summaryrefslogtreecommitdiff
path: root/hosts/kay
diff options
context:
space:
mode:
authorsinanmohd <sinan@sinanmohd.com>2024-02-11 20:17:49 +0530
committersinanmohd <sinan@sinanmohd.com>2024-02-11 21:06:35 +0530
commit7bb35b9e407422312c171802c7f5e583f353ba28 (patch)
treedd78df8c598e97edf346f897f4580ab5155ac0c0 /hosts/kay
parent05c7f64bd12d56f3fc066f61fc01351acb0ddb7b (diff)
hosts/kay,lia/sshfwd: init
Diffstat (limited to 'hosts/kay')
-rw-r--r--hosts/kay/configuration.nix1
-rw-r--r--hosts/kay/modules/dns/sinanmohd.com.zone2
-rw-r--r--hosts/kay/modules/sshfwd.nix28
3 files changed, 30 insertions, 1 deletions
diff --git a/hosts/kay/configuration.nix b/hosts/kay/configuration.nix
index 97172d0..78385d1 100644
--- a/hosts/kay/configuration.nix
+++ b/hosts/kay/configuration.nix
@@ -8,6 +8,7 @@
./modules/sftp.nix
./modules/acme.nix
./modules/dns
+ ./modules/sshfwd.nix
../../common.nix
];
diff --git a/hosts/kay/modules/dns/sinanmohd.com.zone b/hosts/kay/modules/dns/sinanmohd.com.zone
index 2ea2925..05f7cef 100644
--- a/hosts/kay/modules/dns/sinanmohd.com.zone
+++ b/hosts/kay/modules/dns/sinanmohd.com.zone
@@ -2,7 +2,7 @@ $ORIGIN sinanmohd.com.
$TTL 2d
@ IN SOA ns1 sinan (
- 2024020800 ; serial
+ 2024020840 ; serial
2h ; refresh
5m ; retry
1d ; expire
diff --git a/hosts/kay/modules/sshfwd.nix b/hosts/kay/modules/sshfwd.nix
new file mode 100644
index 0000000..0f0d3c3
--- /dev/null
+++ b/hosts/kay/modules/sshfwd.nix
@@ -0,0 +1,28 @@
+{ ... }: let
+ group = "sshfwd";
+in {
+ networking.firewall.allowedTCPPorts = [ 2222 ];
+
+ users = {
+ groups.${group}.members = [];
+
+ users."lia" = {
+ inherit group;
+ isSystemUser = true;
+
+ openssh.authorizedKeys.keys
+ = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAe7fJlh9L+9JSq0+hK7jNZjszmZqNXwzqcZ+zx0yJyU lia" ];
+ };
+ };
+
+ services.openssh.extraConfig = ''
+ Match Group ${group}
+ ForceCommand echo 'this account is only usable for forwarding'
+ PermitTunnel no
+ AllowAgentForwarding no
+ X11Forwarding no
+
+ AllowTcpForwarding yes
+ GatewayPorts yes
+ '';
+}