diff options
| author | sinanmohd <sinan@sinanmohd.com> | 2024-06-01 19:25:59 +0530 |
|---|---|---|
| committer | sinanmohd <sinan@sinanmohd.com> | 2024-06-01 19:26:13 +0530 |
| commit | 8febb2fad131dc1ff42a2c667b26b013d64c17b8 (patch) | |
| tree | cf33b3a20def6ab7836a037b5195cc617647fa9c /os/kay/modules/sshfwd.nix | |
| parent | 5c48d5ad41221dbfa186701ba40404bd2571c242 (diff) | |
repo: ./nixos -> ./os
Diffstat (limited to 'os/kay/modules/sshfwd.nix')
| -rw-r--r-- | os/kay/modules/sshfwd.nix | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/os/kay/modules/sshfwd.nix b/os/kay/modules/sshfwd.nix new file mode 100644 index 0000000..d70b893 --- /dev/null +++ b/os/kay/modules/sshfwd.nix @@ -0,0 +1,29 @@ +{ ... }: let + group = "sshfwd"; +in { + networking.firewall.allowedTCPPorts = [ 2222 ]; + + users = { + groups.${group}.members = []; + + users."lia" = { + inherit group; + isSystemUser = true; + + openssh.authorizedKeys.keys + = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAe7fJlh9L+9JSq0+hK7jNZjszmZqNXwzqcZ+zx0yJyU lia" ]; + }; + }; + + services.openssh.extraConfig = '' + Match Group ${group} + ForceCommand echo 'this account is only usable for remote forwarding' + PermitTunnel no + AllowAgentForwarding no + X11Forwarding no + + AllowTcpForwarding remote + GatewayPorts clientspecified + PermitListen *:2222 + ''; +} |