftp.nix @@ -0,0 +1,33 @@ +{ ... }: + +let +  storage = "/hdd/users"; +in +{ +  users = { +    groups."sftp".members = []; + +    users."nazer" = { +      group = "sftp"; +      shell = "/run/current-system/sw/bin/nologin"; +      home = "${storage}/nazer"; +      isNormalUser = true; +      openssh.authorizedKeys.keys = [ +        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICV09w9Ovk9wk4Bhn/06iOn+Ss8lK3AmQAl8+lXHRycu nazu@pc" +      ]; +    }; +  }; + +  services.openssh.extraConfig  = '' +    Match Group sftp +    # chroot dir should be owned by root +    # and sub dirs by %u +    ChrootDirectory ${storage}/%u +    ForceCommand internal-sftp + +    PermitTunnel no +    AllowAgentForwarding no +    AllowTcpForwarding no +    X11Forwarding no +  ''; +} | 
