summaryrefslogtreecommitdiff
path: root/os/kay/modules/sftp.nix
diff options
context:
space:
mode:
authorsinanmohd <sinan@sinanmohd.com>2024-06-01 19:25:59 +0530
committersinanmohd <sinan@sinanmohd.com>2024-06-01 19:26:13 +0530
commit8febb2fad131dc1ff42a2c667b26b013d64c17b8 (patch)
treecf33b3a20def6ab7836a037b5195cc617647fa9c /os/kay/modules/sftp.nix
parent5c48d5ad41221dbfa186701ba40404bd2571c242 (diff)
repo: ./nixos -> ./os
Diffstat (limited to 'os/kay/modules/sftp.nix')
-rw-r--r--os/kay/modules/sftp.nix44
1 files changed, 44 insertions, 0 deletions
diff --git a/os/kay/modules/sftp.nix b/os/kay/modules/sftp.nix
new file mode 100644
index 0000000..bbe055e
--- /dev/null
+++ b/os/kay/modules/sftp.nix
@@ -0,0 +1,44 @@
+{ config, ... }:
+
+let
+ storage = "/hdd/users";
+ user = config.userdata.name;
+ pubKeys = config.users.users.${user}.openssh.authorizedKeys.keys;
+in
+{
+ users = {
+ groups."sftp".members = [];
+
+ users."sftp" = {
+ group = "sftp";
+ shell = "/run/current-system/sw/bin/nologin";
+ isNormalUser = true;
+ openssh.authorizedKeys.keys = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFmA1dyV+o9gfoxlbVG0Y+dn3lVqdFs5fMqfxyNc5/Lr sftp@cez"
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDCbgjAfyDNtLNyOS+sfLirYtfEAkGqV54LOwabpWkvf sftp@veu"
+ ] ++ pubKeys;
+ };
+
+ users."nazer" = {
+ group = "sftp";
+ shell = "/run/current-system/sw/bin/nologin";
+ isNormalUser = true;
+ openssh.authorizedKeys.keys = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICV09w9Ovk9wk4Bhn/06iOn+Ss8lK3AmQAl8+lXHRycu nazu@pc"
+ ];
+ };
+ };
+
+ services.openssh.extraConfig = ''
+ Match Group sftp
+ # chroot dir should be owned by root
+ # and sub dirs by %u
+ ChrootDirectory ${storage}/%u
+ ForceCommand internal-sftp
+
+ PermitTunnel no
+ AllowAgentForwarding no
+ AllowTcpForwarding no
+ X11Forwarding no
+ '';
+}